SHSH

From The iPhone Wiki
Revision as of 19:56, 28 October 2014 by Danzatt (talk | contribs) (Oh Britta)
Jump to: navigation, search

As the SHSH blob article on Wikipedia summarizes it: "SHSH blob is a jargon term for a small piece of data that is part of Apple's digital signature protocol for iOS restores and updates, designed to control the iOS versions that users can install on their iOS devices (iPhones, iPads, iPod touches, and Apple TVs), generally only allowing the newest iOS version to be installable. "

Technically, the SHSH of a firmware image is a 1024-bit (0x80 bytes) RSA signature. This often also refers to backup files with the signature ("SHSH blobs"). This signature is needed to restore a specific iOS version; it is generated by Apple based on hardware keys of the device and the hash of the firmware. Apple only issues signatures for the currently-available iOS version, which disallows installing older iOS versions. But if you have saved signatures for an older iOS version, you may be able to use a replay attack to restore that version. Therefore it is recommended to save the signature for your device as long as Apple issues it.

With the tools mentioned below it is possible to backup the signature. It is not necessary that the device is jailbroken to do the backup. Usually the SHSH signature file is stored on Saurik's server. If it is stored there, then you can see in the top of Cydia (on jailbroken devices) for which version a backup exists. This moved to TSS Center which can be located on the main page and then they are shown at the top of that.

Users often misunderstand this system and think that the SHSH firmware version they back up depends on the firmware version they have installed on their device. This is the case for iFaith, but not for TinyUmbrella. iFaith dumps the SHSHs from your device's storage (whatever's installed on your device, e.g. 4.3.3), while TinyUmbrella gets SHSHs from Apple's servers (whatever firmwares Apple is currently signing).

Using SHSH

Older devices allow installation of any correctly signed firmware, so no backup of the certificate is necessary. Devices that need Apple signatures are: iPhone 3GS (new Bootrom), iPhone 4, iPod touch 3G, iPad, iPad 2, iPod touch 4G, Apple TV 2G and all newer devices. The iPhone 3G, iPhone 3GS Old Bootrom and iPod touch 2G bootroms do not require these SHSHs; however, newer versions of iOS require them (unless the chain of trust is broken and custom firmwares are installed). To restore to arbitrary versions of iOS 4.0, the SHSH is also needed for the iPod touch 2G and iPhone 3G. not only does DFU Mode require the iBSS/iBEC files to be signed with an SHSH that includes the device's ECID, but the normal boot-chain requires the LLB to be fully signed with an ECID+SHSH, so a downgrade IPSW is not possible without a bootrom exploit of normal boot-chain (e.g. 0x24000 Segment Overflow). See also the Dev Team Blog post about this.

To restore to iOS 3.x or 4.x, change your hosts file to map any request to an Apple server to point to Saurik's server instead, if your device's signatures are hosted there. If you have the signature file on your computer, run TinyUmbrella's TSS Server on your local machine.

Since the limera1n Exploit is fixed in the bootrom since version Bootrom 838.3 and because iOS since 5.0 includes a nonce in their SHSH hashes, downgrading newer devices (iPhone 4S, iPad 2, iPad 3, Apple TV 3G) to earlier 5.x firmwares is not as simple. To restore to iOS 5.x on older devices, stitch iOS 5.x blobs into custom firmware (using redsn0w for example) and restore with that firmware. To restore to iOS 5.x on newer devices, use redsn0w's restore method. See the JailbreakQA guide to restoring to iOS 5.x using SHSH blobs (for all devices that can run iOS 5.x except Apple TV 3G).

