Downgrade 4.0.2 -> 4.0.1: Of Myths and SHSHs

EDIT: Given the sheer number of people that are getting lucky with having their SHSH's on file with Cydia, I cannot stress enough how important it is to at least try to save your SHSH for 4.0 and 4.0.1. Remember to make sure Cydia is selected because Cydia is where your SHSHs would be. Who knows? You might be one of the lucky ones :)


There is much discussion on many blogs about a potential means of downgrading iOS 4.0.2 to 4.0.1 by simply changing a couple values in the buildmanifest.plist and copying all of the images from 4.0.1 into 4.0.2 and then deleting the files ending with 002. Following all of this, perform a DFU restore and somehow you will be on 4.0.1. 


There is a perfectly logical explanation for all of this and I will lay out exactly what is happening and explain why it is working for the folks that are the lucky ones.


Let me get this out first. 

1. This is not a miracle, at least not in the sense you all hope for
2. SHSHs are STILL required for any iPhone 4, iPhone 3GS, iPad, iPod Touch 3G, and iPod Touch 2G (MC Model)
3. There is NO way around this... unfortunately this method included.

Let me start by explaining something very important. The buildmanifest is used by iTunes to build much of the TSS request that is used to obtain your SHSH for any given firmware revision. Unfortunately, the BuildNumber has no part to play in the request for SHSH. All that you ended up doing in following these directions is request 4.0.1 SHSH blobs. THAT IS ALL. Since every single one of you that got this to work changed your hosts file to point to Cydia, Cydia responded to the TSS request with an SHSH blob that was ALREADY "on-file". There was no magic. There was no miracle, apart from the lucky break that your device had been put on Cydia's SHSH request list at some time in the distant past.


That's it in a nutshell folks. There was no amazing technique for bypassing Apple's TSS. There was no amazing exploit that exists in DFU mode allowing for 4.0.2 -> 4.0.1 downgrading. It's simple; Cydia had your SHSH because at sometime in the past either:

• Someone saved your SHSH with that device using TinyUmbrella and the default options
• Someone restored that device with Cydia in the hosts pointing to gs.apple.com
• Someone jailbroke the device and pressed 'Make my life easier'

That's it folks. Sorry to be a buzzkill but there was much confusion about this issue and many blog posts that simply didn't give the full story of what exactly was going on.

The Firmware Umbrella: Intense Debate Support

I've added Intense Debate support to my blog in hopes that folks can get answers to their questions by the growing TinyUmbrella community. There are many times that I am unable to answer your questions very quickly but there are helpful individuals that selflessly devote time to helping others with issues that are common.
As the posts become more numerous, I'll moderate them less and less eventually adding some few folks as moderators. Thank you all for your continued interest in this blog, TinyUmbrella, and helping your friends reserve their right to restore the firmware they want to restore!

TinyUmbrella: New Features Coming Soon

I've been working on a few cool new features. I've heard some great ideas and have decided to put those ideas in place. Unfortunately, implementation of those ideas is taking a bit longer than I had anticipated. Heres a few of the great ideas I've gotten from all of you:

• Device History: TinyUmbrella will remember device information of devices that have connected so that saving SHSH's for those devices in the future no longer requires you to connect the device.
• Save All SHSH's Available "On-File" at Cydia: TinyUmbrella will now automatically check Cydia for ALL SHSHs for the connected device (or device from history :) )
• TinyUmbrella will also help you detect what application is running on your computer that is taking up port 80 and will give you the option to kill that application. This should help many of you that don't know what application may be listening on port 80 (ie. Skype)
• TinyUmbrella will also tell you what firmware versions you can safely downgrade or restore to whenever you connect the device (or select a device from history)
• TinyUmbrella will be sporting a cleaner UI based on some of the great suggestions from @chpwn (a friend and fellow chronic dev team associate)
• Support for PowerPC and more stable runtime for folks having problems running TinyUmbrella for odd and various reasons.

Looking down the road, I have some big things that I plan on doing with TinyUmbrella. Here are a couple of the things I'm looking at in the long term:

• Activation Support: I've started looking into the way the phone requests (and obtains) activation from apple's servers. I'm confident I can duplicate this process but I have more investigation as the the process is incredibly complicated.
• Full Restore Support without iTunes: I'm looking at implementing my own complete restore mechanism. I have not decided if I'll directly use @p0sixninja's libirestore or whether I'll try to do something that hasn't been done before... ie in java :)

Thank you all for your support and suggestions. I hope you all were able to save your 4.0.1/3.2.1 SHSH which enables you to restore to restore to that firmware revision indefinitely. Also, a HUGE thank you to all of you that have donated; you are all very generous and I greatly appreciate every single one of you.

R.I.P - 4.0.1 / 3.2.1 iOS

Apple has stopped signing 4.0.1 and 3.2.1 SHSH requests for all devices now. If you missed your chance - I'm sorry. There's nothing that can be done now. If you had a 'Pending TSS Request' and DID NOT use TinyUmbrella to save your SHSH then I'm afraid you may not have your SHSH's saved on Cydia. If you DID use TinyUmbrella to save your SHSH then it's guaranteed that Cydia has your SHSh and is just processing them locally before they show up on your Cydia Home Page.

I'll be updating TinyUmbrella in the next day or so to reflect the new 4.0.2 / 3.2.2 defaults even though this iOS version is completely worthless for jailbreaking... However, it is ALWAYS important to save your SHSH because you will never know what the next iOS version will bring and what will and will not be possible with it.  

Fake TinyUmbrella Sites & 4.0.2

I don't understand the fervor to obtain your 4.0.2 / 3.2.2 SHSH. But it's resulted in some well-meaning but ill-informed folks to create one-off updates of TinyUmbrella. One went to some extremes to try making a name for himself. The fact is this, while 4.0.1 and 3.2.1 are being signed, I'm going to keep those as the defaults for obtaining signatures. You can obtain your 4.0.2 / 3.2.2 but you will have to select it from the advanced options.
If you've put together a site with my application's name, take it down so that you do not confuse folks with your one-off changes.
Thanks.

Star - jailbreakme

For all of you impatient and waiting to save your 4.0.2 / 3.2.2 SHSHs keep this in mind.


1. 4.0.2 is a USELESS firmware. There is nothing worth saving. All it did was patch the exploit that allows you to jailbreak.
2. There is NO reason to EVER upgrade to 4.0.2. The patch that is available to protect you from malicious PDFs has been released in Cydia by saurik. Go get the 'PDF Patch' by Jay Freeman (saurik).


I'm going to assume that those of you still complaining about 4.0.2 signatures really have no clue so I'll give you a pass. The rest of you should just sit tight and encourage anyone you know with iDevices to save your 4.0.1 / 3.2.1 SHSH while you still can.


And in answer to some questions, no there is no way to get the application to make the 4.0.2 / 3.2.2 requests without an update. Don't post your mash-up code in the comments of this blog.


Jailbreakers can now enjoy the new jailbreak via @comex. Congrats bud. This jailbreak was the culmination of a ton of work by the guys involved. Great job guys.

Visit: http://jailbreakme.com on your device to start the process.

Enjoy

EDIT: Fixed the windows download - someone claimed a copyright violation and ifile took down the file and ofc mediafire just blows.