What's new

SHSH Blobs - Frequently Asked Questions

f4780y

Super Moderator
Staff member
Joined
Apr 11, 2011
Messages
916
Reaction score
153
Location
Troon, Scotland
Welcome to the new and improved 2012 version of the iPhoneForums SHSH Blob FAQ!

SHSH blobs can be a confusing subject for our members. There is also a lot of misunderstanding and misinformation around the subject, not helped by the way differences between devices and firmware versions. This thread aims to be a "one-stop-shop" for SHSH related facts so we can demystify the subject once and for all!

Frequently Asked Questions

1. What are SHSH Blobs?
SHSH Blobs, or blobs for short, are digital signatures which Apple provides to you to authorise the installation of a particular version of IOS on your device. Think of blobs as the key which unlocks the door to allow installation of a firmware file. Blobs are used on all modern Apple mobile devices and were first introduced on the iPhone 3GS.

2. Why are blobs so important?
iTunes will not let you install, update, or restore IOS on your device without valid blobs. There is no way to circumvent this security measure. So, no blobs = no install. iTunes typical response in this situation is the dreaded message "iTunes Error 3194 - This device isn't eligible for the requested build".

3. How are blobs generated?
Blobs are only ever generated by Apple on their own servers. They can't be created any other way since they use strong encryption techniques. They cannot be forged. They cannot be changed or otherwise manipulated.

iTunes first makes a request to the Apple signing server including information such as your devices unique ID (ECID) plus the version details of IOS that you are trying to install and iTunes gets your unique blobs back as a response, but only if Apple agrees that you are allowed to install that version of IOS on your device!
Since the release of IOS5 an additional unique component known as the APTicket is also required from Apple. This component is randomly generated by something called a "nonce" (number once) from your device and is unique each time a fresh restore operation is requested.

4. So what's the problem?
Apple will only provide you with blobs for the version of IOS which they decide is "current". At the time of writing, this is version 5.0.1. You will never receive blobs from Apple for older versions of IOS, such as 4.3.3, if a newer version is available except for a brief period of cutover between the current and previous version of IOS.

The period of time for which Apple will provide blobs for a version of IOS is referred to in the jailbreaking community as the firmware window. As soon as Apple stop providing new blobs for a particular version of IOS, we say that the firmware window has been closed.

Apple typically close the firmware window on the previous version of IOS within 24 hours of a new version being released. So, if the next version of IOS is 5.1, you will have about 24 hours after it is released to the public before Apple will stop providing blobs for 5.0.1.

5. So why do I hear folks talk about "saving blobs"?
Well, whilst Apple were smart enough to make blobs which cannot be changed or forged, they didn't protect themselves very well from a "replay attack", at least up to the release of IOS 5.0.

Soon after Apple started using blobs, clever hackers discovered that if you intercepted and saved away the blobs which were returned from Apple when you requested them, you could replay them to iTunes at a later date by pretending to be the Apple servers and the installation would succeed! The main tool which has been developed to help you do this is called TinyUmbrella, although Saurik first allowed Cydia servers to be used in place of Apple's signing servers and also automated the process of saving your blobs for jailbroken devices.

BUT, for this technique to work, you must still request and save your blobs from Apple during the period when they are still signing the firmware version you are interested in. So, if you want to restore IOS version 4.3.3 today, you need to have saved your blobs for 4.3.3 (which are unique to your device) back in May 2011 when Apple was still signing them. Remember, they are unique and cannot be forged or copied from someone else's device - no blobs = no install.

Apple have known about this replay attack exploit for a long time, and with the release of IOS5 they effectively blocked the ability to perform a replay attack by introducing the APTicket component to the blob request. This component is randomly generated every time the device undertakes a new restore operation and therefore replaying previously saved blobs for 5.x will not work since the random component will be different from the first time it was restored.

LUCKILY, our clever hacker friends found a way to circumvent this too, but ONLY for devices where there is a known bootrom exploit. At the time of writing that includes the iPad1 and iPhone4, but NOT the iPad2 and iPhone4S. Both iFaith 1.4+ and redsn0w 0.9.9+ have the capabilities to extract the blobs AND the APTicket from the device and then build a pre-signed custom firmware for a version of 5.x which can be restored at a later time using a pwned DFU mode. TinyUmbrella has also been updated to save both the blobs and the APTicket component for 5.x firmwares to allow a custom firmware to be built using redsn0w or iFaith.

