Downgrade iPhone 4, 3GS from 4.0.2 to 4.0.1 : SHSH Blobs Not Required
After the 4.0.1 jailbreak release, Apple pushed out iOS 4.0.2 to patch the exploit which helped iOS 4.0.1 jailbreak. Dev-Team announced not to update to the latest firmware release. For some reason, some people still got updated one way or the other and were stuck with no jailbreak & unlock.
Well it ends here. The folks at PwnMyI posted a guide on how to downgrade your iPhone 4 or iPhone 3GS (new bootrom) from iOS 4.0.2 to 4.0.1 without having SHSH blobs saved for iOS 4.0.1. This will of course allow you to jailbreak and unlock your new iPhone with JailbreakMe, and patch it with PDF Patch so that you are safe from PDF vulnerability in iOS 4.0.1.
Today I found something that the iPhone Devs told me “impossible”. I also spoke with iH8Snow, telling me that this sounds impossible. He also mentioned to me and one of my beta testers that this is possible if you allowed Cydia to store your SHSH/Blobs since Cydia will cache your firmware along the way.
Well, I’m pretty sure I proved them wrong.
So the story is that I have possession of clean (never before jailbroken) iDevices, and I managed to downgrade one of them and upgrade one of them to iOS 4.0.
The step by step instructions for downgrading new iPhone 4 and iPhone 3GS without having SHSH blobs saved are posted below. Follow them at your own risk. I am not responsible for any loss of data, or malfunction of your iPhone.
Step 1: Download iOS 4.0.1 ipsw.
Step 2: Extract it with WinRAR or WinZip to a folder on the desktop. You may need to rename the firmware file from .ipsw to .zip to do this.
Step 3: Open the buildmanifest.plist with the Notepad if you are on Windows, or TextWrangler if you are on Mac.
Search and replace all – 8A306 with 8A400. Save. Repeat the same with the file restore.plist.
Step 4: Download iOS 4.0.2 ipsw and open this with WinRAR or WinZip.
Note: Do not extract it. Just open it and leave it open. You must use this exact file and not create a new one. If you have to create a new one for reasons like you are on OS X, then use zip command line not explorer or finder to make the zip. I will assume you are using the original file opened in WinRAR for the rest of this guide.
Step 5: Take all the files from iOS 4.0.1and drag them over to the iOS 4.0.2 zip archive that you have open.
Step 6: Delete all the .dmg files that have 002 at the end, leaving only the 001 files left.
Step 7: Save the archive, and rename it back to .ipsw if you changed the name to get WinRAR/WinZip to open it.
Step 9: Put the device in DFU by following the steps below:
- Connect your iPhone to your computer.
- Turn iPhone off.
- Start iTunes.
- Hold Power and Home buttons together for 10 seconds or so.
- Release Power button but keep holding the Home button until your computer recognizes a new USB device.
- iTunes will now recognize your iPhone.
Note: Your iPhone screen at this time should be blank (black in color), if not, then you are most likely in Recovery Mode, not DFU mode.
Step 10: Now simply open iTunes and restore the firmware you changed.
This is it, you should now be able to jailbreak and unlock your device on iOS 4.0.1 with JailbreakMe.
You can follow JailbreakNews on twitter or follow the author here.
Related posts:
35 comments
Trackbacks/Pingbacks
- Downgrade de 4.0.2 a 4.0.1 en un 3GS sin SHSH guardadas | Actualidad iPhone - [...] Via [...]
- Downgrade de 4.0.2 a 4.0.1 en un 3GS sin SHSH guardadas | Blog Nexus One, iPhone, iPad - [...] [jailbreaknews] AKPC_IDS += "761,";Popularidad: sin valorar Etiquetas: Desbloquear iPhone, downgrade, firmware, iOS ...
- [Tutorial] Downgrade de 4.0.2 a 4.0.1 para Iphone 4 y 3GS SIN shsh guardadas. « HobbyPhone - [...] venia así el telefono y no tienes guardados los SHSH en cydia, no te preocupes, porque acaban de PUBLICAR ...
Leave a Reply
From the comments over at bigboss and personal experience I can day it doesn’t work on iPhone 4 but for other people it works on 3GS. When I try it I can see in tiny umbrella that it still tries to pull signature for 4.0.1
I’m almost positive there’s something missing from step 3 in this tutorial… If there isn’t, then what is the purpose of opening buildmanifest.plist with Notepad?
looks like that’s been fixed…
This really only works for 3GS new bootrom ??!!!
