1. Due to the recent site upgrade, the iPadForums (iPF) App will no longer work. The new iPadForums.net website has been designed from the ground up to work perfectly from any mobile, tablet, or desktop computer using the built in internet browser. Create a shortcut to iPadForums.net on your home screen by following these steps: Create an icon for iPadForums.net

IOS5 SHSH Blobs on Cydia

Discussion in 'iPad Hacking' started by tron, Oct 30, 2011.

  1. tron
    Offline

    tron iPF Novice

    Joined:
    Jun 17, 2011
    Messages:
    42
    Thanks Received:
    0
    Trophy Points:
    6
    Ratings:
    +0 / 0
    Hi guys

    For what it's worth, I have saved my Ios5 SHSH blobs using iSH****.

    Just noted that the iOS 5 SHSH do not appear on the Cydia home screen like the previous firmwares up to 4.3.5

    Any reason for this omission?

    Ps I have noted this on Cydia on my 3GS iPhone , iPod touch 4G and iPad 2.

    Sent from my iPad using iPF
  2. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    iOS 5 no longer uses a SHSH system to do upgrades. So every time a new software version comes out, if you upgrade, you are stuck.
    Unless the dev team can crack the new system and figure it out.

    But I think you can have blobs for the initial iOS 5 software, just not the next versions. I think.
    F4780y will come correct me in just a bit.
  3. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    Almost graywolf ;)

    SHSH Blobs are still being used in IOS5, it's just that Apple have improved their security by including a "nonce" component (Cryptographic nonce - Wikipedia, the free encyclopedia) which is the same mechanism they have been using for baseband signing for a while. It's the reason you can't downgrade the baseband on the iPhone or 3G iPads. In theory, this means you will never be able to downgrade to a previous version of 5.x once updates start to appear. Once you upgrade you can never downgrade (assuming the singing window for the previous version has been closed). This will make jailbreaking 5.x devices VERY INTERESTING, particularly the iPhone4S and iPad2. If you mess up your jailbreak with a bad app (or whatever), you will likely lose your jailbreak for a while because you will be forced to restore to the latest version (which should have all known jailbreak holes patched), and have to wait until the a new userland exploit is found to allow it to be jailbroken. We have enjoyed years of being in control of our jailbroken devices, but this next phase will require diligence and patience on our part. If you aren't careful about what you are installing (or deleting with iFile!) you could be out in the cold for a very long time, like anyone who recently messed up their iPad2 3G 4.3.3. jailbreak will understand...

    So to get back on topic, whilst you can save your blobs for IOS5, the nonce component renders them useless for replaying at a later date. So, there really is no point in saving them any more. It's not clear whether Saurik has stopped saving them on Cydia now, or whether he will carry on, but personally I just don't see the point. The security is unlikely ever to be cracked as it uses sufficiently strong encryption, so we would need to find another way.

    Your 4.x and 3.x saved blobs can still be kept as they will continue to work, but of course the older and older they get, the less likely it is that you will want the ability to restore the old firmwares they relate to.
    • Like Like x 1
  4. SweetPoison
    Offline

    SweetPoison iPad Legend

    Joined:
    Jun 20, 2010
    Messages:
    14,940
    Thanks Received:
    132
    Trophy Points:
    0
    Location:
    Sacramento, California
    Ratings:
    +132 / 0
    You are so smart and knowledgeable, Leigh. Do you study this stuff in your sleep?
  5. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    Yes, I dream of jailbreaking :)
  6. tron
    Offline

    tron iPF Novice

    Joined:
    Jun 17, 2011
    Messages:
    42
    Thanks Received:
    0
    Trophy Points:
    6
    Ratings:
    +0 / 0
    Well, Leigh, as long as those dreams become reality...go ahead and dream on !

    Sent from my iPad using iPF
  7. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    So, beyond all the gawking at Leigh, :)
    In theory, to downgrade to a previous version, a modification would have to be made to iTunes and you would still have to use some modified version of like iReb to trick the iPad into taking any version, like a custom FW.
    But this would only apply to Limera1n devices if a bootrom hack can't be found.
  8. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    No. A custom firmware still relies on shsh blobs. There is no way round that. It's a much more complicated issue, and no iTunes or iReb mod would fix it. If it was a problem which could be solved in such a way then the issue of baseband downgrades would have been solved a long time ago...
    Last edited: Oct 31, 2011
  9. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    So even if someone found a way to completely disable the shsh check of iTunes, you still couldn't load an earlier version?
  10. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    ITunes is just the middle-man. The check is cooked into both the firmware and the device (at the hardware level).
  11. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    So, could there be a modification to something like iReb that will leave the iPad unable to control what is loaded onto it?
    That sounds possible...
  12. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    I don't see how...
  13. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    iReb leaves the iPad in a state where it can't tell the difference of a custom FW. So, in theory, a more powerful iReb could leave the iPad in a state of complete apathy, causing it to accept any FW version.

