Difference between revisions of "Talk:SHSH"

From The iPhone Wiki
Jump to: navigation, search
(iOS 4.2 SHSH for Apple TV: new section)
Line 35: Line 35:
 
:These were introduced at the same time as [[iOS] 4.0. I believe they kernel checks they are present and valid. If i'm correct this may mean system's like [[PwnageTool]] can patch out the checks. --[[User:GreySyntax|GreySyntax]] 19:13, 19 October 2010 (UTC)
 
:These were introduced at the same time as [[iOS] 4.0. I believe they kernel checks they are present and valid. If i'm correct this may mean system's like [[PwnageTool]] can patch out the checks. --[[User:GreySyntax|GreySyntax]] 19:13, 19 October 2010 (UTC)
 
::So the new SHSH checks are done by the kernel since iOS 4.0! I always thought it was done by iTunes. Reading the blog of the [[iPhone Dev Team]] again seems to confirm that. Aha. -- [[User:Http|http]] 19:44, 19 October 2010 (UTC)
 
::So the new SHSH checks are done by the kernel since iOS 4.0! I always thought it was done by iTunes. Reading the blog of the [[iPhone Dev Team]] again seems to confirm that. Aha. -- [[User:Http|http]] 19:44, 19 October 2010 (UTC)
  +
  +
== iOS 4.2 SHSH for Apple TV ==
  +
  +
As I see iOS 4.2 for Apple TV is still signed. I could save the SHSH of my new Apple TV 2G and I can restore it without any SHSH blobs from Saurik or TinyUmbrella to iOS 4.2.

Revision as of 16:05, 7 January 2011

iDevices affected

Just to make sure (I don't have these devices): The iPhone 3G (even the newer MC model) and the iPod Touch 2nd generation (also newer models) don't have shsh checks. (I'm not talking about the new "soft" check.) Can someone confirm this? I always thought these mentioned newer devices also have this certificate check in the Bootrom built-in. But as someone removed my listed 3G (with a question mark), I assume no 3G has this check. What is actually the difference between the old and the new Bootrom then? Maybe someone can explain how this certificate check works exactly and which software part is doing it. Thanks. -- http 11:25, 20 July 2010 (UTC)

There's definitely no SHSH checking in the iPhone 3G bootrom. If I'm not mistaken, its bootrom can't even read IMG3 files.
I'm pretty sure the iPod touch 2G bootrom does check SHSHs, but only the one supplied in the IPSW; its restore process doesn't require getting a new SHSH from Apple's server. --Dialexio 20:08, 20 July 2010 (UTC)

Firmware 3.1(.1)

What's the difference between 3.1 and 3.1.1? Were both released at the same time? Or is 3.1 just a "short form" for 3.1.1? If yes, we should always write the full name. -- http 21:58, 20 July 2010 (UTC)

3.1 was released for iPhones, while 3.1.1 was released for iPod touches. Other than that (and the build numbers), they're basically the same thing. --Dialexio 23:25, 20 July 2010 (UTC)

Apple still signing 4.0.1 -- conspiracy?

It seems very un-apple for them to continue signing this firmware. Does anyone have any technical reasons/guesses as to why they are doing this?

I think it's sort of a truce -- in fear of yet another security problem being exploited and requiring a 4.0.3, and possibly de-incentivize the search for exploits. Possibly even more far fetched is an experiment to see if there is a boost in sales of people trying to get jailbreakable devices. Anyone have ideas? Iemit737 17:50, 15 August 2010 (UTC)

My guess is that because many users upgrade without thinking or saving shsh try to jailbreak at some point in time. Because very many users did a jailbreak by this simple page, Apple would create lots of unsatisfied users. After Antennagate having more unsatisfied users, or those returning their device just to try again wouldn't be good for Apple. Also, I think 4.1 will be released soon (less than a month probably), so they can close signing then. -- http 18:56, 15 August 2010 (UTC)

Good point -- lots of first time jail breakers and possible device returns and otherwise angry people. It still seems very unorthodox for them, being the evil iEmpire and all. I can't wait to see what exploits will be uncovered in 4.1. Iemit737 20:43, 15 August 2010 (UTC)

It seems like Apple continues signing for the previously-issued firmware if the update is of a hotfix nature. (Remember that 3.0.1 was a hotfix for an SMS character vulnerability, and Apple continued signing for both 3.0 and 3.0.1 until 3.1 came along.) The only reason I can think of is they probably rushed the fix out of the door without testing thoroughly, so perhaps their attitude is "we tested this but not rigorously, so feel free to downgrade if it botches something up?" --Dialexio 21:13, 15 August 2010 (UTC)

4.1 - Apple signing now?

I believe they are signing the 4.1 GM seed and it does not have expirations or UDID restrictions, and works with windows iTunes, no? Which means if the final ipsw is the same, they will have been signing it since September 1. Albeit the GM is still considered apple confidential... But at the same time they are surely signing some kind of 4.1 for foxconn to put on touch 4G's... Iemit737 19:39, 4 September 2010 (UTC)

Yes, they are probably signing 4.1 already, but we cannot confirm that, as we don't have any ipt4 yet and d/l of 4.1 is not possible for any other device yet. That's why I've put the product release date as start date. Regarding GM and final: even if the code is the same, it's probably a different ipsw and therefore a different shsh required. I don't know how beta signing works in detail. -- http 22:06, 4 September 2010 (UTC)
They're signing 4.1 GM. Just make sure to backup your SHSHs. --desertsn0w 22:48, 4 September 2010 (UTC)

Soft-SHSH checks

Since iTunes 9.2 (I think) SHSH are checked for iPhones 3G also, but only through iTunes, not by the phone's bootrom. iTunes 9.2 (I think) was the version that was introduced together with iOS 4.0. But I have a report that iOS 3.1.3 can be installed with iTunes 10. I don't know what his hosts file looks like, but he cannot have SHSH backup on Cydia, because those were issued only since iOS 4.0 (correct?). Does this mean that iTunes checks SHSH only if firmware is >= 4.0? If yes, this would mean that you could downgrade a 3G to any pre-4.0 firmware without using redsn0w. -- http 18:40, 19 October 2010 (UTC)

These were introduced at the same time as [[iOS] 4.0. I believe they kernel checks they are present and valid. If i'm correct this may mean system's like PwnageTool can patch out the checks. --GreySyntax 19:13, 19 October 2010 (UTC)
So the new SHSH checks are done by the kernel since iOS 4.0! I always thought it was done by iTunes. Reading the blog of the iPhone Dev Team again seems to confirm that. Aha. -- http 19:44, 19 October 2010 (UTC)

iOS 4.2 SHSH for Apple TV

As I see iOS 4.2 for Apple TV is still signed. I could save the SHSH of my new Apple TV 2G and I can restore it without any SHSH blobs from Saurik or TinyUmbrella to iOS 4.2.