iFaith: long-awaited SHSH dumper # 1
Not so long ago, a young hacker iH8sn0w finally revealed the contents of his “secret project”. It turned out to be the iFaith program - a new tool with which any user of an iOS device can downgrade the firmware without saved SHSH certificates!
As we know, starting with the iPhone 3GS, Apple has blocked the ability to roll back the firmware to an earlier one. Much later, we received it, thanks to Cydia , TinyUmbrella or iSHSHit , which kept these certificates and later, if they were available, we could lower the firmware on our devices. But there were also limitations. For example, if you buy an iPhone 5S with the latest firmware, and there is no jailbreak for it, then you will not be able to restore it to a lower firmware, for which the jailbreak exists.
Current version of iFaith
First off, I know how to delay this release. I originally promised to release this around Summer. Summer turned to JailbreakCon weekend. Followed by more future weekends. Well I'm finally happy to release this damn thing. : p
A5 (X) / A6 (X) Support?!: IBoot or DFU restore. Therefore, it is not possible to support support for dumping devices for this moment in time. (You can still see the "Show Available SHSH blobs on Server" button.)
A5 (X) / A6 (X) Downgrade?!: As far as the downgrading on the A5 (X) / A6 (X) devices goes ... There is NO way to downgrading an A5 (X) / A6 (X) device. For A5 (X) devices, SHSH blobs cached or still running 5.xx, redsn0w for SHSH blobs.
This is where iFaith comes into play. If you have purchased any iOS device with a new firmware that is not yet cracked, then with the help of iH8sn0w, you can save SHSH certificates for the firmware version you need, roll back and jailbreak it later. Moreover, the program has the ability to sign any firmware version using saved SHSH!
And how to do it:
- Download and run the iFaith utility.
- If you still don't have a saved .iFaith file, then click Show Available SHSH Caches on Server to save shsh to your disk.
You can save only those SHSH, which are on the server Saurik.
However, you can remove SHSH from the firmware you are on by clicking on Dump SHSH Blobs .
The .iFaith file will be saved as follows:
- Format: ECID_iOS Version (Build Number) _cache.ifaith
- Example: 00000099BE1C4377_4.2.1 (8C148) _cache.ifaith
- Click the Main Menu button and click Build * signed * IPSW w / Blobs then click Browse for SHSH Blobs cache and select the iFaith file obtained in the previous step.
More detailed instructions
Suppose you bought an iPhone or a touch, and there is firmware 4.1 or 4.2.1, which Apple hasn't signed for a long time.
Suppose you have any problems with the device that only a flashing can solve.
Recover firmware 4.1 or 4.2.1 without SHSH iTunes will not allow you, only to the latest.
Actually here comes iFaith to help you.
The utility supports the following devices: iPhone 3G [S], iPhone 4, iPod Touch 3G, iPod Touch 4, iPad 1G, Apple TV 2
1. Click OK.
2. Click the “Dump SHSH Blobs” button.
3. Click the "Proceed" button and then "Let's Go!"
4. Follow the instructions (turn off the phone, enter into the DFU and wait. When the program reaches the “Save SHSH” option, choose a place to save the .ifaith file).
5. Next, go to the main menu and click on the "Build * signed * IPSW w / Blobs" button.
6. Click the “Browse for SHSH Blobs cache” button and select the previously saved .ifaith file.
7. Then click “Browse for the iOS xxx IPSW” (if you have this axis on hard drive) or Download it for me (actually if not and to download it).
8. Click Build IPSW (follow further instructions) and save the resulting iOS
9. After that, enter the device again in the DFU, if not entered. The iReb utility will be launched, which will optimize your device for firmware and allow you to bypass errors that occur when flashing with custom.
10. After that, run iTunes and successfully flash it using the firmware you received (it will be located in the root folder where the iFaith file is located).
Consider an example with the signature of the firmware
Select the original firmware file (it should work on the custom, but so far no one has checked) in iFaith.
- Now wait while iFaith checks and collects the signed IPSW file. It will take 5-10 minutes.
- Once the program has completed its work, enter your device in the DFU:
- Connect the device to the PC using a wire
- Turn off the device completely by long pressing the power button
- Press and hold Home + Power for about 10 seconds. After 10 seconds, release the power button, while not releasing the Home button until Sn0wbreeze (built into the program) detects your device in DFU mode
- As soon as you see the confirmation window with the inscription " Your device is now in PWNED DFU ", start iTunes, select your device in it and flash it with a freshly made firmware via shift + restore.
It is important to note that iFaith works only with those devices for which at one time Geohot found an exploit and used it in Limera1n, i.e. These are all the latest devices, with the exception of the iPad 2. Also, the second generation iPhone 3G and iPod Touch were excluded from the list, as these devices do not require SHSH certificates when the firmware is lowered.
At the moment, this tool is only available for Windows users, but iH8sn0w promises not to forget Mac users and within a few weeks to release a version of iFaith compatible with this operating system.