Dev-Team Blog

Page 1 of 4

DEV-TEAM BLOG
To find yourself, think for yourself Socrates 469 BC

Search

Restoration reinvigoration
Today were pleased to release redsn0w version 0.9.15b1, with significant new features supporting restoring to
TEAM
LINKS
TWITTER
older
firmware
no longer being signed by Apple. For brevity, well list most of the new features
in bullet form. For
4.3 feel
Info free to drop by our comments section, or check out any upcoming
Team
more PwnageTool
details, please
guides on tutorial sites
like http://iclarified.com
DevTeam Wiki
bugout
redsn0w.com

bushing
comex
Jason Bourne iZsh
BLOG TAGS
marcan
l restore from any 5.x iOS to any other (up, down or the same) 5.x iOS on all devices as long as you have the
PwnageTool
MuscleNerd
correct blobs (see more below)
redsn0w
planetbeing
l Cydia now included in the tethered 6.0 jailbreak on A4 devices
redsn0w beta
pumpkin
lultrasn0w
automatically Just Boot tethered when qualifying A4 device connects in DFU mode
pytey
l untethered 6.0 jailbreak on old-bootrom 3GS
saurik
SOFTWARE
l untethered 6.0 hactivation on any 3GS or iPhone4
wizdaz
Official Torrents

First, ultrasn0w.com
the high-level new feature list:

directly restore pre-A5 devices to earlier firmware no more complicated 15-step how-tos with stitching,

iTunes errors, and hosts file concerns

DONATIONS

IDENTI.CA

Team
signed blobs for any IPSW (present or future no redsn0w update required
) using Extrasbushing
>SHSH Blobs->New
Jason Bourne iZsh
l block the BB update for any 3GS or iPhone4 restore (past, present, or future no redsn0w update
MuscleNerd
618,421
requiredcomments
) using Extras->Even More->Restore
by 131,698 readers
pytey
l deactivate any iPhone, useful for testing your official unlock status through iTunes. (Please only
saurik
IntenseDebate
deactivate your own iPhone!)
l activation status shown on Even more page
FRIENDS
l/dev/null
fetch new

significantly more (very nerdy) info returned by Identify button when device is in The
Normal
mode
Misfits

hackmii.com
tethered jailbreak of ATV2 supported (but the only thing available for it is the SSH2
custom bundle available
here no Cydia yet. Must use Select IPSW for tethered boot of ATV2 for now).Stephen Fry
Woz
auto-exit WTF mode for older devices with broken buttons

l
l
l

CCC -them
27C3locally (and will
any time a set of blobs is fetched remotely (from Apple or Cydia), redsn0w also saves
check there first if you click Local)
HACK LINE
for your future restoring convenience, you should also submit all of your past and present TinyUmbrella
(347) DEV-TEAM
blobs to Cydia if you havent done so yet. Resubmitting is okay and wont cause conflicts.

Here are more details on the iOS5-to-iOS5 restores for A5+ devices. (Note: pre-A5 devices dont have these
restrictions just follow the redsn0w prompts during the restore).
1. redsn0w now lets you restore an A5+ device from any iOS5 to any other iOS5 as long as you have
correct 5.x blobs for the starting (current) and ending points of the restore
l
l
l

APtickets eliminated higher-version only comparison of firmware restores (just like BBtickets did for the
baseband)
example restores supported by redsn0w if you have the correct blobs: 5.1.1-to-5.0.1, 5.0.1-to-5.1.1, 5.1.1to-5.1.1, 5.0.1-to-5.0.1
if you dont have the blobs locally, let redsn0w try to fetch them remotely (redsn0w always tries both Apple
and Cydia). Any succesful remote fetch also saves a local copy too.

2. You DO NOT QUALIFY for iOS5-to-iOS5 restores if you got to your current 5.x via an OTA update
l

the tickets saved by Cydia, redsn0w, and TinyUmbrella do not cover OTA update ramdisk images

even if they did, its the wrong kind of ramdisk (youd need to start at that earlier pre-OTA FW)

http://blog.iphone-dev.org/

1/3/2014

Dev-Team Blog
l

Page 2 of 4

even if they did, its the wrong kind of ramdisk (youd need to start at that earlier pre-OTA FW)

devices fresh from factory or refurb may fall in the does not qualify category (your results will vary)

its okay if you previously got to 5.x via an OTA update, as long as your current 5.x was installed via a
normal iTunes restore. All that matters is how you got to your current 5.x most recently
redsn0w detects an OTA/normal-restore APticket mismatch very early, so if you dont know your status
there should be no harm in trying. Any device in recovery mode after such a mismatch can boot normally
again just by going back to Even More screen from the Restore screen (or use Recovery Fix if you quit
redsn0w before doing that).

3. Unlike the A4 devices, redsn0w cant (usefully) prevent the baseband updates of A5+ iPhones and iPads.
l
l
l

and so, redsn0w automatically flashes the currently signed baseband when it does A5+ restores, even if
those basebands didnt come with the original firmware
stay away from this if you have an unofficial unlock that isnt supported by the newest baseband
the least-tested baseband update code in redsn0w is for iPad2,3 and iPad3,2. Please give any feedback on
those iOS5 restores in the comments section below.