Timeline

iOS For Device(s) From Until Status
3.0 iPhone 3GS 19 June 2009 09 September 2009 Closed
3.0.1 31 July 2009 09 September 2009 Closed
3.1 09 September 2009 08 October 2009 Closed
3.1.1 iPod touch 2G 09 September 2009 21 June 2010 Closed
iPod touch 3G 09 September 2009 08 October 2009 Closed
3.1.2 iPod touch 2G 08 October 2009 21 June 2010 Closed
iPhone 3GS, iPod touch 3G 08 October 2009 02 February 2010 Closed
3.1.3 iPhone 3GS, iPod touch 2G, iPod touch 3G 02 February 2010 21 June 2010 Closed
3.2 iPad 03 April 2010 15 July 2010 Closed
3.2.1 15 July 2010 19 August 2010 Closed
3.2.2 11 August 2010 02 December 2010 (?) Closed
4.0 iPod touch 2G 21 June 2010 09 September 2010 Closed
iPod touch 3G 21 June 2010 19 August 2010 Closed
iPhone 3G, iPhone 3GS 21 June 2010 15 July 2010 Closed
iPhone 4 (iPhone3,1) 24 June 2010 15 July 2010 Closed
4.0.1 iPhone 3G 15 July 2010 09 September 2010 Closed
iPhone 3GS, iPhone 4 (iPhone3,1) 15 July 2010 19 August 2010 Closed
4.0.2 iPhone 3G, iPod touch 2G 11 August 2010 18 September 2010 Closed
iPhone 3GS, iPhone 4 (iPhone3,1), iPod touch 3G 11 August 2010 09 September 2010 Closed
4.1 iPhone 3G, iPhone 3GS, iPod touch 2G, iPod touch 3G 08 September 2010 - Open
iPhone3,1, iPod touch 4G 08 September 2010 02 December 2010 (?) Closed
Template:Nowrap Apple TV 2G 29 September 2010 02 December 2010 (?) Closed
Template:Nowrap 22 November 2010 14 December 2010 Closed
4.2.1 iPad, iPhone 3GS, iPhone 4 (iPhone3,1), iPod touch 3G, iPod touch 4G 22 November 2010 11 March 2011 Closed
iPhone 3G, iPod touch 2G 22 November 2010 - Open
Template:Nowrap Apple TV 2G 14 December 2010 28 May 2011 (?) Closed
4.2.5 iPhone 4 (iPhone3,3) 11 January 2011 closed before product release Closed
4.2.6 01 February 2011 19 April 2011 (?) Closed
4.2.7 14 April 2011 6 May 2011 Closed
4.2.8 4 May 2011 18 July 2011 Closed
4.2.9 15 July 2011 27 July 2011 Closed
4.2.10 25 July 2011 18 October 2011 Closed
4.3 iPad, iPad 2, iPhone 3GS, iPhone 4 (iPhone3,1), iPod touch 3G, iPod touch 4G 09 March 2011 27 March 2011 (?) Closed
Template:Nowrap Apple TV 2G 09 March 2011 22 March 2011 (?) Closed
Template:Nowrap 22 March 2011 28 May 2011 (?) Closed
Template:Nowrap 11 May 2011 18 October 2011 (?) Closed
4.3 01 August 2011 ? Closed
4.3.1 iPad, iPad 2, iPhone 3GS, iPhone3,1, iPod touch 3G, iPod touch 4G 25 March 2011 19 April 2011 (?) Closed
4.3.2 14 April 2011 06 May 2011 Closed
4.3.3 04 May 2011 18 July 2011 Closed
4.3.4 15 July 2011 27 July 2011 Closed
4.3.5 25 July 2011 18 October 2011 Closed
4.4 Apple TV 2G 04 October 2011 ? Closed
4.4.1 17 October 2011 ? Closed
4.4.2 24 October 2011 11 January 2012(?) Closed
4.4.3 17 November 2011 11 January 2012(?) Closed
4.4.4 15 December 2011 08 March 2012 Closed
5.0 iPad, iPad 2, iPhone 3GS, iPhone 4, iPod touch 3G, iPod touch 4G 04 October 2011 10 November 2011(?) Closed
iPhone 4S 14 October 2011 10 November 2011(?) Closed
5.0 Apple TV 2G, Apple TV 3G (AppleTV3,1) 07 March 2012 14 May 2012 Closed
