Difference between revisions of "Talk:SHSH"

From The iPhone Wiki
Jump to: navigation, search
(Order and first two entries.: new section)
m (link fixes)
 
(29 intermediate revisions by 8 users not shown)
Line 1: Line 1:
  +
{{Talk Archive}}
== iDevices affected ==
 
Just to make sure (I don't have these devices): The [[N82ap|iPhone 3G]] (even the newer MC model) and the [[N72ap|iPod Touch 2nd generation]] (also newer models) don't have shsh checks. (I'm not talking about the new "soft" check.) Can someone confirm this? I always thought these mentioned newer devices also have this certificate check in the [[Bootrom]] built-in. But as someone removed my listed 3G (with a question mark), I assume no [[N82ap|3G]] has this check. What is actually the difference between the old and the new [[Bootrom]] then? Maybe someone can explain how this certificate check works exactly and which software part is doing it. Thanks. -- [[User:Http|http]] 11:25, 20 July 2010 (UTC)
 
:There's definitely no SHSH checking in the [[N82ap|iPhone 3G]] bootrom. If I'm not mistaken, its bootrom can't even read IMG3 files.
 
 
:I'm pretty sure the iPod touch 2G bootrom ''does'' check SHSHs, but only the one supplied in the IPSW; its restore process doesn't require getting a new SHSH from Apple's server. --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 20:08, 20 July 2010 (UTC)
 
 
== Firmware 3.1(.1) ==
 
What's the difference between 3.1 and 3.1.1? Were both released at the same time? Or is 3.1 just a "short form" for 3.1.1? If yes, we should always write the full name. -- [[User:Http|http]] 21:58, 20 July 2010 (UTC)
 
:3.1 was released for iPhones, while 3.1.1 was released for iPod touches. Other than that (and the build numbers), they're basically the same thing. --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 23:25, 20 July 2010 (UTC)
 
 
== Apple still signing 4.0.1 -- conspiracy? ==
 
It seems very un-apple for them to continue signing this firmware. Does anyone have any technical reasons/guesses as to why they are doing this?
 
 
I think it's sort of a truce -- in fear of yet another security problem being exploited and requiring a 4.0.3, and possibly de-incentivize the search for exploits. Possibly even more far fetched is an experiment to see if there is a boost in sales of people trying to get jailbreakable devices. Anyone have ideas? [[User:Iemit737|Iemit737]] 17:50, 15 August 2010 (UTC)
 
 
:My guess is that because many users upgrade without thinking or saving shsh try to jailbreak at some point in time. Because very many users did a jailbreak by this simple page, Apple would create lots of unsatisfied users. After Antennagate having more unsatisfied users, or those returning their device just to try again wouldn't be good for Apple. Also, I think 4.1 will be released soon (less than a month probably), so they can close signing then. -- [[User:Http|http]] 18:56, 15 August 2010 (UTC)
 
 
Good point -- lots of first time jail breakers and possible device returns and otherwise angry people. It still seems very unorthodox for them, being the evil iEmpire and all. I can't wait to see what exploits will be uncovered in 4.1. [[User:Iemit737|Iemit737]] 20:43, 15 August 2010 (UTC)
 
 
:It seems like Apple continues signing for the previously-issued firmware if the update is of a hotfix nature. (Remember that 3.0.1 was a hotfix for an SMS character vulnerability, and Apple continued signing for both 3.0 and 3.0.1 until 3.1 came along.) The only reason I can think of is they probably rushed the fix out of the door without testing thoroughly, so perhaps their attitude is "we tested this but not rigorously, so feel free to downgrade if it botches something up?" --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 21:13, 15 August 2010 (UTC)
 
 
==4.1 - Apple signing now?==
 
I believe they are signing the 4.1 GM seed and it does not have expirations or [[UDID]] restrictions, and works with windows iTunes, no? Which means if the final ipsw is the same, they will have been signing it since September 1. Albeit the GM is still considered apple confidential... But at the same time they are surely signing some kind of 4.1 for foxconn to put on touch 4G's... [[User:Iemit737|Iemit737]] 19:39, 4 September 2010 (UTC)
 