@sandos check the line under the first pic
does this work on iphone 4 I just tried and it didn’t work?
will this work for the ipad?
Works on Itouch 3g (mc)?
also is there anyplace where I can understand what exactly this is doing to the firmware and why it works, that would be really cool to understand
Awesome news. Keep it comin’ brother.
Hi. I was one week ago on 4.0.2 and i just add :
On hosts i add 74.208.105.171 gs.apple.com
and at DFU mode i restored to 4.0.1 and then JAILBREAKME and its working since then.
I didnt say that i mean a 3Gs on my last post, and then it was unactivated and i did it not with a DITS SIM but with an orange SIM, and then i did the jailbreak.
I think I erred on step 4. How do I “open” the 4.0.2 ispw file without extracting?
I used finder to extract 4.0.1 after changing to .zip. My 4.0.2 files are all replaced with .001.dmg files and i did the search and replace of 8A306 with 8A400.
My new 4.0.2 ispw shows these replacements when i extract, but when I restored on itunes and try to jailbreak, it says I can’t because if have 4.0.2 firmware.
Am i missing a step where i can point itunes to the new file?
iPhone 4 Users like me still have to weit
(((((((…
YOU LIAR THIS DOESNT EVEN WORK ON IPHONE 4
This seams like a lot of work and a lot to go wrong for the average user. Maybe somebody could create the ipsw and make a torrent from it or upload it to media fire ect
Does not work, errors when validating file with apple
@downside
Its Not the Same for everything Model and Firmware
By the Way :
iPhone 4 DOES NOT WORK !!!!!!!! N O T
FAKE!! not working at all.
Is there any way you can tell whether you’ve been successful before trying to jaiibreak?
My files all look like the 4.0.1 files but the phone shows it restored to 4.0.2 and that’s how jailbreak.com senses it. But the only IPSW file on my computer has the 001.dmg files and modified scripts. Any ideas?
I have a iPhone 4 and i think thios fooled the Iphone itself. I had to restart the phone several times durimg the day just to use be able to start the icons on the screen, the icons just dance around after i touched them but they don’t start. It says the phone is 4.0.2 ofcourse i can’t Jailbreak it then. however if someone could jailbreak this and then reflash it whit a regular iPhone3,1_4.0.1_8A306_Restore.ipsw
I did my iPhone3,1_4.0.1_8A306_Restore.ipsw file in windows Total Commander renamed both files to rar first, you can then browse in the file like if it was a folder. just saved all the changes never ever made any new files. The only thing I can think went wrong could be the file date when they were changed.
And there is something wrong with the iTunes prog. I even get an error in the end even when i use the ordinary iPhone3,1_4.0.2_8A400_Restore.ipsw
I couldn’t have done this better, maybe if i could change all the dates of the files first but this i have no time for finding out how to do.
if someone wants my iPhone3,1_4.0.2_8A400_Restore.ipsw that has the files from there other in them just ask but i dont think this will ever change the name in the phone. however the files acts funny so its really possible the phone is confused:
size of mine file:
607 379 720 byte
The original:
607 375 880 byte
you can see they are pretty close in size but you can’t change the size without changing the files inside. It could be aslo one thing the are looking for.
By the way it was the original size not the size on the disk incase you wonder….
By the way there were alot of files in the subfolders that were identical, and I really mean identical , I compared them in Total commander byte by byte, so I left them alone, no sense in replacing the same files. It took more time compering them, could just replaced them in 5 seconds. with that I mean the subfolder files are the same.
and I have seen some fu..ed up files out there people made just to break others phones or something. Downloaded a 30 MB files or so that was completely different. The phone would never start if someone used them.
The file I found was uploaded at MegaUpload so be careful. It had the same name so it wasn’t for 3GS or something
These instructions are missing a Step 8 that will fix the validating error I got when iTunes checked this new file restore with Apple (it still recognised it as 4.0.1 and rejected it).
Step 8. add the 74.208.10.249 gs.apple.com line to the host file
And press Alt before hitting restore in Step 10 will let you direct iTunes to the file you want to restore from. Or you can just alter the original file in Library/iTunes/iPhone Software Updates directly if you’re game.