6. So, what do I do now?
Well, the short answer is start saving your blobs today!
It is never to late to start saving them, no matter what device you have. What you are doing by starting today is giving yourself a potential insurance policy for the future. Even if you have a device which is not currently able to be restored on the current firmwares using saved blobs, such as the iPad2 or iPhone4S, you should still start today, because you never know what new exploits will be discovered by the hackers tomorrow! Remember, up until recently it was impossible for any device to restore a 5.x firmware which Apple had stopped signing, but now iPad1 and iPhone4 devices are able to do this, so there is always hope!

The recommended methods to save your blobs are as follows:

TinyUmbrella (TU) - The Firmware Umbrella.
TU is a PC (both OSX & Windows) tool which saves your blobs locally on your hard disk. It is simple to use and puts you in control of your blob saving. You can download the latest version of TU from - The Firmware Umbrella - TinyUmbrella
We have a very simple tutorial which you can follow to save all our current blobs and set yourself up for future blobs saving. Give it a go - http://www.iphoneforums.net/forum/h...ave-your-shsh-blobs-using-tinyumbrella-18924/

Cydia
If you have a jailbroken device, Cydia will automatically save your SHSH Blobs on your behalf. Whenever you start Cydia you should see a line at the top of the home page with all your saved blobs (on Cydia servers) in green, similar to the following screenshot…

f272f980.jpg


If you want to retrieve all of your blobs from Cydia, use the tutorial for TinyUmbrella linked above. The tutorial is written in such a way that it will get all of your blobs from Cydia (if you have any) as well as get the current blobs from Apple. But remember, it cannot magically create blobs which you have not previously requested from Apple or saved away on Cydia!

iSHSH|T
This is a jailbreak application which you can install through Cydia on your device. Just like TU, it can retrieve blobs from either Cydia or direct from Apple, but this time it downloads the blobs directly onto your device. A nice feature is that is allows you to email the blobs anywhere you want (including to yourself!), which to be honest you MUST do since they are of little use to you on your device if you are going to restore it! . It is highly recommended for blob saving on the go, particularly if you are away from your PC, maybe on vacation, and hear that a firmware window is about to be closed!

iFaith
Unlike the other options, iFaith does something really special. It extracts the blobs from your currently installed firmware on your device. However, because iFaith relies on being able to pwn the boot process, it is only available on devices with a known bootrom exploit which are the moment are the A4 devices such as iPad1 and iPhone4. It will NOT work on iPad2 or iPhone4S as things stand today. iFaith can be a real lifeline for owners who did not understand the importance of saving blobs, but still have an older version of IOS installed on their device.

Additionally, you are able to build a pre-signed custom firmware for your device using the blobs which were extracted with iFaith. This custom firmware can be installed without the need to interact with the Apple signing servers or TinyUmbrella in the future. The latest version of iFaith can be downloaded from - iH8sn0w.com

redsn0w
The jailbreaking tool redsn0w can now also be used to extract blobs from the currently installed version of IOS in a similar way to the iFaith tool. Blobs can also be "stitched" into a custom pre-signed firmware to install at a later date. The latest version of redsn0w can be downloaded from - Dev-Team Blog. redsn0w also has a nice feature to verify your blobs, including letting you know if your 5.x blobs have a proper APTicket component. Very handy! :D

Note: The latest versions of iFaith and redsn0w are the ONLY tools which will allow you to restore a version of 5.x firmware which Apple has stopped signing as of this time. Since these tools are only compatible with A4 based devices, and not the newer A5 devices, iPad2 and iPhone4S owners currently have NO WAY to restore an older version of any 5.x firmware. This may change in the future, but only if a bootrom exploit is discovered which can pwn the DFU process on these devices. Without that, installation of a custom firmware is impossible.

7. I still don't understand SHSH Blobs!
I have failed you grasshopper :(
Post your question in response to this thread and we will do our best to answer! :D
 
Last edited:
On my iPhone, Cydia only shows blob 4.3.5 saved (my current version). Does this mean I can never go back to 4.3.3, or anything earlier?
 