 
:Yes, they are probably signing 4.1 already, but we cannot confirm that, as we don't have any ipt4 yet and d/l of 4.1 is not possible for any other device yet. That's why I've put the product release date as start date. Regarding GM and final: even if the code is the same, it's probably a different ipsw and therefore a different shsh required. I don't know how beta signing works in detail. -- [[User:Http|http]] 22:06, 4 September 2010 (UTC)
 
 
::They're signing 4.1 GM. Just make sure to backup your SHSHs. --[[User:desertsn0w|desertsn0w]] 22:48, 4 September 2010 (UTC)
 
 
== Soft-SHSH checks ==
 
Since iTunes 9.2 (I think) SHSH are checked for iPhones 3G also, but only through iTunes, not by the phone's [[bootrom]]. iTunes 9.2 (I think) was the version that was introduced together with iOS 4.0. But I have a report that iOS 3.1.3 can be installed with iTunes 10. I don't know what his hosts file looks like, but he cannot have SHSH backup on Cydia, because those were issued only since iOS 4.0 (correct?). Does this mean that iTunes checks SHSH only if firmware is >= 4.0? If yes, this would mean that you could downgrade a 3G to any pre-4.0 firmware without using redsn0w. -- [[User:Http|http]] 18:40, 19 October 2010 (UTC)
 
:These were introduced at the same time as [[iOS] 4.0. I believe they kernel checks they are present and valid. If i'm correct this may mean system's like [[PwnageTool]] can patch out the checks. --[[User:GreySyntax|GreySyntax]] 19:13, 19 October 2010 (UTC)
 
::So the new SHSH checks are done by the kernel since iOS 4.0! I always thought it was done by iTunes. Reading the blog of the [[iPhone Dev Team]] again seems to confirm that. Aha. -- [[User:Http|http]] 19:44, 19 October 2010 (UTC)
 
   
 
== iOS 4.2 SHSH for Apple TV ==
 
== iOS 4.2 SHSH for Apple TV ==
 
As I see iOS 4.2 for Apple TV is still signed. I could save the SHSH of my new Apple TV 2G and I can restore it without any SHSH blobs from Saurik or TinyUmbrella to iOS 4.2. {{unsigned|Christoph|9:05, January 7, 2011}}
 
As I see iOS 4.2 for Apple TV is still signed. I could save the SHSH of my new Apple TV 2G and I can restore it without any SHSH blobs from Saurik or TinyUmbrella to iOS 4.2. {{unsigned|Christoph|9:05, January 7, 2011}}
:Puzzling, maybe they are still signed, but Apple doesn't require them for restore... --[[User:Balloonhead66|Balloonhead66]] 23:18, 7 January 2011 (UTC)
+
:Puzzling, maybe they are still signed, but Apple doesn't require them for restore... --[[User:5urd|5urd]] 23:18, 7 January 2011 (UTC)
   
 
== 3.1.x for iPod touch 2G ==
 
== 3.1.x for iPod touch 2G ==
I need someone with an [[n72ap|iPod touch 2G]] ([[Bootrom 240.4|old bootrom]]) to verify this... I believe Apple actually introduced soft SHSH checks with iOS 3.1.1 for the iPod touch 2G. Further evidence includes my inability to restore to iOS 3.1.1 and 3.1.2 (unless I use SHSHs that I apparently saved, or a custom IPSW), and iTunes says it will verify the restore with Apple. I know that Apple was still signing iOS 3.1.1 and 3.1.2 when they released iOS 3.1.3, though. Is anyone able to back up my info? '''Do not respond with "No, Apple introduced the SHSH check with 4.0" unless you have tested this yourself.''' --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 01:55, 14 February 2011 (UTC)
+
I need someone with an [[N72AP|iPod touch 2G]] ([[Bootrom 240.4|old bootrom]]) to verify this... I believe Apple actually introduced soft SHSH checks with iOS 3.1.1 for the iPod touch 2G. Further evidence includes my inability to restore to iOS 3.1.1 and 3.1.2 (unless I use SHSHs that I apparently saved, or a custom IPSW), and iTunes says it will verify the restore with Apple. I know that Apple was still signing iOS 3.1.1 and 3.1.2 when they released iOS 3.1.3, though. Is anyone able to back up my info? '''Do not respond with "No, Apple introduced the SHSH check with 4.0" unless you have tested this yourself.''' --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 01:55, 14 February 2011 (UTC)
 
