SHSH Blobs FAQ

[f4780y]

Welcome to the new and improved 2012 version of the iPadForums SHSH Blob FAQ!

SHSH blobs can be a confusing subject for our members. There is also a lot of misunderstanding and misinformation around the subject, not helped by the way differences between devices and firmware versions. This thread aims to be a "one-stop-shop" for SHSH related facts so we can demystify the subject once and for all!

Frequently Asked Questions

1. What are SHSH Blobs?
SHSH Blobs, or blobs for short, are digital signatures which Apple provides to you to authorise the installation of a particular version of IOS on your device. Think of blobs as the key which unlocks the door to allow installation of a firmware file. Blobs are used on all modern Apple mobile devices and were first introduced on the iPhone 3GS.

2. Why are blobs so important?
iTunes will not let you install, update, or restore IOS on your device without valid blobs. There is no way to circumvent this security measure. So, no blobs = no install. iTunes typical response in this situation is the dreaded message "iTunes Error 3194 - This device isn't eligible for the requested build".

3. How are blobs generated?
Blobs are only ever generated by Apple on their own servers. They can't be created any other way since they use strong encryption techniques. They cannot be forged. They cannot be changed or otherwise manipulated.

iTunes first makes a request to the Apple signing server including information such as your devices unique ID (ECID) plus the version details of IOS that you are trying to install and iTunes gets your unique blobs back as a response, but only if Apple agrees that you are allowed to install that version of IOS on your device!
Since the release of IOS5 an additional unique component known as the APTicket is also required from Apple. This component is randomly generated by something called a "nonce" (number once) from your device and is unique each time a fresh restore operation is requested.

4. So what's the problem?
Apple will only provide you with blobs for the version of IOS which they decide is "current". At the time of writing, this is version 5.0.1. You will never receive blobs from Apple for older versions of IOS, such as 4.3.3, if a newer version is available except for a brief period of cutover between the current and previous version of IOS.

The period of time for which Apple will provide blobs for a version of IOS is referred to in the jailbreaking community as the firmware signing window. As soon as Apple stop providing new blobs for a particular version of IOS, we say that the firmware signing window has been closed.

Apple typically close the firmware window on the previous version of IOS within 24 hours of a new version being released. So, if the next version of IOS is 5.1, you will have about 24 hours after it is released to the public before Apple will stop providing blobs for 5.0.1.

5. So why do I hear folks talk about "saving blobs"?
Well, whilst Apple were smart enough to make blobs which cannot be changed or forged, they didn't protect themselves very well from a "replay attack", at least up to the release of IOS 5.0.

Soon after Apple started using blobs, clever hackers discovered that if you intercepted and saved away the blobs which were returned from Apple when you requested them, you could replay them to iTunes at a later date by pretending to be the Apple servers and the installation would succeed! The main tool which has been developed to help you do this is called TinyUmbrella, although Saurik first allowed Cydia servers to be used in place of Apple's signing servers and also automated the process of saving your blobs for jailbroken devices.

BUT, for this technique to work, you must still request and save your blobs from Apple during the period when they are still signing the firmware version you are interested in. So, if you want to restore IOS version 4.3.3 today, you need to have saved your blobs for 4.3.3 (which are unique to your device) back in May 2011 when Apple was still signing them. Remember, they are unique and cannot be forged or copied from someone else's device - no blobs = no install.

Apple have known about this replay attack exploit for a long time, and with the release of IOS5 they effectively blocked the ability to perform a replay attack by introducing the APTicket component to the blob request. This component is randomly generated every time the device undertakes a new restore operation and therefore replaying previously saved blobs for 5.x will not work since the random component will be different from the first time it was restored.

LUCKILY, our clever hacker friends found a way to circumvent this too, but only for devices where there is a known bootrom exploit, which in our land is the iPad1 only. Both iFaith 1.4+ and redsn0w 0.9.9+ have the capabilities to extract the blobs AND the APTicket from the device and then build a pre-signed custom firmware for a version of 5.x which can be restored at a later time using a pwned DFU mode. TinyUmbrella has also been updated to save both the blobs and the APTicket component for 5.x firmwares to allow a custom firmware to be built using redsn0w or iFaith.

