iFaith: The Long-awaited SHSH Dumper # 1
Not so long ago, a young hacker iH8sn0w finally revealed the contents of his "secret project". It turned out to be iFaith - a new tool with which any iOS device user can lower the firmware without saved SHSH certificates!
As we know, starting with the iPhone 3GS, Apple has blocked the ability to roll back firmware to an earlier one. Much later, we received it, thanks to Cydia , TinyUmbrella or iSHSHit , which saved these certificates and in the future, if available, we could lower the firmware on our devices. But there were limitations. For example, if you buy an iPhone 5S with the latest firmware, and there is no jailbreak for it, then you will not be able to restore it to a lower firmware, for which a jailbreak exists.
Current version of iFaith
First off, I know how long I've been delaying this release. I originally promised to release this around Summer. Summer turned to JailbreakCon weekend. Followed by more future weekends. Well I'm finally happy to release this damn thing. : p
A5 (X) / A6 (X) Support?!: Devices equipped with the A5 (X) / A6 (X) processor do not currently have any known low level iBoot or DFU exploits to jump start the iFaith payload to initialize the dump and restore. Therefore, support to dump blobs for devices running these processors are not possible at this moment in time. (You can still fetch the latest blobs directly from apple though by clicking the "Show Available SHSH blobs on Server" button.)
A5 (X) / A6 (X) Downgrade?!: As far as downgrading on A5 (X) / A6 (X) devices goes ... There currently is no publicly known loophole to kick-start a downgrade. So at the moment there is NO public way of downgrading an A5 (X) / A6 (X) device. For A5 (X) devices that have 4.xx SHSH blobs cached or still running 5.xx, redsn0w can recycle the first apticket loophole and re-restore your device as long as you have the essential SHSH blobs.
This is where iFaith comes into play. If you bought any iOS device with a new firmware that is not yet crackable, then using the new tool from iH8sn0w, you can save SHSH certificates for the firmware version you need, roll back to it and jailbreak it in the future. Moreover, the program has the ability to sign any firmware version using saved SHSH!
And here is how to do it:
- Download and run the iFaith utility.
- If you still do not have a saved .iFaith file, then click Show Available SHSH Caches on Server to save shsh to your disk.
You can save only those SHSH that are on the server of Saurik.
However, you can extract SHSH from the firmware you are on by clicking on Dump SHSH Blobs .
The .iFaith file will be saved as follows:
- Format: ECID_iOS Version (Build Number) _cache.ifaith
- Example: 00000099BE1C4377_4.2.1 (8C148) _cache.ifaith
- Press the Main Menu button and click Build * signed * IPSW w / Blobs, then click Browse for SHSH Blobs cache and select the iFaith file obtained in the previous step.
More detailed instructions
Suppose you bought an iPhone or a touch, and there is firmware 4.1 or 4.2.1, which Apple has not signed for a long time.
Suppose you have some kind of problems with the device that only flashing can solve.
Restore firmware 4.1 or 4.2.1 without SHSH iTunes will not allow you, only the very latest.
Actually, iFaith comes to your aid here.
The utility supports the following devices: iPhone 3G [S], iPhone 4, iPod Touch 3G, iPod Touch 4, iPad 1G, Apple TV 2
1. Click OK.
2. Click the Dump SHSH Blobs button.
3. Click the "Proceed" button and then "Let's Go!"
4. Follow the instructions (turn off the phone, enter in DFU and wait. When the program reaches the “Save SHSH” item, select the location to save the .ifaith file).
5. Next, go to the main menu and click on the button "Build * signed * IPSW w / Blobs".
6. Click the “Browse for SHSH Blobs cache” button and select the .ifaith file you saved earlier.
7. Next, click “Browse for the iOS xxx IPSW” (if you have this axis on the hard) or Download it for me (actually if not, and to download it).
8. Click Build IPSW (follow further instructions) and save the resulting iOS
9. After that, re-enter the device into the DFU, if not entered. The iReb utility will start, which optimizes your device for firmware and allows you to bypass the errors that occur during custom firmware.
10. After that, launch iTunes and successfully flash using the received firmware (it will be located in the root folder where the exe iFaith file is located).
Consider an example with a firmware signature
We select the original firmware file (it should work on custom as well, but no one has tested it yet) in iFaith.
- Now wait while iFaith checks and collects the signed IPSW file. It will take 5-10 minutes.
- Once the program has completed its work, enter your device in DFU:
- Connect the device to the PC using a wire
- Turn off the device completely by long pressing the power button
- Press and hold Home + Power for about 10 seconds. After 10 seconds, release the power button, without releasing the Home button until Sn0wbreeze (built into the program) detects your device in DFU mode
- As soon as you see a confirmation window with the inscription " Your device is now in PWNED DFU ", launch iTunes, select your device in it and flash it with freshly made firmware via shift + restore.
It is important to note that iFaith only works with devices for which Geohot once found an exploit and used it in Limera1n, i.e. these are all the latest devices, with the exception of iPad 2. Also, the iPhone 3G and second-generation iPod Touch were excluded from the list, since these devices do not require SHSH certificates when lowering the firmware.
Currently, this tool is available only to Windows users, but iH8sn0w promises not to forget Mac users and within a few weeks to release a version of iFaith compatible with this operating system.