Go to the original thread for full set of instructions.
http://www.pwnmyi.com/index.php?/topic/2939-downgrade-your-3gs-from-402-to-40-without-having-your-shsh%E2%80%99s/
Thanks so much! This downgrade method worked fine with my 3GS on new bootrom
@nat
Wow 3GS -.-
I have an European Hardware unlocked iPhone 4 for 1000 Dollars and i fuckin want that jb.
But it definatly doesnt work for iPhone 4
This has been proven bullshit by the devteam I am very disappointed in jailbreaknews that they continue to provide bad info to readers even after they have been told it’s wrong info.
Wake up jailbreaknews!!! Or lose readers!
It works but only for the older 3GS if you are on the Newer iPhone 4 you Screwed. Seems Apple upgraded all the 32 GB Models of iPhone 4 Manually but somehow every person who got a 16 GB seems to have the older firmware and they can JailBreak So it’s a better chance if you get a 16GB if you want to JailBreak helped like 6 people in a row JailBreaking their 16 GB iPhone some of them were bought this week. Every person with 32GB somehow got 4.0.2 and they were more then 6 maybe 10 people some with 2 week old phones.
I am not sure why It’s still possible for the older 3GS. Maybe because apple is allowing it just so they can sell the older ones to people who just must have a JailBroken phone. Later when the iPhone 4 is JailBreak possible they can sell one of those to because people who wanted a iPhone 4 from the start don’t mind loosing the extra money.
I don’t care that mutch about apps or anything, It’s still nice to have a choice, feels bad apple making the choice for me. Aslong as I dont need their support they should leave the choice to me.
If Apple are behind that 3GS is still possible it’s a real smart bussines for them. The 3GS Hardware has one year max if you want to use the best apps. It’s already slower with IOS4 on the 3GS and the camera sucks, however the most who just buy the phone to make a call or because of the cool factor it doesn’t matter because with a Bumper an iPhone 4 looks identical to the older ones.
However for us who care about the tech and always want the newest one it’s a kick in the nuts.
I would still buy a iPhone 4 and still a 32GB there will be a JailBreak in a year or 2 at most, even the PS 3 got Jailbroken and I am glad is now when the slimmer ones are available since the tech in the older ones weren’t ready, not the laser or the CPU. It’s the best time to buy a PS 3 right now and it gets Jailbroken. Maybe now we se a XBMC app with MKV support for the PS 3 since the Xbox 360 community isn’t making one. XBMC was already possible with the old Other OS Support however they locked the hardware so you couldn’t really do anything heavy now when the PS 3 is Totally JailBroken this will work for sure. We just neeed somebody to add the other OS support to the PS 3 and This time MKV will work with the Linux XBMC.
Everything gets JailBroken sooner or latter since their is always a smarter person then you and their always a smarter person then him. A child prodigy Broke the DVD security. So their is still hope the hackers just waiting for the 4.2.0 Firmware before showing their cards. I bet someone is already sitting on it just waiting. I don’t mind waiting so Apple block it in 4.2.0. It would be great if someone made a hacked iTunes or something so we with iPhone 4 could go back to 4.0.1 while we wait.
Remember people there is always hope I can still make phone calls and it’s mutch better then my older phone. Even if they never JailBreak it I don’t need Apples aplications, then I would be doing exactly what they wanted and only buy trough them. When i pay £599 for something it’s my thing and I should be allowed to do anything with it aslong I don’t use it as a murder weapon or something. That would be a headline: “Man murdered with an iPhone 4″ then we would all need a license to take it out with us.
Have a nice day People………………….or Night (deppends where you are)
I had an unknown error occurred (3194)at final step. Did try to do it again several times but still got the same error.
Any helps pls.
Wow, excellent post thanks for sharing !
i have also the same unknown error occurred (3194)at final step!!!
heeeeellllppppp please!!!!
It doesn’t work.It only waste my time.
fuck!
Hello there, – discovered your internet site by pure luck whilst looking across the internet this evening, and glad that I did! I do like the style and design and colours, but I really should mention that I’m having issues when it loads. I’m using Camino 2 web browser for mac, and the menu won’t line up as it should be. i am convinced used an equivalent layout on a client’s site, but the menu seems Ok on mine. I imagine the fault is with my outdated browser & just maybe today’s the day to swap!
I have been exploring for a bit for any high quality articles or weblog posts on this kind of space . Exploring in Yahoo I finally stumbled upon this website. Studying this info So i am happy to express that I’ve a very good uncanny feeling I found out just what I needed. I so much for sure will make sure to don?t put out of your mind this site and give it a look regularly.