iFaith: the long-awaited SHSH dumper # 1
Not so long ago, the young hacker iH8sn0w finally revealed the content of his "secret project". They turned out to be the program iFaith - a new tool by which any user of the device on iOS can lower the firmware without saved SHSH certificates!
As we know, since the iPhone 3GS, Apple has blocked the ability to roll back the firmware to an earlier one. Much later, we received it, thanks to Cydia , TinyUmbrella or iSHSHit , which retained these certificates and in the future, if they were available, we could lower the firmware on their devices. But at the same time there were limitations. For example, if you buy an iPhone 5S with the latest firmware, and there is no jailbreaking for it, then you can not restore it to a lower firmware for which a jailbreak exists.
Current version of iFaith
First off, I know how long I've been delaying this release. I originally promised to release this around Summer. Summer turned to JailbreakCon weekend. Followed by more future weekends. Well I'm finally happy to release this damn thing. : p
A5 (X) / A6 (X) Support?!: Devices are equipped with the A5 (X) / A6 (X) processor. restore. Therefore, support to dump blobs for devices. (You can still fetch the latest blobs directly from the apple by clicking the "Show" SHSH blobs on Server "button.)
A5 (X) / A6 (X) Downgrade?!: As far as downgrading on A5 (X) / A6 (X) devices goes ... There currently is no publicly known loophole to kick-start a downgrade. A5 (X) / A6 (X) device. For A5 (X) devices that have 4.xx SHSH blobs cached or still running 5.xx, redsn0w can recycle the first apticket loophole and re-restore your device as long as you have the essential SHSH blobs.
This is where iFaith comes into play. If you bought an iOS device with a new firmware that can not be cracked yet, then with the help of a new tool from iH8sn0w, you can save SHSH certificates for the required firmware version, roll back to it and further jailbreak. Moreover, the program has the ability to sign any version of the firmware with the help of saved SHSH!
And here's how to do it:
- Download and run the iFaith utility.
- If you still do not have a saved .iFaith file, then click Show Available SHSH Caches on Server to save shsh to your drive.
Save can only those SHSH, which is on the server Saurika.
However, you can extract SHSH from the firmware on which you are by clicking on Dump SHSH Blobs .
The .iFaith file will be saved as follows:
- Format: ECID_iOS Version (Build Number) _cache.ifaith
- Example: 00000099BE1C4377_4.2.1 (8C148) _cache.ifaith
- Click the Main Menu button and click Build * signed * IPSW w / Blobs after clicking Browse for SHSH Blobs cache and select the iFaith file obtained in the previous step.
More detailed instructions
Suppose that you bought an iPhone or a touch, and there is a 4.1 or 4.2.1 firmware, which Apple has not signed for a long time.
Suppose you have any problems with the device, which can only solve the flashing.
To restore the firmware 4.1 or 4.2.1 without SHSH iTunes will not allow you, only for the latest.
Actually here iFaith comes to your aid.
The utility supports the following devices: iPhone 3G [S], iPhone 4, iPod Touch 3G, iPod Touch 4, iPad 1G, Apple TV 2
1. Click OK.
2. Click the Dump SHSH Blobs button.
3. Click the "Proceed" button, and then "Let's Go!".
4. Follow the instructions (turn off the phone, enter in DFU and wait.When the program reaches the "Save SHSH" item, select the location for saving the .ifaith file).
5. Then go to the main menu and click on the "Build * signed * IPSW w / Blobs" button.
6. Click the "Browse for SHSH Blobs cache" button and select the previously saved .ifaith file.
7. Then click "Browse for the iOS xxx IPSW" (if you have this axis on the hard disk) or Download it for me (actually if not, and to download it).
8. Build Build IPSW (follow the instructions) and save the resulting iOS
9. Then, re-enter the machine in the DFU, if not entered. The iReb utility will start, which optimizes your device for firmware and allows you to bypass the errors that occur when the custom firmware is installed.
10. After that, run iTunes and successfully flashing it with the help of the received firmware (it will be in the root folder where the exe file iFaith is located).
Let's consider an example with the signature of the firmware
We choose the original firmware file (it should work on custom, but so far no one has tested it) in iFaith.
- Now wait for iFaith to check and collect the signed IPSW file. This will take 5-10 minutes.
- Once the program has completed its work, enter your device in DFU:
- Connect the device to the PC using a wire
- Turn off the device completely by long pressing the power button
- Press and hold Home + Power for about 10 seconds. After 10 seconds, release the power button, while not releasing the Home button until Sn0wbreeze (built into the program) will not detect your device in DFU mode
- Once you see a confirmation window with the words " Your device is now in PWNED DFU ", start iTunes, select your device in it and flash it with freshly prepared firmware via shift + restore.
It is important to note that iFaith only works with devices for which Geohot at the time found an exploit and used it in Limera1n, i.e. these are all the latest devices, with the exception of the iPad 2. Also, the iPhone 3G and iPod Touch of the second generation were excluded from the list, since these devices do not require SHSH certificates when the firmware is lowered.
At the moment this tool is available only to Windows users, but iH8sn0w promises not to forget Mac users and within a few weeks to release iFaith version compatible with this operating system.