iPhone 3GS iOS 5.1.1 Upgrade without Jailbreak?

Discussion in 'Jailbreaks and iOS Hacks' started by Joz3d, Jan 12, 2014.

  1. Joz3d macrumors member

    Joined:
    Jul 19, 2008
    #1
    Hello,

    I have received an iPhone 3GS that is running iOS 5.0.1. I'd like to upgrade it to iOS 5.1.1 (because I wanna see what iOS 5 was really about before going to 6). Is there a way for me to do this without jailbreaking?

    I have the official 5.1.1 ipsw, but iTunes won't authenticate the shift+restore upgrade. If I run TinyUmbrella TSS server, it will pass but then error 1600, and if I run TSS server + iReb to enter PWNED DFU, I still get error 1600.

    Is there any way to get around this and install 5.1.1 on this 3GS without actually jailbreaking, only using the official firmware? Thanks in advance for any help.

    Model: MC125LL
    iOS: 5.0.1 (9A405)
    Carrier: AT&T 11.0
    Modem Firmware: 05.16.05
     
  2. inselstudent macrumors 6502a

    Joined:
    Jul 27, 2012
    #2
    There is no way to get an earlier version than the latest (6.1.4 or something) at this point. But, IMO, iOS 6 was better than 5 in every way, more refined, smoother, more features. You won't miss a thing when you skip 5.1.1 (and there's no way around that).

    Just update to iOS 6 (and jailbreak). :)
     
  3. dhlizard macrumors G4

    dhlizard

    Joined:
    Mar 16, 2009
    Location:
    The Jailbreak Community
    #3
    Without the 5.1.1 SHSH having been previously saved for that phone, you cannot restore to that firmware.
     
  4. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #4
    Thank you very much for the answers.

    So, if I have 5.0.1 on there right now, could I then save the SHSH, and put 4.x on there? Then later come back to 5.0.1? Or would I also need the SHSH for 4.x?

    I remember on iPhone 3G just being able to swap iOS via DFU without any SHSH concern. Did the SHSH thing start with later iOS's or later iPhone models?
     
  5. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #5
    yes, you need SHSH blobs to go down to 4.x

    if you currently don't have 5.0.1, you can make them by dumping them using ifaith (this only works for iphone 4 and under; ifaith is windows only). remember to keep a local copy of it

    SHSH blobs were introduced starting with iOS 4.x (3.x to be more precise, I believe)
     
  6. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #6
    Interesting, thanks. Yes, I'm currently on 5.0.1, so I can save those SHSH blobs. I don't have them for 4.x, but what about the timeline on this page though. Am I understanding correctly, based on that page, that Apple is allowing 3GS installs of iOS 4.1?
     
  7. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #7
    oh yes, i had forgotton about that. apple is allowing 4.1 installs on the 3GS

    before you downgrade to 4.1, make sure to dump your 5.0.1 blobs (it'll come with a .ifaith extension if you're using ifaith; i have never done one using redsn0w so no idea how that goes)
     
  8. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #8
    That is interesting. I'm very curious as to why they are allowing that? ...and then that specific version and not a more final iOS 4 version?

    So, if I save those 5.0.1 blobs, I'll be fine for going back to 5.0.1, right? I understand that I'd save them with iFaith or redsn0w (TinyUmbrella?). What would the procedure be to re-install 5.0.1? Specifically, how do I insert those blobs back into the procedure after I have the 5.0.1 ipsw? TinyUmbrella TSS server, or do iFaith/redsn0w have a procedure for it?
     
  9. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #9
    no one knows why they decided to allow that version for the 3GS and the ipod touch 2nd gen

    dump the 5.0.1 blobs using iFaith!

    you can use iFaith, sn0wbreeze, or redsn0w to stitch the blobs back into the ipsw. put the device into PWNED DFU mode and make sure itunes is 11.0.5 or under

    then shift + shift click restore with that custom ipsw
     
  10. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #10
    Excellent! It worked. I used mostly iFaith for everything, except iREB to get out of recovery loop after going down to 4.1. I tested it and am able to jump between iOS 4.1 (mysteriously still signed) and 5.0.1 (my shsh blobs). Then I should be able to upgrade it to 6 (last 3GS iOS supported).

    This really helped me accomplish my goal. I've been on iOS 3.1.3 on an iPhone 3G for a very long time and wanted to experience the incremental progression of iOS. I'll spend a few weeks on each iOS (4/5/6) and then hopefully get a newer iPhone to become current on iOS 7. Your assistance darricksailo really helped me out and I am grateful to you! Thanks! Can I buy you a coffee or beer or something? :) And thanks also to the other initial respondents.
     
  11. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #11
    just so you're aware, you can get blobs for 4.1 and 6.1.3 (you don't have to dump them with ifaith since they're being signed)

    and glad everything worked out fine
     
  12. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #12
    Thanks for the info, yes I noticed that in TinyUmbrella.

    Hey, I found out that this 3GS I have has the Old Bootrom. Any advantage of having that for my situation? The second sentence here seems to convey that I don't even need Apple signatures? Could I then install any version of iOS 4 I'd like? Or iOS 5? It does say "however, newer versions of iOS require them" (shsh blobs), but which versions are "newer versions"? If you or anybody can clarify what's going on with this I'd appreciate it!
     
