Bluefreeze

Bluefreeze is a tethered downgrade solution by a group called the Private Dev Team. It allows the downgrade of an device to iOS 4.3, 4.3.5, or 5.0 from 5.0.1 without SHSH blobs saved via TinyUmbrella or iFaith. iDevices that are supported are iPhone 3GS, iPod touch 3G, and all A4 devices.

Download

• Windows

Explanation

• Step 1: Use iFaith to make an ios 5.0.1 shsh blob
• Step 2: Open the iFaith shsh blob (all done in Bluefreeze) and change md5 and ios version to proper ones. (for example, if downgrading to ios 5.0 on an iPod Touch 3G from ios 5.0.1, the following modifications will be made)

Original: <?xml version="1.0" encoding="utf-8"?> <iFaith> <name start="here"> <revision>1.4</revision> <ios>5.0.1 (9A405)</ios> <model>iPod Touch 3G</model> <board>n18ap</board> lot's of lines of code later... <cert>0x1</cert> <md5>b7bbd2e410af8d6386f46c26e328f95c</md5> <ipsw_md5>c13c14abcde18bbdb7d70c8563f56ac1</ipsw_md5> </name> </iFaith>

Modified: <?xml version="1.0" encoding="utf-8"?> <iFaith> <name start="here"> <revision>1.4</revision> <ios>5.0 (9A433)</ios> <model>iPod Touch 3G</model> <board>n18ap</board> lot's of lines of code later... Same as above, nothing modified here <cert>0x1</cert> <md5>b7bbd2e410af8d6386f46c26e328f95c</md5> <ipsw_md5>989b8327acab76e7632443a0e179250c</ipsw_md5> </name> </iFaith>

• Step 3: Save the modified shsh blob, and use said shsh blob to build a ios 5.0 custom firmware. Even though the firmware has fake shsh blobs on it, iTunes will still accept it. (iREB will be used to bypass error 16XX)
• Step 4: Since there are no shsh blobs present the device will boot up into DFU mode. A bootrom exploit, known as Limera1n, will be used to bypass Apple's blob checker per se. (Tool used: redsn0w)
• Step 5: Device will boot up, and one will have a tethered downgrade.

External Links

• GitHub
• Guide