5.0.1 iPad, iPad 2, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 3G, iPod touch 4G 09 November 2011 08 March 2012 Closed
5.1 iPad, iPad 2, iPad 3, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 3G, iPod touch 4G 07 March 2012 14 May 2012 Closed
5.1.1 iPad 2, iPad 3, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 4G 07 May 2012 21 September 2012 Closed
iPad, iPod touch 3G 07 May 2012 - Open
5.0.1 Apple TV 2G, Apple TV 3G (AppleTV3,1) 10 May 2012 ?? June 2012 Closed
5.0.2 05 June 2012 20 March 2013 Closed
6.0 iPad 2, iPad 3, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 4G, iPod touch 5G 19 September 2012 01 November 2012 Closed
iPad 2, iPad 3, iPad mini 1G (iPad2,5), iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 4G, iPod touch 5G 26 July 2013 26 July 2013 Closed
5.1 Apple TV 2G, Apple TV 3G (AppleTV3,1) 24 September 2012 20 March 2013 Closed
6.0 iPad 4, iPad mini 1G 30 October 2012 01 November 2012 Closed
6.0.1 iPad 2, iPad 3, iPad 4, iPad mini 1G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 4G, iPod touch 5G 01 November 2012 28 January 2013 Closed
iPad 4, iPad mini 1G 09 November 2012 28 January 2013 Closed
iPad mini 1G 01 November 2012 08 January 2013 Closed
iPad 2, iPad 3, iPad 4 (iPad3,4), iPad mini 1G (iPad2,5), iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 4G, iPod touch 5G 26 July 2013 26 July 2013 Closed
5.1.1 Apple TV 2G, Apple TV 3G (AppleTV3,1) 26 November 2012 20 March 2013 Closed
6.0.2 iPad mini 1G, iPhone 5 18 December 2012 28 January 2013 Closed
iPad mini 1G (iPad2,5), iPhone 5 26 July 2013 26 July 2013 Closed
6.1 iPad 2, iPad 3, iPad 4, iPad mini 1G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 5G 28 January 2013 19 February 2013 Closed
iPad mini 1G (iPad2,6), iPod touch 4G 28 January 2013 20 March 2013 Closed
Template:Nowrap Apple TV 2G, Apple TV 3G 28 January 2013 20 March 2013 Closed
6.1.1 iPhone 4S 11 February 2013 19 February 2013 Closed
6.1.2 iPad 2, iPad 3, iPad 4, iPad mini 1G iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 4G 19 February 2013 19 March 2013 Closed
iPod touch 5G 19 February 2013 20 March 2013 Closed
6.1.3 iPad 2, iPad 3, iPad 4, iPad mini 1G (iPad2,5), iPad mini 1G (iPad2,7), iPhone 4, iPhone 4S, iPod touch 5G 19 March 2013 20 September 2013 Closed
iPhone 3GS 19 March 2013 21 February 2014 Closed
iPad mini 1G (iPad2,6) 19 March 2013 25 September 2013 Closed
Template:Nowrap Apple TV 2G, Apple TV 3G 19 March 2013 20 June 2013 Closed
6.1.3 iPhone 5 19 March 2013 02 May 2013 Closed
iPod touch 4G 19 March 2013 14 November 2013 Closed
6.1.4 iPhone 5 02 May 2013 20 September 2013 Closed
Template:Nowrap Apple TV 2G, Apple TV 3G (AppleTV3,1) 19 June 2013 - Open
Apple TV 3G (AppleTV3,2) 19 June 2013 21 September 2013 Closed
6.1.5 iPod touch 4 24 November 2013 21 February 2014 Closed
6.1.6 iPhone 3GS, iPod touch 4 24 November 2013 - Open
