I am fairly new to iOS, but what exactly keeps someone from making a third party firmware upgrade/downgrade tool that doesn't look for shsh blobs? I cant seem to think of anything that would stop this from working, possibly requiring a custom Ipsw.
What keeps someone from making a third party program to load f/w?
- Thread starter Stayin100
- Start date
What keeps someone from making a third party program to load f/w?
- Thread starter Stayin100
- Start date
Jmills87
Well-Known Member
NotCom the guy who made TinyUmbrella, has supposedly been working on just such a program since January 2010, but nobody has ever heard anything more of it since, and since NotCom knows the inner workings of the iTunes restore process, I'm assuming it is much more difficult than we think if he has not figured it out yet.
jesterofdeath666
New Member
there is rumors going around that it is in the first leg of testing sinfuliphone has been following it for some time now and from my understanding its going to see the world about 3-5 months after ios 5 goes live
Wow. 3-5 months after IOS5 goes live? That's some deadline... 
SHSH Blobs are digital signatures created by sufficiently strong encryption techniques to make them secure and which are checked at the hardware level in all modern devices. Unless there is a flaw in the hardware which can be exploited, or you get access to the encryption key, bypassing SHSH checking is next to impossible AFAIK.
Not only that, but from IOS5, Apple are apparently upping the ante and introducing a NONCE component into the blobs meaning they can no longer be saved and replayed later using TU, Cydia or any other method. This is one of the things they do currently to help keep the baseband protected from downgrade.
So, once Apple stop signing a version of IOS5 there will be no way to ever restore that version on your device, even if you saved your blobs, because they can only be used once.
4.x blobs will continue to work of course, provided you have them saved
SHSH Blobs are digital signatures created by sufficiently strong encryption techniques to make them secure and which are checked at the hardware level in all modern devices. Unless there is a flaw in the hardware which can be exploited, or you get access to the encryption key, bypassing SHSH checking is next to impossible AFAIK.
Not only that, but from IOS5, Apple are apparently upping the ante and introducing a NONCE component into the blobs meaning they can no longer be saved and replayed later using TU, Cydia or any other method. This is one of the things they do currently to help keep the baseband protected from downgrade.
So, once Apple stop signing a version of IOS5 there will be no way to ever restore that version on your device, even if you saved your blobs, because they can only be used once.
4.x blobs will continue to work of course, provided you have them saved
Jmills87
Well-Known Member
I doubt it. First of all, NotCom is creating it and he would never let users of a piracy forum beta test it. It would be beta tested by the dev-team and other respected members of the community.
The last time anyone mentioned anything about it's progress was NotCom's blog post at the end of January.
Also @f4780y the idea behind this software is to make all of that irrelevant. By creating a 3rd party restore program, it will not rely on verifying SHSH blobs to downgrade, it will just let you freely upgrade and downgrade to whatever firmware you wish.
@jmills87 - I think you are misinterpreting Notcom's blog posts. Nowhere does he suggest he is developing anything which will bypass SHSH Blob checking. He specifically says he is looking to replace the iTunes restore process with his own application "TinyRestore" where "the plan is to allow the functionality that iTunes currently gives".
He also suggests the wants the application to do more than just install signed firmware (signed firmware includes valid SHSH Blobs for the avoidance of doubt). But I think you are incorrectly interpreting "more" if you think that means supporting unsigned firmware and bypassing SHSH Blobs.
He also suggests the wants the application to do more than just install signed firmware (signed firmware includes valid SHSH Blobs for the avoidance of doubt). But I think you are incorrectly interpreting "more" if you think that means supporting unsigned firmware and bypassing SHSH Blobs.
Jmills87
Well-Known Member
Exactly. What would the point of making a program(let alone spending months working on it) that does the exact same thing as iTunes be? I think it's pretty clear that his project plans to allow restores without the need of an SHSH blob. He says "signed firmware" but he never says anything about SHSH blobs, my thought is that his program, TinyRestore, will artificially "sign" the firmware meaning that you wouldn't need an official SHSH key from Apple to downgrade.
Also, on a later Twitter update that I can't locate, he said that it will "allow scriptable modification of the IPSW file via a custom API." That sounds like a lot more than just replicating the exact features of iTunes to me.
Last edited:
Having a program separate from iTunes which handles the restore of the firmware has many advantages to me as a jailbreaker. As a self proclaimed jailbreak expert I am amazed you can't see a single one 
Being able to restore any device from my laptop without the bloat of iTunes getting in the way is just one of many I can think of...
I agree. That sounds like more. It sounds like exactly what Notcom said he was doing. It does not sound like coming up with a solution to bypass Apples hardware based secure signature checks to me.
It's impossible to argue against a point of view that believes a signed firmware does not included SHSH Blobs since that is it's very definition. Take a look at iFaith where the terminology is quite clearly used. You extract and use your blobs to create a signed firmware. It's clearly laid out in the interface of the program.
Furthermore, Saurik's own page on Cydia caching of Apples Signature Server (the original resource on this subject) explains how it is the blobs which allow a firmware to be signed.
To suggest that things can be "artificially" signed without the Apple key just betrays the lack of understanding of the subject matter and the facts. Once again, on that basis we have to agree to differ, since those arguments are as robust as I can make them for the purpose of this argument. I guess on the day Notcom releases his signature bypassing technology you can point back to this thread and laugh at my ignorance of subject matter I have been immersed in the for the last 4 years...
Being able to restore any device from my laptop without the bloat of iTunes getting in the way is just one of many I can think of...Jmills87 said:
I agree. That sounds like more. It sounds like exactly what Notcom said he was doing. It does not sound like coming up with a solution to bypass Apples hardware based secure signature checks to me.
It's impossible to argue against a point of view that believes a signed firmware does not included SHSH Blobs since that is it's very definition. Take a look at iFaith where the terminology is quite clearly used. You extract and use your blobs to create a signed firmware. It's clearly laid out in the interface of the program.
Furthermore, Saurik's own page on Cydia caching of Apples Signature Server (the original resource on this subject) explains how it is the blobs which allow a firmware to be signed.
To suggest that things can be "artificially" signed without the Apple key just betrays the lack of understanding of the subject matter and the facts. Once again, on that basis we have to agree to differ, since those arguments are as robust as I can make them for the purpose of this argument. I guess on the day Notcom releases his signature bypassing technology you can point back to this thread and laugh at my ignorance of subject matter I have been immersed in the for the last 4 years...
Last edited:
Similar threads
- Locked
- Sticky