  13. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #13
    Advantages of old bootrom mean an untethered jailbreak for all versions

    I guess newer versions are iOS 4.x and up
     
  14. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #14
    Actually, after doing more research and experimentation, you can indeed install any iOS version on an old bootrom 3GS without shsh blobs, utilizing the 24Kpwn exploit.

    It must, however, be a custom IPSW created in redsn0w or sn0wbreeze, which patches the OS to not upgrade the baseband, but must also do some other patching related to iTunes signing? (I didn't have luck with sn0wbreeze, but did with redsn0w - I did NOT do the jailbreak)

    Here's what worked for me on my old bootrom 3GS (I loaded iOS 4.3.3):

    1. Create a custom IPSW from the stock IPSW using redsn0w.
    2. Boot into DFU mode.
    3. Enter PWNED DFU.
    4. Shift+Restore custom IPSW.
     
  15. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #15
    hmm, that's interesting. iOS 4.x restores do require SHSH blobs but their process of restore is different than iOS 5+

    you don't have to stitch the blobs into the 4.x ipsw; all you need to do is point your hosts file to cydia's server and if cydia has your 4.3.3 blobs, then the restore will go through (it doesn't even have to be a custom ipsw)
     
  16. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #16
    No, you don't stitch the blobs into the 4.3 IPSW (cause I don't have them). This is not specific to 4.x, it's the same story for 5.x and 6.x on the old bootrom 3GS. When you do the custom IPSW it patches the IPSW in some way to (I think) bypass signature checks - that's what I'm trying to find out (what the custom IPSW patches out of the official IPSW, because this does not work by simply pwn dfu-ing, editing hosts file, and restoring stock). The phone itself, however, is exploited to bypass shsh requirements through the 24Kpwn exploit. Matter of fact, after installing the custom 4.3.3 IPSW, I tried to download the blobs from it to see what would happen, and iFaith detects and explains that the phone is patched with 24Kpwn and therefor there are no blobs.

    Here's the redsn0w message when creating the custom IPSW. Note the last line, which explains the different shsh blob requirement between the new and old bootrom 3GS.

    [​IMG]
     
  17. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #17
    yes, you don't stitch blobs into a 4.x ipsw because the SHSH lookup is via cydia's server

    it's not; the only difference between old bootrom and new bootrom 3GS is just whether it's untethered vs tethered. SHSH blobs are still needed, notice that the message says "If you have a newer mode, the IPSW will still require SHSH blobs

    the thing is that with 4.x restores, you can have the SHSH blob stitched in the ipsw or at cydia's server. that's not the case with 5.x+ restores because of the addition of APTickets

    what the custom ipsw function in redsn0w does is make it so that your baseband doesn't get patched. if you're on a higher baseband than the version you want to downgrade to has, then it will throw an error and not allow you to complete the restore


    hmm, that's interesting to find out. All 3GS devices should still require SHSH blobs. can you show the iFaith window?
     
  18. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #18
    For this restore, I don't know that it contacted cydia's server at all, because I didn't modify my hosts file for that, unless redsn0w does it while it's running and then changes it back when it's done, because currently it's not modified (after I did the restore). The last entry I have in there is a commented out localhost re-point from gs.apple.com.

    When looking up 24Kpwn 3GS downgrading I found multiple sources stating that you don't need the SHSH blobs if you have the old bootrom (1, 2, 3, etc), and as far as I can tell, I proved this in my downgrade. The only mystery being why IPSW customization is needed (other than the baseband rejection you mentioned which makes sense), with one of those sources saying it needs to patch out the shsh requirement in the software via 24Kpwn. I'm just trying to figure out if that's what it does in addition to taking out the baseband.

    I plan to do the same procedure to install 5.1.1 in a couple weeks, for which I already am running the appropriate baseband as this phone doesn't seem to have ever gone up past 5.0.1. At that point I could try to restore without customizing... but I think that's the only way to really apply the 24Kpwn...?

    [​IMG]
     
  19. darricksailo macrumors 601

    darricksailo

    Joined:
    Dec 18, 2012
    #19
    hmm, that's very interesting! when you do update to 5.1.1, please let me know as I'm interested in what the results will be since iOS 5.x+ blobs include the addition of the APTicket
     
  20. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #20
    I've done it!

    Stock 5.1.1 IPSW -> redsn0w custom IPSW -> DFU -> Pwned DFU -> iTunes Shift+Restore custom IPSW -> Done!

    Works! :)
     
  21. TheRainKing macrumors 6502a

    TheRainKing

    Joined:
    Jun 11, 2012
    #21
    Wow! I had no idea you could do that. :eek:

    I use to have a 3GS old bootrom and I wanted to downgrade from iOS 6 to iOS 5 but I kept getting told it was impossible without shsh blobs. :(
     
  22. Joz3d thread starter macrumors member

    Joined:
    Jul 19, 2008
    #22
    Yeah, seems to be some confusion out there about this.

    Now the next thing I'm wondering about is upgrading to iOS 6 (in a month). I can obviously just legitimately upgrade to 6 since that's the last one the 3GS supports... but I'm wondering if I should instead do a custom IPSW for that one in order to not upgrade the baseband version? Would it matter if I let the official path upgrade the baseband? It currently has 05.16.05 on it, and looks like iOS 6 will upgrade it to 05.16.08. Would that in any way affect re-installing old iOS versions?

    Conversely, would not upgrading the baseband and installing custom iOS 6 cause any sort of trouble in iOS 6 with using an older baseband?
     

Share This Page