    The hard part though, then, would be to get iTunes to activate it on versions where you don't have blobs...
  14. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    Nope. I still think you think that iTunes does a lot more than it does. It does almost nothing. It's a middle-man as I said before. If it was possible, after 4 years, we would have something that did this already. You have no idea how much motivation there is to be able to downgrade the baseband on an iPhone and we are not able to do that.

    Think of the iPad like a nightclub. To get in, first you need to get through the outer door to get into the foyer. Then you need to get out of the foyer and through the main doors into the club. The outer doors are protected by a doorman. The inner doors are protected by an automated ticket scanner.

    iReb is really good at distracting the doorman outside the club because he's fallible (he has a bug in his bootrom), but iReb cant do anything about the ticket scanner inside because the machine is inside the club and no matter how much iReb tries to distract it, it simply has no effect.

    That's the reason SHSH Blob security can't be broken. It's really easy to load a custom firmware (fooling the doorman), but even a custom firmware needs valid SHSH Blobs (a ticket to get in). No matter how sophisticated you make iReb (or any piece of software on the PC) it CANNOT change the hardware inside which checks the ticket, and it's not like the bootrom which contains bugs, so there is no way to pwn it.

    The only way we should ever get past the ticket scanner is if someone discovers Apple's private encryption key. This is pretty unlikely as it is never broadcast anywhere for us to see...

    That's probably a totally over simplified way to look at it, and there are probably more holes in that analogy than there are in IOS5, but it gets my point across. pwning the iBoot process is not enough to defeat the signature checking, no matter how sophisticated you make the program.

    Another way to look at it is like saying you intend to defeat a servers SSL encryption by modifying your copy of Internet Explorer. Although Internet Explorer is involved in a secure server transaction, you can't just defeat it by changing it to your will... Security just doesn't work like that. If it did, we'd all be losing all our money every time we made an internet purchase...
    Last edited: Nov 2, 2011
  15. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
  16. dnineseven
    Offline

    dnineseven iPF Noob

    Joined:
    Nov 6, 2011
    Messages:
    2
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    Hong Kong
    Ratings:
    +0 / 0
    I think I have a BIG problem. Sorry this is so long :(

    I have an iPhone 4, originally came with 4.3.5. I've been using the Gevey sim card (which has worked perfectly). Because of this method, I never had to jailbreak my phone originally. But I accidentally updated to 5.0 and my Gevey card is not working anymore (i think because its now on the 04.11.08 baseband; i read several places that you cannot unlock with gevey sim or ultrasn0w but wasnt sure whether there were other options).

    Because I was using the Gevey card, I never bothered to jailbreak my iPhone and never saved my SHSH from 4.3.5. I figure it has something to do with not having the SHSH. Is there any way to get the SHSH's that I might be missing? Is there any way to get these files (4.3.5??) from someone?????

    In the mean time, I've been working to downgrade from 5.0 to 4.3.5. Is this possible without the SHSH's (from what I've read, doesn't sound like it)

    HELP Leigh!!!!
  17. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    Sorry, it's bad news. You now have a baseband which cannot be unlocked and cannot be downgraded. There are zero options for you to use the phone unlocked now. :(
  18. dnineseven
    Offline

    dnineseven iPF Noob

    Joined:
    Nov 6, 2011
    Messages:
    2
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    Hong Kong
    Ratings:
    +0 / 0
    thank you so much for the response. thatll save me alot of time and effort i guess.... :\ I AM SUCH AN IDIOT, I CANT BELIEVE I DID THAT......
  19. f4780y
    Offline

    f4780y Super Moderator

    Joined:
    Sep 11, 2010
    Messages:
    7,107
    Thanks Received:
    630
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +630 / 0
    No problem. You may like to use our sister site, iphoneforums.net. Whenever there is any firm news regarding unlocking the 04.11.08 baseband, we will post it over there. It's unlikely that we would cover it here at iPadForums!

    Cheers.

Share This Page

Search tags for this page
cydia does not show ios 5 shsh
,
cydia not showing 5.0 shsh
,
delete blobs saved by cydia
,

delete shsh blobs from cydia

,
disale shsh blobs
,
how can i get my shsh blobs from cydia
,
how to delete shsh from cydia
,
how to get ios 5.0 shsh blobs on cydia
,
ios5.shsh
,
iphone4s custom firmware shsh
,

shsh blobs ifile