4. iPad2 owners (all three models) with saved 4.x blobs can use those instead, even from 6.x
l
l
l

if you have both 4.x and 5.x iPad2 blobs, you can always get to 5.x via the 4.x blobs, even if youre currently
on 6.x
you cannot get to 5.x from 6.x without the 4.x blobs (but you may still qualify for the iOS5-to-iOS5 restore
described above)
if somehow you have 4.x blobs but no 5.x blobs, you can still go down to 4.x from 6.x

this only applies to iPad2 owners (theyre the only A5+ devices that ever had a public 4.x FW)

redsn0w still supports (but doesnt require) jailbreaking A5+ devices at 5.0.1 and 5.1.1. Just head back to
the first page after re-restoring to 5.x. Its always much faster to jailbreak those FW versions with a freshlyrestored device, before letting iTunes restore from a saved userland backup.

And finally, some random details:

5. ultrasn0w isnt yet updated for 6.x
l
l
l

by now you probably should be taking advantage of the extremely cheap IMEI-based unlocks of iPhones
sold by established online retailers like http://cutyoursim.com
still, IMEI-based unlocks dont work in all cases. Well announce when ultrasn0w is ported up to 6.x
redsn0w will still hactivate your 3GS or iPhone4 if you run it before the device is activated. Due to the
current tethered 6.x JB status, redsn0w now hactivates 6.x without requiring subsequent tethered boots. If
you accidentally hactivate with redsn0w, use the Deactivate checkbox available from the Jailbreak screen,
not the normal one in Even more

6. As always, redsn0w lets you Fetch the SHSH blobs currently flashed onto your pre-A5 device
l

use this if youre at 5.x or 4.x but without having saved your blobs when the window was open

this is only useful when Apple is no longer signing the firmware, otherwise Cydia/redsn0w
New/TinyUmbrella blobs are superior (but youre welcome to fetch your 6.0 blobs this way anyway)
fetching blobs in this fashion will automatically forward them up to Cydia, as well as save a local copy

We realize theres a lot of info in this post. If youre at all confused about things remember to visit our comments
section, with our very helpful user base and moderators like dhlizard, Frank55, 41willys, and slavakulikoff.
If youre in the Melbourne, Australia area, MuscleNerd (and another anonymous long-time Dev Team member)
will be giving some talks at the Breakpoint conference http://www.ruxconbreakpoint.com this week. And @mdowds
iOS talk at the same conference should be quite interesting too! Well also all be attending Ruxcon a few days
later, so say hi if you see us!

Update #1 (Oct 15): Version 0.9.15b2 fixes a few issues for 3GS owners: old-bootrom awesomeness is no longer
forgotten directly after a restore, and iPad baseband upgrade/downgrade support is fixed (same production date
cutoffs apply!). If your 3GS is currently tethered at 6.0 even though you have an old bootrom, just re-run redsn0ws
Jailbreak step (no need to restore). Dont forget you can add some pizzaz with your own boot logo or a nerdy
verbose boot.

http://blog.iphone-dev.org/

1/3/2014

Dev-Team Blog

Page 3 of 4

verbose boot.
Update #2 (Nov 1): Version 0.9.15b3 fixes the redsn0w error 2601 that Windows users were seeing using the
Restore button. It also fixes a related Windows iTunes error 14 for stitched files. Note that if you have a
baseband, you should probably avoid stitching and simply use redsn0ws native Restore (not iTunes).
Those lucky recipients of new iPad minis and iPad4s on Friday can use this redsn0w to save your 6.0 blobs off
to Cydia. First connect your new device and turn it on, then use redsn0ws Extras->SHSH Blobs->New and point it
at the 6.0 IPSW.
Expect an ultrasn0w compatibility update for iOS 6.0 by Friday (mostly useful for 3GS old-bootrom users who are
currently enjoying the untethered 6.0 jailbreak!). Same baseband support as with 5.x.
Thanks to @iamgolfy for helping test the 2601 Windows fix!
Here are the download links. Enjoy!
l

redsn0w 0.9.15b3 (OS X use Ctrl-Click->Open if on Mountain Lion for now)

redsn0w 0.9.15b3 (Windows run in Adminstrator Mode)

1 year ago

Comments

Tagged: redsn0w

Blob-o-riffic
Today marks the public release of iOS6! For those devices capable of running 6.0, the 5.1.1 SHSH blob signing
window will soon close, so its very important that you backup your 5.1.1 blobs now while you still can. We
advise you do it for every device you have (see tutorial sites like iClarified if you dont know the process).
A few months back we released a redsn0w feature that lets you downgrade A5+ devices from 5.1.1 to anything
lower (if you had saved blobs). Unfortunately once the 5.1.1 window closes, redsn0ws 5.x downgrade feature
will no longer work. Most A5+ users will not be able to downgrade. So if youre an A5+ owner up at 6.0 when the
5.1.1 window closes, youll be stuck there without a jailbreak for now.
Were happy to report there are some serious deficiences in the 5.x restore process that are permanently
exploitable. Theyll never be fixable by Apple because theyre all self-contained in the 5.x IPSWs. Heres the
breakdown:
1.
2.

