SHSH blobs, or ECID SHSH, is a security mechanism from Apple to prevent hacking of Apple’s iPhone, iPod touch and iPad. Basically, SHSH blobs is digital signature signed on firmware which is unique for each iPhone, iPod touch and iPad. ECID (Exclusive Chip ID) is passed to Apple servers whenever user attempts to restore or upgrade the firmware (OS software) on any iDecives to generate signature. Without signature, iTunes simply will not proceed to restore.

The trick is that, once a new firmware is released, Apple stops signing the older version of firmware OS for activation, hence making it’s almost impossible to restore to earlier or older version of firmware from iTunes. So, essentially, backing up and saving the SHSH blobs is a safeguard against accidental upgrade to new version of firmware, and when there is a need to downgrade to older version of iPhone OS software. Most users who does not jailbreak or unlock the iPhone, iPad or iPod touch does not need to care much about SHSH hashes or blob files. But users who jailbreak or unlock is recommended to capture, save and backup the SHSH blobs in advance, just in case the exploit, vulnerability or loophole been patched by Apple, and required the device to be downgraded to earlier firmware to regain jailbreak and/or unlock functionality.

Note: Firmware OS software signature signing is only applied to iPhone 3Gs, 3rd generation iPod Touch (3G), iPad WiFi and iPad 3G+WiFi.

There are a number of ways to backup SHSH blobs, as listed below. Currently, the saving of SHSH hashes is only working on iDevices running on iPhone OS 3.1.3 or iPhone OS 3.2.

Method 1: iPhone/iPod/iPad Auto-SSH Grabber

  1. Download the AutoSHSH – 3.1.3/3.2 [RC2] by iH8snOw from http://ih8sn0w.com/index.php/welcome.snow (AutoSHSH-3.1.3+3.2–RC2.exe on top navigation bar).
  2. Run the AutoSHSH-3.1.3+3.2–RC2.exe.

    Note: Java is required.

  3. Let iPhone, iPad or iPod touch goes into recovery mode.

    Note that for iPad to enter recovery mode, the steps may be slightly different – Turn off the iPad and disconnect from cable or dock. Then hold down the HOME button, and connect to a computer with a cable or dock (other end must be connected to PC) while continue to hold the HOME button, until a Connect to iTunes screen is shown.

  4. Click on Grab my SHSH Blobs Automatically button.

    Auto SHSH

  5. Enter a name to save the SHSH file on local computer. A copy of SHSH blob will also be uploaded to Saurik – Cydia’s server for safe keeping.

Method 2: Fimmware Umbrella

Umbrella is a small application that sends the same requests to Apple’s TSS server (typically the ECID) that iTunes sends to Apple’s TSS server when iTunes is trying to verify the firmware restore. When it receives the response from Apple’s TSS server, it saves the response (if the response is positive) in a formatted file that can be used with TinyTSS. Users can select the Saurik – Cydia option in the “SHSH Repository” combo box for Umbrella to request the SHSH files through Cydia. This will have Cydia send the request to Apple (thereby saving the results in Cydia’s “on file” list) and return the results to end-users. Saving the SHSH blobs on Cydia allows users to request from Cydia older SHSH hashes for your ECID.

  1. Download the latest version of Firmware Umbrella http://thefirmwareumbrella.blogspot.com/ (under Quick Links), or directly download fw-umbrella-semaphore-223d.zip
  2. Unpack and extract the content ZIP file (such as fw-umbrella-semaphore-223d.zip) to a folder.
  3. Run the umbrella.exe as administrator (for Windows) or umbrella.dmg (for Mac OS X).

    Note: Java is required.

  4. Connect the iPhone, iPod touch or iPad to computer.
  5. Click on Save my SHSH button.

    Firmware Umbrella

  6. Enter a name to save the SHSH file on local computer. To save a copy of SHSH blob onto Saurik – Cydia’s server, tick the check box for Advanced Options, and select Cydia in the drop down list for Location.

    Firmware Umbrella Advanced Options

Note that from iPhone OS 4.0 and new iTunes release will have algorithm to read a new key in the SHSH responses, which will be verified by iTunes to determine if the SHSH can or should be used. The mechanism can potentially break and stop users from restoring the iDevices to unauthorized (earlier or older version) firmware OS versions, even with SHSH blobs backed up.

Related Posts