Inside iOS: Introduction to SHSH Blobs

‘Inside iOS’ is a feature that is focused on spreading knowledge of iOS. Whether it’s the most basic of functions (setting up multiple email addresses), or the more advanced (setting up a laptop-like workflow), ‘Inside iOS’ is there.

SHSH blobs are something that have become pretty important in the past months as jailbreaks start requiring them. One thing they haven’t become, though, is easier to use. They are still an enigma to many inexperienced and newer iOS jailbreakers. Fear not, brave souls; we have you covered!

The term “Monte” has been thrown around a lot with the latest beta of redsn0w, but the technical details of the Monte method are still foreign to most users. Essentially, Monte uses existing exploits found in older firmware by porting over a small bit of vulnerable code when pwning the device (hence the need for older IPSWs). This prevents new exploits from being burned, and according to MuscleNerd, “makes the entire “wait until next FW” concern moot”. Though, it has the necessary side effect of making the jailbreaking process somewhat more tedious, as users need to download legitimate versions of older firmware — which frequently requires an Apple Developer account.

@MuscleNerd

Think of Monte as a “green” jailbreak. It recycles (for example) 4.1′s exact JB exploit on 4.2.1 :) Waste no exploits.

SHSH blobs are a security mechanism created by Apple to stop iDevices from going back to older firmwares. This mechanism consists of multiple strings of random numbers and letters. They seem random to us, but Apple comes up with them through a mathematic formula. We, to this day, do not know the formula that is used.

When you restore your iDevice, iTunes will contact Apple’s servers to update its blobs. Your device (newer 3G[S] or later) will then check and make sure that the SHSH blobs are valid for the firmware it is restoring to. If it doesn’t match up, your restore will fail. If the blobs are correct, then it will continue the restore as normal.

Luckily for older 3GS devices and those that were released prior to that (iPhone 3G, iPod touch G2, etc.), this check isn’t in place. Instead, Apple uses pseudo-check in iTunes, which can be easily bypassed.

The SHSH blobs are released for a certain window. If you miss this window, then you are basically out of luck. The windows goes from the time the firmware is launched to about one or two weeks after the next firmware has been released. For example, if iOS 4.2.1 is released on November 22, and iOS 4.3 is released on February 3, you can expect Apple to sign and distribute the blobs for iOS 4.2.1 from November 22 to sometime two weeks or so after iOS 4.3 has been released.

So, why should you take the time to back up your blobs? Simple: as long as you have your blobs for a certain firmware, you can restore to that firmware. Why is this useful? If you want to be jailbroken, sometimes you have to downgrade the firmware. It also seems likely that future jailbreaks will require blobs to work, like the Monte jailbreak mentioned above. Note that blobs are iDevice specific, so you can’t take the blobs you have saved for an iPod touch G3 and expect them to work on an iPhone 4.


Saving your SHSH blobs is very simple.

  1. Download TinyUmbrella.
  2. Run/install the app.
  3. Select your iDevice in the left hand panel, and click “Save SHSH.”

That’s it; TinyUmbrella then contacts Apple’s server and gathers all applicable SHSH blobs.

All iOS users who intend to jailbreak in the immediate future should stay on iOS 4.1. This is currently the latest firmware that has a jailbreak out. You can’t save the blobs for iOS 4.1 or iOS 4.2b3 anymore, as Apple isn’t signing either firmware.

Now for the fun part: here’s how you can restore to a previous version of iOS.

  1. Open TinyUmbrella.
  2. Select “Start TSS Server.”
  3. Locate the firmware that you wish to downgrade to.
  4. Open iTunes, and connect your iDevice. Select your iPod, iPhone, or iPad in the left hand column.
  5. On Windows, hold the ‘Shift’ key, and click Restore.
  6. On Mac, hold the ‘Option’ key, and click Restore.
  7. Select the firmware that you wish to downgrade to, and watch the magic.

If everything was done correctly, your device should go through the restore process, and end up on a previous version of iOS. If an error occurs, there’s a good chance that your blobs weren’t saved, or that you skipped a step.

Trey Trawick contributed to this post.

Post a response / What do you think?