UNFORTUNATELY, since the release of IOS6, there is no way for iPad2 or iPad3 owners to restore any previous version of IOS (including 5.x) even if they have saved their blobs. Hopefully, this will change in the near future with a new release of the redsn0w tool. We will post an update and tutorials when this becomes available!

6. So, what do I do now?
Well, the short answer is start saving your blobs today!
It is never to late to start saving them, no matter what device you have. What you are doing by starting today is giving yourself a potential insurance policy for the future. Even if you have a device which is not currently able to be restored on the current firmwares using saved blobs you should still start today, because you never know what new exploits will be discovered by the hackers tomorrow! Remember, up until recently it was impossible for any device to restore a 5.x firmware which Apple had stopped signing, but now there are various ways to be able to do this, so there is always hope!

The recommended methods to save your blobs are as follows:

TinyUmbrella (TU) - The Firmware Umbrella.
TU is a PC (both OSX & Windows) tool which saves your blobs locally on your hard disk. It is simple to use and puts you in control of your blob saving. You can download the latest version of TU from - The Firmware Umbrella - TinyUmbrella
We have a very simple tutorial which you can follow to save all our current blobs and set yourself up for future blobs saving. Give it a go - http://www.ipadforums.net/jailbreak...01-how-save-your-shsh-blobs-tinyumbrella.html

Cydia
If you have a jailbroken device, Cydia will automatically save your SHSH Blobs on your behalf. Whenever you start Cydia you should see a line at the top of the home page with all your saved blobs (on Cydia servers) in green, similar to the following screenshot…

If you want to retrieve all of your blobs from Cydia, use the tutorial for TinyUmbrella linked above. The tutorial is written in such a way that it will get all of your blobs from Cydia (if you have any) as well as get the current blobs from Apple. But remember, it cannot magically create blobs which you have not previously requested from Apple or saved away on Cydia!

iSHSH|T
This is a jailbreak application which you can install through Cydia on your device. Just like TU, it can retrieve blobs from either Cydia or direct from Apple, but this time it downloads the blobs directly onto your device. A nice feature is that is allows you to email the blobs anywhere you want (including to yourself!), which to be honest you MUST do since they are of little use to you on your device if you are going to restore it! . It is highly recommended for blob saving on the go, particularly if you are away from your PC, maybe on vacation, and hear that a firmware window is about to be closed!

iFaith
Unlike the other options, iFaith does something really special. It extracts the blobs from your currently installed firmware on your device. However, because iFaith relies on being able to pwn the boot process, it is only available on devices with a known bootrom exploit which are the moment are the A4 devices such as iPad1 and iPhone4. It will NOT work on iPad2 or iPhone4S as things stand today. iFaith can be a real lifeline for owners who did not understand the importance of saving blobs, but still have an older version of IOS installed on their device.

Additionally, you are able to build a pre-signed custom firmware for your device using the blobs which were extracted with iFaith. This custom firmware can be installed without the need to interact with the Apple signing servers or TinyUmbrella in the future. The latest version of iFaith can be downloaded from - iH8sn0w.com

redsn0w
The jailbreaking tool redsn0w can now also be used to extract blobs from the currently installed version of IOS in a similar way to the iFaith tool. Blobs can also be "stitched" into a custom pre-signed firmware to install at a later date. The latest version of redsn0w can be downloaded from - Dev-Team Blog. redsn0w also has a nice feature to verify your blobs, including letting you know if your 5.x blobs have a proper APTicket component. Very handy!

Note: The latest versions of iFaith (iPad1 only) and redsn0w (iPad1, iPad2, and iPad3) are the ONLY tools which will allow you to restore a version of 5.x firmware which Apple has stopped signing as of this time, but remember you must also have saved SHSH Blobs too!

7. I still don't understand SHSH Blobs!
I have failed you grasshopper
Post your question in response to this thread and we will do our best to answer!

 

[SweetPoison]

Great job, Leigh! Particularly, love your last post. Very clever, babe.

 

[alert5]

OOPS, these are my current saved blobs;

iPad2WIFI 5.0.1 (9A405)-3896073977164
iPad2WIFI 5.1b1 (9B5117b)-3896073977164

Am I too late to do an Absinthe 5.0.1 jailbreak?

 

[Mickey330]

Of course not! If you have iOS 5.0.1 installed, you can jailbreak your iPad2 with Absinthe.

