What’s old is new again!
Jailbreakers with devices that pre-date the iPad2 will always be able to downgrade (with SHSH blobs) to previous firmware versions due to geohot’s limera1n exploit, which allows us to bypass the restrictions that Apple places on restores. But until now, that ability has been limited to those older devices (if you have an older device and don’t know how to do that, check the popular tutorial sites or ask in the comments below).
Starting with redsn0w version 0.9.11b1, those with newer devices (iPad2, iPad3, and iPhone4S) can join the downgrade fun too! In a radical departure from previous versions of redsn0w, it now directly supports restoring IPSWs to your device. The first use of this new feature implements a hack that allows A5 downgrades without a bootrom-level exploit.
Some important points:
- The new feature is at Extras->Even More->Restore
- You cannot downgrade without the personalized SHSH blobs for your device at that lower firmware. You need to have fetched those blobs while the signing window was open, using either Cydia’s built-in TSS@Home feature, or with TinyUmbrella. The new Restore screen of redsn0w lets you choose either the remote blobs or local ones (for the earlier firmware). If you don’t know where TinyUmbrella put your blobs, TinyUmbrella has a button that will show you (copy them out of that folder and feed them to redsn0w).
- The A5 downgrade method actually updates to the latest firmware before downgrading to the earlier one. This process updates your baseband to whatever is newest. DO NOT USE THIS METHOD IF YOU RELY ON UNOFFICIAL UNLOCKS of your iPhone4S. Those who used the temporary SAM technique to unlock their iPhones to specific SIMs shouldn’t be affected by this baseband update.
- This method can be fixed by Apple with a firmware update. It’s a (pleasant) mystery why they haven’t fixed it yet, because reverse-engineering of the restore ramdisk indicates they do know about it. It’s possibly too niche to bother to fix right now.
- The least-tested devices with this method are the iPad2,3 and iPad3,2 (because we don’t have those models). If you do and you feel like experimenting, please let us know how it turns out in the comment section below!
- This update involves a bunch of new redsn0w code. We recommend sticking to the previous version 0.9.10b8b unless you’re specifically using this new feature, until all the bugs are worked out! (Note: If redsn0w gets stuck at the “Waiting for device” stage for more than 30 seconds, you’ve hit a pesky GUI bug…that will be fixed in an upcoming version!)
Of course all eyes are on @pod2g for his upcoming 5.1 untethered jailbreak. Watch his blog or twitter feed for the latest updates about that, but in the meantime if you accidentally updated your jailbroken A5 device to something later than 5.0.1, feel free to try this new A5 firmware downgrade feature of redsn0w!
Update #1: We accidentally left out one of the two flavors (“9A406”) of 5.0.1 for iPhone4S. It’ll be in the next update, but in the meantime check if Cydia or TU saved your blobs for the other 5.0.1 for iPhone4S (“9A405”). Version 0.9.11b2 adds support for that second “9A406” flavor of 5.0.1 for the iPhone4S.
Update #2: Version 0.9.11b3 should fix the spurious “Restore failed” messages people were sometimes getting, and it behaves better with nearby devices that have wifi syncing enabled!
Update #3: Version 0.9.11b4 completes the tethered JB support for 5.1.1 on A4 devices and earlier, including proper “Stitching” and “Custom” creation of NO_BB IPSWs.
Here are the redns0w download links:
- redsn0w 0.9.11b4 for OS X
- redsn0w 0.9.11b4 for Windows (be sure to run in Administrator mode)