Ken55 said:
On my iPhone, Cydia only shows blob 4.3.5 saved (my current version). Does this mean I can never go back to 4.3.3, or anything earlier?

If you didn't manually save the blobs, then no.
 
However you can use iFaith to dump the 4.3.3 IF it was previous like installed in your iPhone.

iFaith dumps SHSH blobs for whatever iOS that is currently installed on your iOS device even if Apple is not signing it.

iFaith supports iOS 3.1.x, iOS 3.2.x, iOS 4.0.x, iOS 4.1, iOS 4.2.x and iOS 4.3.x.

iFaith supports the following iOS devices:

iPhone 4, iPhone 3GS
iPod Touch 4G, iPod Touch 3G
iPad 1
Apple TV 2G
 
Great write-up! Thanks for clarifying things. Just a question out of curiousity.

I j/b'd my phone while on 4.2.6 and its still on 4.2.6. Why doesnt Cydia have 4.2.6 saved for me. It only shows 4.2.8 and 4.2.10 saved. Just wondering.

Thanks in advance.
 
Great write-up! Thanks for clarifying things. Just a question out of curiousity.

I j/b'd my phone while on 4.2.6 and its still on 4.2.6. Why doesnt Cydia have 4.2.6 saved for me. It only shows 4.2.8 and 4.2.10 saved. Just wondering.

Thanks in advance.

4.2.8 is all you need anyway. If you didn't jailbreak your device until after 4.2.6 stopped being signed that could explain why you don't have 4.2.6
 
My question is, I am running an iphone 3gs on 4.3.3 I had no clue about saving blobs as I am new to jailbreaking. I tried to recently use ifaith to save my current shsh blob but ran into all kinds of problems. Ifaith gave me an error saying it was unable to recognize my ios and then left my iphone in recovery loop.

With a few hours of work and the tinyumbrella recovery loop fix, I got it up and running as if nothing had happened. I then used SHSHit to upload my current blob to cydia and email it to myself. I am unclear though whether this will do me any good as I don't know if I this blob (even though saved) will work if I need to restore because it was saved AFTER apple stopped signing it. Your post says that ifaith is the only one that can save your current one after its no longer being signed but SHSHit let me do this too but will it be valid if I try and use it? I am afraid to try ifaith again as I almost locked up my whole phone.

So will a blob saved from your current firmware be valid if it was saved from your device even after its no longer being signed, or does apple have to be currently signing at the time of saving it?
 
iSHSHit only saves firmware that is currently being signed just like TinyUmbrella. If you want your 4.3.3 SHSH then iFaith is the ONLY way to get it now.
 
I'm running the original 4.0 firmware (jailbroken) and I did save my SHSH blobs for 4.0 but Cydia is showing I have them saved for every firmware version in between 4.0 to 4.3.5, does that mean I can install 4.3.3 and re-jailbreak although 4.3.3 has never been installed on my phone and my SHSH blobs wasn't manually saved for that version?
 
I've Never Saved My Blobs Manually and Didn't Check if Cydia did it for me
i have j/b 4.3.1(i didn't jailbreak it myself and i don't even know what my original firmware was,but i'm guessing he didn't upgrade it)
i want to upgrade to ios 5 when an untethered is out
isn't it pointless for me to save blobs now as the ios 5 gives random blobs every time or something like that?
and does this mean if i update to ios5 i will be stuck with it forever and can never downgrade to ios4?
Thanks in advance and sorry for my awful grammar
 
Last edited:
i have iPhone 4 ( CDMA ) and am upgraded to iOS 5.0 and he was iOS 4.3.5 ...and after upgrading my basebaned changed from 04.10.01 to 04.11.08 ....so now i want to back again to my old version and baseband to activate Gevey with my phone ....so now can i downgraded it or no ??..am not understand yet about SHSh Blobs but i want to ask can i get and save it and downgrade to my old version iOS 4.3.5 or no ?? and if i downgraded it what about my baseband ??..it will back again to 04.10.01 or no ?? am never saved my blobs before ...or am never saved it before i upgrade my phone to iOS 5.0 ..so can i get it now and save it ??
 
Last edited:
Without SHSH you cannot downgrade, and downgrading your firmware will not downgrade your baseband, you will have to wait to see if Gevey develops a new SIM to or software to work with the new baseband.
 
Top