: I had thought there was something weird going on with this. I was guessing that iTunes phone'd home to Apple to see if the firmware was acceptable/current/safe before restoring it [provided the IPSW has the right tags to indicate it is a production firmware]. I think, but it is probably wrong, that when you point the your hosts file to Saurik he mimicks the response that the firmware is acceptable but does not actually give hashes for it. On the other hand I'm probably totally wrong because I remember tinyumbrella let you save hashes for 3.1.x. [[User:Iemit737|Iemit737]] 00:46, 15 February 2011 (UTC)
 
: I had thought there was something weird going on with this. I was guessing that iTunes phone'd home to Apple to see if the firmware was acceptable/current/safe before restoring it [provided the IPSW has the right tags to indicate it is a production firmware]. I think, but it is probably wrong, that when you point the your hosts file to Saurik he mimicks the response that the firmware is acceptable but does not actually give hashes for it. On the other hand I'm probably totally wrong because I remember tinyumbrella let you save hashes for 3.1.x. [[User:Iemit737|Iemit737]] 00:46, 15 February 2011 (UTC)
   
Line 47: Line 16:
 
Does it make sense to continue this list beyond iOS 4.x? Since 5.0 nonces are used, so the replay attack doesn't work anymore anyway. So why list the signing periods? We already have the release dates. -- [[User:Http|http]] 00:52, 25 October 2011 (MDT)
 
Does it make sense to continue this list beyond iOS 4.x? Since 5.0 nonces are used, so the replay attack doesn't work anymore anyway. So why list the signing periods? We already have the release dates. -- [[User:Http|http]] 00:52, 25 October 2011 (MDT)
 
:I think it's still good to show if 5.0 is still being signed or not; Apple might wind up taking a few days to stop signing it. --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 10:57, 25 October 2011 (MDT)
 
:I think it's still good to show if 5.0 is still being signed or not; Apple might wind up taking a few days to stop signing it. --[[User:Dialexio|<span style="color:#C20; font-weight:normal;">Dialexio</span>]] 10:57, 25 October 2011 (MDT)
:I think we should keep it. --[[User:Balloonhead66|Balloonhead66]] 13:59, 26 October 2011 (MDT)
+
:I think we should keep it. --[[User:5urd|5urd]] 13:59, 26 October 2011 (MDT)
   
 
Something totally different related to iOS 5+: Ok, nonces are used and we can't use the replay attack anymore. But why? If I understood that correctly, then the nonce is created in the bootrom. Then it goes all the way up into kernel, iTunes, Apple Server, signed SHSH and during the restore it will get compared again by the bootrom. If it doesn't match, no restore will be possible. If this is not in the bootrom, then we could simply patch it out by pwning the device. And as we have a bootrom exploit for all devices except the iPhone 4S and the iPad 2, we could even patch out this check - and even remove the requirement for valid SHSH at all. But why does this not work? Just not implemented yet? Or is the limerain exploit at such a stage where it's too late for patching this check? But at least we could patch the SHSH comparison if it would be in the kernel/iBoot/any later stage (with the nonce) and restore old 5.x versions with saved SHSH + known nonce. Any insider can clarify that? -- [[User:Http|http]] 14:39, 26 October 2011 (MDT)
 
Something totally different related to iOS 5+: Ok, nonces are used and we can't use the replay attack anymore. But why? If I understood that correctly, then the nonce is created in the bootrom. Then it goes all the way up into kernel, iTunes, Apple Server, signed SHSH and during the restore it will get compared again by the bootrom. If it doesn't match, no restore will be possible. If this is not in the bootrom, then we could simply patch it out by pwning the device. And as we have a bootrom exploit for all devices except the iPhone 4S and the iPad 2, we could even patch out this check - and even remove the requirement for valid SHSH at all. But why does this not work? Just not implemented yet? Or is the limerain exploit at such a stage where it's too late for patching this check? But at least we could patch the SHSH comparison if it would be in the kernel/iBoot/any later stage (with the nonce) and restore old 5.x versions with saved SHSH + known nonce. Any insider can clarify that? -- [[User:Http|http]] 14:39, 26 October 2011 (MDT)
   
