http://www.saurik.com/id/15
Saurik mentioned how to do this in his article but it was not super clear. This is how I interpreted the fix. It seems like it could work but I don't know if that soft dfu mode will prove to be an obstacle with this method.
This only works for the iPhone 3GS, 4, and iPod Touch 4th gen and you need to have the "useless" shsh blob for the iOS firmware.
I will be using iOS 6.1.2 as an example
1. download the invalid 6.1.2 blob from cydia using either TinyUmbrella or iFaith.
2. download the 6.1.2 ipsw firmware for your respective device and stitch the shsh blob to it using redsn0w or sn0wbreeze (iFaith won't allow you to create the custom firmware with invalid blobs)
3. put your device into pwned dfu mode
4. restore your device using that custom firmware and upon reboot (I believe), you'll be stuck in a soft dfu mode and you can just use redsn0w's "just boot" to boot out of it
5. once you are loaded into the springboard, run iFaith or redsn0w and choose "dump shsh blobs" (for iFaith) and "extras->shsh blobs->fetch" (for redsn0w
6. it'll ask you to put your device into dfu mode and it'll do its thing to create a "useful" blob for you
7. after it is done creating, it should ask you to save to a location on your computer
8. using that 6.1.2 blob created by redsn0w or ifaith, stitch it into a clean 6.1.2 ipsw firmware and put into pwned dfu mode and restore with that custom firmware
9. if all this goes smoothly, you should have your iPhone 3GS/4, iTouch 4th gen at iOS 6.1.2 without being stuck in soft dfu mode upon reboot
Alternatively, you can use this method to get proper blobs from the invalid blobs assuming this method does work
Saurik mentioned how to do this in his article but it was not super clear. This is how I interpreted the fix. It seems like it could work but I don't know if that soft dfu mode will prove to be an obstacle with this method.
This only works for the iPhone 3GS, 4, and iPod Touch 4th gen and you need to have the "useless" shsh blob for the iOS firmware.
I will be using iOS 6.1.2 as an example
1. download the invalid 6.1.2 blob from cydia using either TinyUmbrella or iFaith.
2. download the 6.1.2 ipsw firmware for your respective device and stitch the shsh blob to it using redsn0w or sn0wbreeze (iFaith won't allow you to create the custom firmware with invalid blobs)
3. put your device into pwned dfu mode
4. restore your device using that custom firmware and upon reboot (I believe), you'll be stuck in a soft dfu mode and you can just use redsn0w's "just boot" to boot out of it
5. once you are loaded into the springboard, run iFaith or redsn0w and choose "dump shsh blobs" (for iFaith) and "extras->shsh blobs->fetch" (for redsn0w
6. it'll ask you to put your device into dfu mode and it'll do its thing to create a "useful" blob for you
7. after it is done creating, it should ask you to save to a location on your computer
saurik said:Note: I have been told by MuscleNerd that there is a minor issue in the current version of redsn0w that will cause blobs retrieved from the device to not be uploaded to Cydia's servers. He had intended to get a new version out by the time he had to leave for HITBSecConf2013 (an international security conference at which evad3rs is giving a presentation about evasi0n), but schedules did not permit this. I had then hoped that this new version of redsn0w could be released before this article, but due to the longer delay I have decided that this information needed to be released sooner.
Using the currently released version of redsn0w will still (as far as I understand) copy the active TSS data from your device and store them locally on your computer. It is then my understanding that redsn0w will be able to upload this information at a later time from your computer. Alternatively, there is a program called iFaith, developed by iH8sn0w, that can be used to immediately upload your TSS information; however, this program is only available for Windows (so users of OS X will definitely have to wait until the new version of redsn0w is available).
8. using that 6.1.2 blob created by redsn0w or ifaith, stitch it into a clean 6.1.2 ipsw firmware and put into pwned dfu mode and restore with that custom firmware
9. if all this goes smoothly, you should have your iPhone 3GS/4, iTouch 4th gen at iOS 6.1.2 without being stuck in soft dfu mode upon reboot
Alternatively, you can use this method to get proper blobs from the invalid blobs assuming this method does work
Last edited: