Downgrade Your iPhone 3GS Using Sauriks Server
Thanks to Saurik for all of his hard work. Below is his explanation from saurik.com on how to downgrade your iPhone 3G S and also how to continue using his server for future Apple firmware updates.
Bypassing the Overlord
To this end, I have constructed a server that duplicates the functionality exposed by Apple’s signature server, except using “on file” results rather than live requests.
All we need, then, is to make iTunes use it. Luckily, most operating systems also have the ability to locally define bypasses on specific hostnames through a file called hosts. Using this, we can redirect requests to Apple’s signature server to Cydia.
So, open the file C:\Windows\System32\drivers\etc\hosts (Windows) or /etc/hosts (Mac OS X) and add the following entry to the bottom of the file.
74.208.105.171 gs.apple.com
Now, when iTunes thinks it is talking to Apple, it is talking to Cydia instead. Doing this will allow iTunes to access signatures already stored by Cydia’s “on file” feature.
This server will also act as a cache for any SHSH blobs it hasn’t seen, acting as an intermediary to Apple’s server. This effectively registers your device with the “on file” mechanism, which means you can now enjoy the protections of being able to downgrade your firmware in the future even if you aren’t jailbroken.
This point should be stressed: even if you don’t jailbreak, and even if you never intend to jailbreak, you should consider using the new “on file” service.
Let’s say that Apple releases an OS upgrade in the future, you take it, and they break something important. Maybe they break your e-mail account, or your todo list. Your business is now crippled.
If only you could downgrade, right? Alas, Apple won’t let you anymore. That’s where the new signature cache server comes in: by doing your restores through this server you secure your ability to not accept upgrades from Apple if the need is dire.
Performing the Restore
Now, one would have hoped that the process would be as easy as “restore using the 3.0 IPSW”. If only we were that lucky. The first problem is that a downgrade from 3.1 to 3.0 must be initiated in DFU mode.
So, we begin: hold down the lock and menu buttons (some call these the power and home buttons) for 10 seconds, letting go of the lock button but continuing to hold menu until iTunes recognizes the device with the message: “iTunes has detected an iPhone in recovery mode. You must restore this iPhone before it can be used with iTunes.”.
Note that, at this point, your iPhone’s screen should be entirely black. Many people confuse “DFU” with “recovery” (and in fact, iTunes itself glosses over this), but they are quite different. If you see anything on your screen, such as the iTunes logo and a sync cable, or a cartoon of Steve Jobs swearing in Cyrillic, you are in recovery mode and need to try again. One can find videos online that may help.
At this point, you should do a “normal” restore to the 3.0 software. When doing this, remember to hold down the option key (on Mac OS X) or the shift key (Windows) while clicking the Restore button in iTunes. Select the firmware (which is probably named iPhone2,1_3.0_7A341_Restore.ipsw), and things should be on their way.
Please note that I do not have signatures for 3.0.1, only for 3.0. For some very small number of users I also have a signature for 3.0.1, but I ran out of time hitting the Wednesday deadline getting the code for this working and generalized.
If you would like to try restoring to 3.0.1 with my server, therefore, to see if you have 3.0.1 keys on file you can try, but it may fail late in the process with a very weird error. All users “on file”, however, have 3.0 ready to go.
Note Saurik Also States:
Upcoming 3.1 Exploit
If you encouter “unknown error (3002)”, you probably do not have your ECID SHSH’s for 3.0 “on file” with Cydia. Unfortunately, as Apple is no longer allowing users to sign the 3.0 firmware, it is no longer possible to register your device with Cydia.
Luckily, it has been reported that iPhoneOS 3.1 is vulnerable to another exploit. This means that, once a jailbreak is released for 3.1, users be able to prepare themselves for future jailbreaks even if they missed the first round of signature storage (which I unfortunately was only able to start very late in the 3.0 game).
Once you even attempt to use this service (or if you tell Cydia to “make your life easier”) you will be signed up for the signature tracker, and Cydia HQ will do its best to manage your ability to restore.
And again, if you have any issues with this process, please please please do not e-mail me. Instead, go to ModMyi.com, where there is a special forum called 3G[S] Downgrading, created for the purposes of this article.
Tags: Apple, Cydia HQ, e mail account, file, G S, hosts mac, hosts windows, iphone, Mac OS, server, signature, Steve Jobs
September 15th, 2009 at 11:24 pm
Hi, i have an iphone 3GS and i had it jailbroken to 3.0.1 and the ultrasn0w source wouldnt add so i jailbroke it again and it messed up my phone and it wont turn on now. It is stuck on the apple screen on 3.0.1 firmware … I have to restore but i cant … i currently have not done anything to my iphone 3gs … i need to restore it to fix it so it will turn on but if i do then i cant jailbreak or unlock and im a tmobile user. SO i need to use the jailbreak and unlock features … PLEASE HELP! I AM VERY CONFUSED AND NEED ADVICE… any tips on how to fix it to turn on without upgrading/restoring… or do i need to wait on the 3.1 jailbreak and unlock … because if i use sauriks on file server i wont be able to unlock because when i upgrade through itunes my baseband will upgrade… PLEASE GIVE ME SOME ADVICE OR TIPS! THANKS SOO MUCH!
September 22nd, 2009 at 8:52 am
ballmer786 I can help you…
send me an email
September 26th, 2009 at 2:50 am
I have a similar issue, I jailbreak my iphone 3gs with redsn0w the version 3.0.1 of the firmware, everything looks normal, but after the reboot and the apple’s logo appears, my screen turned on but black, I cant restore because I couldn’t send my ECID on time or save my IBBS, can you help me? thanks in advance.