7.0 iPad 2, iPad 3, iPad 4, iPad mini 1G, iPhone 4, iPhone 4S, iPhone 5, iPod touch 5G 18 September 2013 07 October 2013 Closed
7.0.1 iPhone 5c, iPhone 5s 18 September 2013 07 October 2013 Closed
Template:Nowrap Apple TV 2G, Apple TV 3G 20 September 2013 24 September 2013 Closed
Template:Nowrap 24 September 2013 29 October 2013 Closed
7.0.2 iPad 2, iPad 3, iPad 4, iPad mini 1G (iPad2,6), iPad mini 1G (iPad2,7), iPhone 4, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5G 26 September 2013 29 October 2013 Closed
iPad mini 1G (iPad2,5) 26 September 2013 21 February 2014 Closed
7.0.3 iPad 2, iPad 3, iPad 4, iPad Air, iPad mini 1G, iPad mini 2, iPhone 4, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5G 22 October 2013 14 November 2013 Closed
Template:Nowrap Apple TV 2G, Apple TV 3G 24 October 2013 14 November 2013 Closed
7.0.4 iPad 2, iPad 3, iPad 4, iPad Air, iPad mini 1G, iPad mini 2, iPhone 4, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5G 14 November 2013 21 February 2014 Closed
Template:Nowrap Apple TV 2G, Apple TV 3G 14 November 2013 21 February 2014 Closed
7.0.5 iPhone 5c (iPhone5,4), iPhone 5s (iPhone6,2) 29 January 2014 21 February 2014 Closed
6.0.2 (7.0.6) Apple TV 2G, Apple TV 3G 21 February 2014 10 March 2014 Closed
7.0.6 iPad 2, iPad 3, iPad 4, iPad Air, iPad mini 1G, iPad mini 2, iPhone 4, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5G 21 February 2014 10 March 2014 Closed
6.1 (7.1) Apple TV 2G, Apple TV 3G 10 March 2014 30 April 2014 Closed
7.1 iPad 2, iPad 3, iPad 4, iPad Air, iPad mini 1G, iPad mini 2, iPhone 4, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5G 10 March 2014 30 April 2014 Closed
6.1.1 (7.1.1) Apple TV 2G, Apple TV 3G 22 April 2014 11 July 2014 Closed
7.1.1 iPad 2, iPad 3, iPad 4, iPad Air, iPad mini 1G, iPad mini 2, iPhone 4, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5G 22 April 2014 12 August 2014 Closed
6.2 (7.1.2) Apple TV 2G, Apple TV 3G 30 June 2014 26 September 2014 Closed
7.1.2 iPhone 4 30 June 2014 - Open
iPad 2, iPad 3, iPad 4, iPad Air, iPad mini 1G, iPad mini 2, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5G 30 June 2014 26 September 2014 Closed
6.2.1 (7.1.2) Apple TV 2G 17 September 2014 - Open
7.0 (8.0) Apple TV 3G 17 September 2014 - Open
8.0 iPad 2, iPad 3, iPad 4, iPad Air, iPad mini 1G, iPad mini 2, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPhone 6, iPhone 6 Plus, iPod touch 5G 17 September 2014 22 October 2014 Closed
8.0.1 24 September 2014 24 September 2014 Closed
8.0.2 25 September 2014 27 October 2014 Closed
8.1 iPad 2, iPad 3, iPad 4, iPad Air, iPad Air 2, iPad mini 1G, iPad mini 2, iPad mini 3, iPhone 4S, iPhone 5, iPhone 5c, iPhone 5s, iPhone 6, iPhone 6 Plus, iPod touch 5G 20 October 2014 - Open

Note: The original iPhone and iPod touch don't use SHSH Blobs

Protocol

To request a SHSH blob from Apple, a simple HTTP request can be made. For a full description, please see the separate article SHSH Protocol and Baseband SHSH Protocol.

Links and Tools

See Also