And, you might want to re-read this FAQ again, particularly the fifth paragraph in question #5. Blobs are to be saved, yes, because it's always a good thing. But, for an iPad2, it's not about the blobs - it's about the iOS that's installed.

Anyone who is running iOS 5.0.1 on their iDevice can jailbreak with Absinthe. The key here is (for those with an iPad2, an iPhone 4S or those without saved blobs) - don't upgrade off of that iOS when Apple releases the new version. That's when it becomes too late.

Hope this clarifies.

Marilyn

 

[alert5]

Thank you Marilyn. The proof of what you say, is that in just minutes, my iPad2 was jail broken without so much as one hiccup using Win7 0.3 Absinthe.

It was just the reference to 5.1b that concerned me.

Great work and best regards,

Gary

 

[ttmoffs]

First of all, thank you for this great FAQ, it's just perfect!

This may sound kinda dumb after all that brillant text, but it's better safe then sorry:

I assume that we only need APTickets for iOS 5 and above, am I correct?
In other words, if I update my jailbroken 4.1 ipod4G to 5.0.1 and for whatever reason I need to restore it to 4.1, will I be able to do it?

(I do have my 4.1 SHSH blobs saved, but redsnow0.9.10b5c tells me APTticket is missing [which is why the question came up])
(I also have my 5.0.1 SHSH blobs saved and redsnow0.9.10b5c tells me APTticket is present and valid)

Thanks for your help!

 

[astra]

Hi,

I want to save my 4.3.5 SHSH Blobs with tinyumbrella-5.10.07 but the program did not see my ipad 2.

If i can fix this problem i upgrade my ipad2 to 5.x to finally jailbreak it i forget to make a backup with 4.3.3 and upgrade it to 4.3.5 so the jailbreak fails :thumbsdown: i learn now from my mistakes

Thx a lot for your feedback

Solved, forget to install itunes on my new pc

 

[Shandley]

Greetings,

I have an ipod touch 4g with a JB 4.2.1 FW

I used TU to save the blobs available to me and there was 4.3.5 and 5.0.1

What would you suggest I do here? I was thinking of restoring but I cannot seem to do it with the original 4.2.1 and I don't want to update past the golden 4.3.3 to the 4.3.5 blob I have unless I will benefit. Should I keep the 4.2.1 I have? Will that benefit me better? I have no problem upgrading to the 5.0.1. I was thinking about a restore because I have a few things crashing on me and I was thinking of a fresh start.

Let me know what you think!

Thanks!!

 

[f4780y]

Greetings,

I have an ipod touch 4g with a JB 4.2.1 FW

I used TU to save the blobs available to me and there was 4.3.5 and 5.0.1

What would you suggest I do here? I was thinking of restoring but I cannot seem to do it with the original 4.2.1 and I don't want to update past the golden 4.3.3 to the 4.3.5 blob I have unless I will benefit. Should I keep the 4.2.1 I have? Will that benefit me better? I have no problem upgrading to the 5.0.1. I was thinking about a restore because I have a few things crashing on me and I was thinking of a fresh start.

Let me know what you think!

Thanks!!

iPod Touch 4G is not my area of expertise, since we are all iPad here, however it should be broadly similar to the iPhone4. In that case, your best bet is to use your saved blobs for 5.0.1 to create a custom pre-signed firmware using the latest version of redsn0w and restore that to your device. You can then jailbreak it using the same redsn0w program.

 

[sandybelgrano]

Hi, I have read this FAQ, and some other FAQs from other places, this was the best I've read until now (so thank's a lot f4780y), anyway, I may sound dumb but I prefer to ask dumb questions and not mess thing up. I'm really new to all what's related to Apple.

1) I have a new iPad with iOS 5.0.1 which is, of course, still not jailbreaked, when I've read all about SHSH Blobs, the first thing I've made was to try to make a backup with TinyUnbrella, but, of course, I was too late, so, I couldn't do it. Is there any other way to get SHSH Blobs, for what I've read in this FAQ I gess not, but, what about Cydia? (it says it keeps a copy of your SHSH Blobs, where does it get from?) or iSHSH[T? or redsn0w?

