The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "SHSH"
(More infos about the shsh certificate and downgrade process) |
|||
Line 1: | Line 1: | ||
0x80 byte RSA signature of a firmware image. |
0x80 byte RSA signature of a firmware image. |
||
− | This often also refers to the backup file with the signature. This signature is needed to restore a specific firmware version. The signature is being created by Apple and is being generated based on some hardware keys of the device and the hash of the firmware. Using a [ |
+ | This often also refers to the backup file with the signature. This signature is needed to restore a specific firmware version. The signature is being created by Apple and is being generated based on some hardware keys of the device and the hash of the firmware. Using a [http://en.wikipedia.org/wiki/Replay_attack replay attack], with the saved signature old firmware can be restored, although Apple doesn't issue the signatures anymore and therefore disallows installing older firmware. Therefore it is recommended to save the signature for your device as long as Apple issues it. |
To downgrade the firmware, simply change your hosts file to map any request to an Apple server to point to [[Saurik]]'s server instead, if your certificate is there. If you have the file yourself, run TinyTSS on your local machine. |
To downgrade the firmware, simply change your hosts file to map any request to an Apple server to point to [[Saurik]]'s server instead, if your certificate is there. If you have the file yourself, run TinyTSS on your local machine. |
Revision as of 14:45, 15 July 2010
0x80 byte RSA signature of a firmware image.
This often also refers to the backup file with the signature. This signature is needed to restore a specific firmware version. The signature is being created by Apple and is being generated based on some hardware keys of the device and the hash of the firmware. Using a replay attack, with the saved signature old firmware can be restored, although Apple doesn't issue the signatures anymore and therefore disallows installing older firmware. Therefore it is recommended to save the signature for your device as long as Apple issues it.
To downgrade the firmware, simply change your hosts file to map any request to an Apple server to point to Saurik's server instead, if your certificate is there. If you have the file yourself, run TinyTSS on your local machine.
Not all devices have this check built in. Older devices allow installation of any correctly signed firmware, so no backup of the certificate is necessary. Devices that need Apple signatures are: iPhone 3G (?), iPhone 3GS, iPhone 4, iPod Touch 3rd generation, iPad and all newer devices.
With the tools mentioned below it is possible to backup the signature. It is not necessary that the device is jailbroken to do the backup. Usually the shsh signature file is stored on Saurik's server. If it is stored there, then you can see in Cydia (on jailbroken devices) for which version a backup exists.
Users usually make the mistake that (even if they understand all this) they think the shsh firmware version they backup depends on the firmware version they have installed on their device. It does NOT depend on the device which signature you can save - it only depends on which version Apple signs. And that depends on the date. For example in April 2010 you could only backup the certificate for firmware 3.1.3, even if you have still 3.1.1 installed on you phone. Here's a timeline:
- (announced for July 2010) firmware 4.1
- 21 June 2010 firmware 4.0
- 3 April 2010 firmware 3.2 (for iPad)
- 2 February 2010 firmware 3.1.3
- 8 October 2009 firmware 3.1.2
- (?) firmware 3.1.1
- 9 September 2009 3.1
- (?) firmware 3.0.1
- 17 June 2009 firmware 3.0
Links and Tools
- Umbrella/TinyTSS requires Java installed
- AutoSHSH tool Was in the menu there, but does not work since 4.0 anymore. Was a quick&easy tool for end-users.
- Detailed background info from Saurik