3.

A4 devices and 3GS will always be downgradable (and jailbreakable) with saved blobs due to limera1n.
The tethered iOS6 jailbreak for those devices (and untethered for old-bootrom 3GS) will be out when Cydia
and other important pieces are all working properly.
iPad2 owners who have both 4.x blobs and 5.x blobs will always be able to downgrade to those versions,
even once you come up to 6.0 and the 5.1.1 window closes (dont do that yet though!). You need both 4.x
and 5.x blobs to qualify for the 5.x downgrade even though you only wish to downgrade to 5.x (you need
only your 4.x blobs to downgrade to 4.x)
iPad3, i4S (and iPad2 owners who dont satisfy #2) will always be able to RE-restore the current 5.x OS
thats already on their device. So if youre at 5.1.1 when the window closes (and youve saved your
blobs), youll always be able to RE-restore to 5.1.1 again. This makes the 5.1.1 jailbreak a lot less fragile
you dont have to worry about messing up your install with funky extensions or getting into a boot loop,
because you can always RE-restore from 5.1.1 to 5.1.1 again (or from 5.0.1 to 5.0.1 again, etc). But once
you fall off the 5.x train by restoring to 6.x, youll be stuck there until the next jailbreak.

Please be aware that RE-restores and iPad2 downgraded devices will always end up with the latest baseband (not
the one that came with that firmware). So dont go near any of this if your unlock depends on the baseband
version.
All of these features will be released shortly in a new version of redsn0w. In the meantime please be sure you have
your 5.1.1 blobs and stay at 5.1.1. Happy iOS6 day!
Update #1: For a refresher on why saved blobs are not as powerful as they used to be, please see our Blob
Monster post (the scenarios described above are possible only due to mistakes made by Apple, but those mistakes
are being cleaned up with each new firmware).
1 year ago

Comments

http://blog.iphone-dev.org/

1/3/2014

Dev-Team Blog

Page 4 of 4

Baseband Freedom
Happy 4th of July! Todays release of redsn0w 0.9.14b2 improves the iPad baseband downgrade and should cover
anyone who couldnt downgrade with 0.9.14b1. This version covers 3 different types of NOR chips in the iPhone
3G and 3GS (the earlier version covered only the most prevalent NOR chip). Weve also simplified the process and
added logging to help diagnose any remaining stubborn iPhones.
The revised steps are:
1.
2.
3.

Connect your iPhone in normal mode, then click Jailbreak after redsn0w identifies its model and BB
version (you neednt pre-select the IPSW anymore).
Choose the Downgrade from iPad baseband option (you neednt worry about de-selecting Cydia
anymore).
Do a controlled slide to power off shutdown of your phone and proceed through the normal DFU ramdisk
steps.

Should the downgrade fail to take, feel free to leave the redsn0w log in the comments below. Use the Extras>Even more->Backup button to grab a copy of /var/mobile/Media/redsn0w_logs, then extract the log text file(s)
from the zip and paste them into the comments (currently that log file is generated only during baseband
downgrade runs).
NOTE: The original warning about 3GS units manufactured in early 2011 or later still holds! They have a NOR chip
thats incompatible with 06.15.00 and so trying to install it will brick the device. Please read and re-read the
warning in our earlier post.
Thanks to bobmutch, @healeydave and @dilbert4life for lending us their iPhones to improve the baseband
downgrade!

DFU IPSW
Weve gotten a lot of feedback from users who cant launch a DFU ramdisk because their iPhone home/power
buttons are broken or intermittent. Weve added a new redsn0w feature that lets you enter DFU mode as long as
your phone is healthy enough to restore to a normal, everyday IPSW. You dont need to be already jailbroken to
use this method.
In redsn0w, go to Extras->Even More>DFU IPSW and select an IPSW that is currently being signed for your
device and that youd normally be able to restore to without any hacks. redsn0w will create an ENTER_DFU_
version of the IPSW that you can restore to just like any other IPSW, except that now youll be dumped into DFU
mode towards the end of the restore (WARNING, your screen will remain completely blackthe only way to even
know its on is that iTunes and redsn0w will detect it!). The technique used by this feature is 3 years old but
surprisingly still works today!
Update #1 7/25/12: redsn0w is compatible with todays retail release of Mountain Lion OS X 10.8. Until we start
using an official developer ID for it (!), youll need to use the new Ctrl-Click-Open security bypass the first time you
run it after downloading.
Here are the download links. Enjoy!
l

redsn0w 0.9.14b2 (OS X)

redsn0w 0.9.14b2 (Windows run in Administrator Mode)

1 year ago

Comments

Tagged: redsn0w Ultrasn0w

OLDER POSTS

http://blog.iphone-dev.org/

RSS

Archive

Powered by Tumblr

1/3/2014