As the SHSH blob article on Wikipedia summarizes it: "SHSH blob is a jargon term for a small piece of data that is part of Apple's digital signature protocol for iOS restores and updates, designed to control the iOS versions that users can install on their iOS devices (iPhones, iPads, iPod touches, and Apple TVs), generally only allowing the newest iOS version to be installable. "
Technically, the SHSH of a firmware image is a 1024-bit (
0x80 bytes) RSA signature. This often also refers to backup files with the signature ("SHSH blobs"). This signature is needed to restore a specific iOS version; it is generated by Apple based on hardware keys of the device and the hash of the firmware. Apple only issues signatures for the currently-available iOS version, which disallows installing older iOS versions. But if you have saved signatures for an older iOS version, you may be able to use a replay attack to restore that version. Therefore it is recommended to save the signature for your device as long as Apple issues it.
With the tools mentioned below it is possible to backup the signature. It is not necessary that the device is jailbroken to do the backup. Usually the SHSH signature file is stored on Saurik's server. If it is stored there, then you can see in the top of Cydia (on jailbroken devices) for which version a backup exists. This moved to TSS Center which can be located on the main page and then they are shown at the top of that.
Users often misunderstand this system and think that the SHSH firmware version they back up depends on the firmware version they have installed on their device. This is the case for iFaith, but not for TinyUmbrella. iFaith dumps the SHSHs from your device's storage (whatever's installed on your device, e.g. 4.3.3), while TinyUmbrella gets SHSHs from Apple's servers (whatever firmwares Apple is currently signing).
Older devices allow installation of any correctly signed firmware, so no backup of the certificate is necessary. Devices that need Apple signatures are: iPhone 3GS (new Bootrom), iPhone 4, iPod touch 3G, iPad, iPad 2, iPod touch 4G, Apple TV 2G and all newer devices. The iPhone 3G, iPhone 3GS Old Bootrom and iPod touch 2G bootroms do not require these SHSHs; however, newer versions of iOS require them (unless the chain of trust is broken and custom firmwares are installed). To restore to arbitrary versions of iOS 4.0, the SHSH is also needed for the iPod touch 2G and iPhone 3G. not only does DFU Mode require the iBSS/iBEC files to be signed with an SHSH that includes the device's ECID, but the normal boot-chain requires the LLB to be fully signed with an ECID+SHSH, so a downgrade IPSW is not possible without a bootrom exploit of normal boot-chain (e.g. 0x24000 Segment Overflow). See also the Dev Team Blog post about this.
To restore to iOS 3.x or 4.x, change your hosts file to map any request to an Apple server to point to saurik's server instead, if your device's signatures are hosted there. If you have the signature file on your computer, run TinyUmbrella's TSS Server on your local machine.
Since the limera1n Exploit is fixed in the bootrom since version Bootrom 838.3 and because iOS since 5.0 includes a nonce in their SHSH hashes, downgrading newer devices (iPhone 4S, iPad 2, iPad 3, Apple TV 3G) to earlier 5.x firmwares is not as simple. To restore to iOS 5.x on older devices, stitch iOS 5.x blobs into custom firmware (using redsn0w for example) and restore with that firmware. To restore to iOS 5.x on newer devices, use redsn0w's restore method. See the JailbreakQA guide to restoring to iOS 5.x using SHSH blobs (for all devices that can run iOS 5.x except Apple TV 3G).
|Marketing Version||OS Version||For Device(s)||From||Until||Status|
|4.0||4.1||Apple TV 2G||29 Sep 2010||2 Dec 2010 (?)||Closed|
|4.1||4.2||22 Nov 2010||14 Dec 2010||Closed|
|4.1.1||4.2.1||14 Dec 2010||28 May 2011 (?)||Closed|
|4.2||4.3||9 Mar 2011||22 Mar 2011 (?)||Closed|
|4.2.1||22 Mar 2011||28 May 2011 (?)||Closed|
|4.2.2||11 May 2011||18 Oct 2011 (?)||Closed|
|4.3||9 Mar 2011||?||Closed|
|4.4||5.0||4 Oct 2011||?||Closed|
|4.4.1||17 Oct 2011||?||Closed|
|4.4.2||24 Oct 2011||11 Jan 2012(?)||Closed|
|4.4.3||5.0.1||17 Nov 2011||11 Jan 2012(?)||Closed|
|4.4.4||15 Dec 2011||8 Mar 2012||Closed|
|5.0||5.1||Apple TV 2G, Apple TV 3G (AppleTV3,1)||7 Mar 2012||14 May 2012||Closed|
|5.0.1||5.1.1||10 May 2012||Jul 2012 (day unknown)||Closed|
|5.0.2||5 Jun 2012||20 Mar 2013||Closed|
|5.1||6.0||24 Sep 2012||20 Mar 2013||Closed|
|5.1.1||6.0.1||26 Nov 2012||20 Mar 2013||Closed|
|5.2||6.1||Apple TV 2G, Apple TV 3G||28 Jan 2013||20 Mar 2013||Closed|
|5.2.1||6.1.3||19 Mar 2013||20 Jun 2013||Closed|
|5.3||6.1.4||Apple TV 2G, Apple TV 3G (AppleTV3,1)||19 Jun 2013||-||Open|
|Apple TV 3G (AppleTV3,2)||19 Jun 2013||21 Sep 2013||Closed|
|6.0||7.0.1||Apple TV 2G, Apple TV 3G||20 Sep 2013||24 Sep 2013||Closed|
|7.0.2||24 Sep 2013||29 Oct 2013||Closed|
|6.0.1||7.0.3||24 Oct 2013||14 Nov 2013||Closed|
|6.0.2||7.0.4||14 Nov 2013||21 Feb 2014||Closed|
|7.0.6||21 Feb 2014||10 Mar 2014||Closed|
|6.1||7.1||10 Mar 2014||30 Apr 2014||Closed|
|6.1.1||7.1.1||22 Apr 2014||11 Jul 2014||Closed|
|6.2||7.1.2||30 Jun 2014||26 Sep 2014||Closed|
|6.2.1||Apple TV 2G||17 Sep 2014||-||Open|
|7.0||8.0||Apple TV 3G||17 Sep 2014||22 Oct 2014||Closed|
|7.0.1||8.1||20 Oct 2014||1 Dec 2014||Closed|
|7.0.2||8.1.1||17 Nov 2014||1 Apr 2015||Closed|
|7.0.3||8.1.3||27 Jan 2015||23 Mar 2015||Closed|
|7.1||8.2||9 Mar 2015||4 May 2015||Closed|
|7.2||8.3||8 Apr 2015||7 Apr 2016||Closed|
|7.2.1||8.4.1||25 Feb 2016||-||Open|
|N/A||9.0||Apple TV 4G||29 Oct 2015||14 Dec 2015||Closed|
|9.0.1||9 Nov 2015||21 Dec 2015||Closed|
|9.1||8 Dec 2015||4 Feb 2016||Closed|
|9.1.1||25 Jan 2016||5 Apr 2016||Closed|
|9.2||21 Mar 2016||-||Open|
|9.2.1||16 May 2016||-||Open|