  +
== Switch timeline list to reverse chronological order? ==
== Order and first two entries. ==
 
  +
I believe that most of the time when people look at this page, the information that they're interested in is the signing status of the latest iOS versions. To help them find what they're looking for more quickly, it seems to make sense to change this list to sort in reverse chronological order instead of chronological. What do people think? [[User:Britta|Britta]] ([[User talk:Britta|talk]]) 14:48, 21 November 2014 (UTC)
  +
:Agreed. --[[User:5urd|5urd]] ([[User talk:5urd|talk]]) 21:02, 21 November 2014 (UTC)
  +
::It took a lot of time but I've finally got around to doing this. It's now complete. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 12:42, 12 December 2016 (UTC)
  +
  +
== Apple Watch ==
  +
  +
So, the watch has been out for some time now. I assume it uses SHSH, but, according to [https://ipsw.me/watch ipsw.me], there is no signing status for OTA updates. Additionally, I'd like to know if the Apple Watch uses 1) blobs, 2) APTickets, or 3) both.
  +
  +
--[[User:Citrusui|Citrusui]] ([[User talk:Citrusui|talk]]) 18:23, 16 August 2015 (UTC)
  +
  +
== Apple TV ==
  +
  +
The Apple TV has its own version numbers that don't always line up with the actual version of iOS it's based on. Because of this, I'm thinking of separating the Apple TVs from the other devices. It would still be listed on this page, just separated into its own table. Thoughts? --[[User:Dialexio|Dialexio]] ([[User talk:Dialexio|talk]]) 22:41, 14 December 2015 (UTC)
  +
:I think that is a great idea. --[[User:IAdam1n|iAdam1n]] ([[User talk:IAdam1n|talk]]) 23:04, 14 December 2015 (UTC)
  +
  +
== 9.3.1 closed? ==
  +
  +
I tried to downgrade my iPhone SE and iPhone 5S(iPhone 6,2) to 9.3.1, but iTunes returns error 3194. It is not my computer's problem since I tried multiple times on other computers with other operating systems and same error. On the TSSstatus API page, it says that 9.3.1 is still being signed for all devices as of June 6th at 1:46 AM UTC Time. Can anyone confirm this?
   
  +
--[[User:Tp1194045441|Tp1194045441]] ([[User talk:Tp1194045441|talk]]) 01:47, 6 June 2016 (UTC)
I am thinking maybe we should delete the first two entries as why have unused? This is the same as any 1.x and 2.x. Also I am thinking maybe we can have a table like on [[jailbreak]]? I am fully willing to do this if I have the permission to do so. --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 22:04, 25 December 2012 (UTC)
 

Latest revision as of 14:33, 29 March 2017

Archives
 • 2010 • 2012 • 2013 •

iOS 4.2 SHSH for Apple TV

As I see iOS 4.2 for Apple TV is still signed. I could save the SHSH of my new Apple TV 2G and I can restore it without any SHSH blobs from Saurik or TinyUmbrella to iOS 4.2. --The preceding unsigned comment was added by Christoph (talk) 9:05, January 7, 2011. Please consult this page for more info on how to sign pages, and how to fix this.

Puzzling, maybe they are still signed, but Apple doesn't require them for restore... --5urd 23:18, 7 January 2011 (UTC)

3.1.x for iPod touch 2G

I need someone with an iPod touch 2G (old bootrom) to verify this... I believe Apple actually introduced soft SHSH checks with iOS 3.1.1 for the iPod touch 2G. Further evidence includes my inability to restore to iOS 3.1.1 and 3.1.2 (unless I use SHSHs that I apparently saved, or a custom IPSW), and iTunes says it will verify the restore with Apple. I know that Apple was still signing iOS 3.1.1 and 3.1.2 when they released iOS 3.1.3, though. Is anyone able to back up my info? Do not respond with "No, Apple introduced the SHSH check with 4.0" unless you have tested this yourself. --Dialexio 01:55, 14 February 2011 (UTC)