2) I want to jailbreak my iPad with Absinte v0.4, as I said, I don't have SHSH Blobs saved, if something goes wrong; will I be able to recover it, at least to the most current version (5.1)?, or, what about if jailbreak goes ok and I want to un-jailbreak some day? Will I be able to do it?

3) The only reason I want to jailbreak my iPad is to be able to view photos and movies directly from the SD Card using the Camera Connection Kit (I mean without having to copy them to the iPad) with XBMC and iFile (I've read some tutorial about that), I'm not planning to install or do nothing else, so, I've read that some people says that a jailbreaked iPad don't run as good as a non jailbreaked one (I've read that the jailbreaked iPad crashes more often, or runs slower) is that true? If I dont mess much with the iPad will I notice some performance degradation on my iPad only doing what I've said?

Excuse me if my english is not that good, hope you could understood me. Thanks for reading this.

Sandro

 

[reahn]

So i have an iDevice. and i have saved the blobs. do i have to resave them everytime i restore?? does my ecid ever change? plz help

 

[barrygordon]

Okay I think I understand. I have an iPad 1. It is running iOS 5.1. It has a tethered jailbreak installed which seems to be okay. I have no blobs saved. Sone apps (ScreenDimmer) will not install under 5.1. Some apps (screen dim) do do not seem to operate under 5.1.

I would like to revert to 5.0.1. It appears from all I have read ( too late) that I can't do that.

Please verify that Ian screwed on this at this time. And need to wait to see what the community will find.

 

[f4780y]

Okay I think I understand. I have an iPad 1. It is running iOS 5.1. It has a tethered jailbreak installed which seems to be okay. I have no blobs saved. Sone apps (ScreenDimmer) will not install under 5.1. Some apps (screen dim) do do not seem to operate under 5.1.

I would like to revert to 5.0.1. It appears from all I have read ( too late) that I can't do that.

Please verify that Ian screwed on this at this time. And need to wait to see what the community will find.

Yes, without blobs you can never go back. It's really important to start to save them as soon as you discover the subject. That gives you future protection!

 

[harvardjanitor7]

Thank you so much for your post! I learned everything I needed to know about shsh blobs. So basically, without blobs, you can't restore to that firmware. Save blobs! Every guide should mention this. I guess since it happens in the background, it leads to a lot of people (including me) running into a lot of errors.

Clarification note: even if you use sn0wflake to create a custom firmware, it won't work if you don't have the shsh. If you use iFaith to create the custom with the shsh, you'll be able to use it! Also, iREB doesn't seem to work well. Use redsn0w's pwned DFU.

 

[gregwalz]

Now I am confused

f4780y said: "Yes, without blobs you can never go back. It's really important to start to save them as soon as you discover the subject. That gives you future protection!"

I must admit, I read the SHSH Blobs FAQ and also the "How to restore your iPad using TU", and up until this post I thought I had screwed up beyond all hope.

But, f4780y, this post gives me hope! So here is my situation:

I had a iPad 2 WiFi, jailbroken at IOS 5.0.1. Was very happy. But then, the iPad was pestering me about upgrading to 5.1, I looked at the release notes, seemed innocent enough, and I foolishly upgraded to 5.1. [And by the way, this was very deceitful, how can Apple get away with this. I thought jailbreaks were legal. if so, I should be able to ask Apple that I want to downgrade, and ask for a working SHSH blob for 5.0.1. But I am sure I am delusional.]

Then I realized my jailbreak is gone, and started reading these forums and realized the fatal mistake I had made. As a PC person, this kind of a wipe out is incomprehensible to me.

Then, I used TU to retrieve my 5.0.1 SHSH blob from Cydia, which I believe I succeeded. I have a file on my PC:

C:\Users\Greg\.shsh\<13-digit number>-ipad2,1-5.0.1.shsh

So, the $600 question is: can I or can I not downgrade from 5.1 to 5.0.1? I have the 5.0.1 SSH blob, and this is only a WiFi iPad 2, which I think means no baseband. But that APTicket worries me.

Thank you f4780y, you are the most knowledgeable and most helpful person I have seen in any forum.

Greg

P.S. If by any miracle I should be able to downgrade, then my question is on the "How to restore your iPad using TU" tutorial, because I don't see where the SHSH blog gets used/picked up. But maybe that happens automatically. Thanks again, Greg.