I had thought there was something weird going on with this. I was guessing that iTunes phone'd home to Apple to see if the firmware was acceptable/current/safe before restoring it [provided the IPSW has the right tags to indicate it is a production firmware]. I think, but it is probably wrong, that when you point the your hosts file to Saurik he mimicks the response that the firmware is acceptable but does not actually give hashes for it. On the other hand I'm probably totally wrong because I remember tinyumbrella let you save hashes for 3.1.x. Iemit737 00:46, 15 February 2011 (UTC)

Error 3194 on iPod Touch 2G

I am unable to get hashes for my friend's MC iPod Touch 2G. iTunes simply will not issue them. I have tried restore and I keep getting error 3194, any suggestions? Revolution 03:27, 26 May 2011 (UTC)

I thought it is clearly mentioned in the article that the ipt2g does not use SHSH blobs. This means you can install any possible iOS version. Error 3194 usually indicates missing SHSH, but could also be something else. This wiki cannot support user problems. Anyway: I would suggest to check if hosts file is clean, iTunes is newest version and iOS version is supported on device. Contact me on Twitter or ask jailbreakqa site for help if this doesn't solve your problem. --http 06:41, 26 May 2011 (UTC)

iOS 5+

Does it make sense to continue this list beyond iOS 4.x? Since 5.0 nonces are used, so the replay attack doesn't work anymore anyway. So why list the signing periods? We already have the release dates. -- http 00:52, 25 October 2011 (MDT)

I think it's still good to show if 5.0 is still being signed or not; Apple might wind up taking a few days to stop signing it. --Dialexio 10:57, 25 October 2011 (MDT)
I think we should keep it. --5urd 13:59, 26 October 2011 (MDT)

Something totally different related to iOS 5+: Ok, nonces are used and we can't use the replay attack anymore. But why? If I understood that correctly, then the nonce is created in the bootrom. Then it goes all the way up into kernel, iTunes, Apple Server, signed SHSH and during the restore it will get compared again by the bootrom. If it doesn't match, no restore will be possible. If this is not in the bootrom, then we could simply patch it out by pwning the device. And as we have a bootrom exploit for all devices except the iPhone 4S and the iPad 2, we could even patch out this check - and even remove the requirement for valid SHSH at all. But why does this not work? Just not implemented yet? Or is the limerain exploit at such a stage where it's too late for patching this check? But at least we could patch the SHSH comparison if it would be in the kernel/iBoot/any later stage (with the nonce) and restore old 5.x versions with saved SHSH + known nonce. Any insider can clarify that? -- http 14:39, 26 October 2011 (MDT)

Switch timeline list to reverse chronological order?

I believe that most of the time when people look at this page, the information that they're interested in is the signing status of the latest iOS versions. To help them find what they're looking for more quickly, it seems to make sense to change this list to sort in reverse chronological order instead of chronological. What do people think? Britta (talk) 14:48, 21 November 2014 (UTC)

Agreed. --5urd (talk) 21:02, 21 November 2014 (UTC)
It took a lot of time but I've finally got around to doing this. It's now complete. --iAdam1n (talk) 12:42, 12 December 2016 (UTC)

Apple Watch

So, the watch has been out for some time now. I assume it uses SHSH, but, according to ipsw.me, there is no signing status for OTA updates. Additionally, I'd like to know if the Apple Watch uses 1) blobs, 2) APTickets, or 3) both.

--Citrusui (talk) 18:23, 16 August 2015 (UTC)

Apple TV

The Apple TV has its own version numbers that don't always line up with the actual version of iOS it's based on. Because of this, I'm thinking of separating the Apple TVs from the other devices. It would still be listed on this page, just separated into its own table. Thoughts? --Dialexio (talk) 22:41, 14 December 2015 (UTC)

I think that is a great idea. --iAdam1n (talk) 23:04, 14 December 2015 (UTC)

9.3.1 closed?

I tried to downgrade my iPhone SE and iPhone 5S(iPhone 6,2) to 9.3.1, but iTunes returns error 3194. It is not my computer's problem since I tried multiple times on other computers with other operating systems and same error. On the TSSstatus API page, it says that 9.3.1 is still being signed for all devices as of June 6th at 1:46 AM UTC Time. Can anyone confirm this?

--Tp1194045441 (talk) 01:47, 6 June 2016 (UTC)