[Howto] Setup local 3GS restore verification server (ECID SHSH) - by iGuru

[Howto] Setup local 3GS restore verification server (ECID SHSH) - by iGuru

For anyone interested, i've just written a 710 word article about how the iTunes restore verification system works. You can access it via iGuru's Articles and you will need a PDF viewer to read it, until I get round to making a HTML version too.

---

First of all, let's get something straight.

It is not possible to downgrade/restore your iPhone 3GS to 3.0/3.0.1 unless you backed up your 3.0/3.0.1 ECID SHSH via Cydia.

So unless it says "This device has a 3.0 ECID SHSH on file." when you open Cydia (or 3.0.1) at the top of the web page above "Welcome to Cydia" you will only be able to back up your 3.1 ECID SHSH

The random blog/website article/whatever that you happened to find on Google will not work. Sure, it might have when Apple were still allowing you to restore to 3.0/3.0.1, but they are not any more. There is currently no known way around this. Sorry.

Background

Ok, no doubt you guys have heard that Saurik recently started collecting ECID SHSH's via Cydia.

All well and good, but what happens if it's down when you need to restore? That's where two tools by semaphore (known as xsemaphorex on this forum) come in. Combined you can not only get your ECID SHSH files, but setup a server on your computer that will allow iTunes to verify restores to previous versions.

The majority of people will use this to back up their ECID SHSH for 3.1, to be able to go back to it if they update to 3.1.2/3.2 when 3.1 restores stop getting signed by Apple.

However the lucky few that backed up their 3.0/3.0.1 SHSH using Cydia will be able to restore back to 3.0/3.0.1 - if you have, when you start Cydia it will say "This devices has a 3.0 ECID SHSH on file." (or 3.0.1 instead of 3.0) at the top of the Cydia webpage on start up.

Prerequisites:

Mac users will already have Java 1.5 or later on their system, and do not need to download anything extra.

Windows users will need to download and install Java Runtime Environment 5 or higher if you do not already have it installed on your system.

You can check this by: Start -> Run -> cmd.exe and then typing: java -version
If it is Java Version 1.5 or higher, you're good to go - if not, download and install Java from the link above.

Howto:

Ok, so first things first, you will need your iPhone 3GS ECID.
If you already have this, skip to Part 2.

Part 1 - Getting your ECID:

Put your iPhone 3GS into Recovery mode - switch it off, hold down the Home button, and plug the USB cable in. When it shows a picture of the iTunes logo and a USB cable, stop holding down home.

Windows:

1) Download USBView
2) Start USBView on your PC.
3) In “options”, check off ”config descriptors” (enable).
4) Hit F5 on your keyboard to refresh.
5) Scroll down until you see ”Apple Recovery (iBoot) USB drive”, and click on it.
6) Look for ECID in right navigation pane.
7) Copy the 16 digits that follow the ECID.

Mac:

1) Open System Profiler.app (In Applications -> Utilities)
2) Click USB and select the iPhone from the list, it will show the ECID there.

To get out of recovery mode, simply hold down Home + Power until your phone reboots.

Part 2 - Getting your ECID SHSH (Easy Way)

Windows Users: Make sure you have Java Runtime Environment 5 or higher installed.

1) Download Umbrella and extract to desktop, then download my Umbrella-GUI and again, extract to desktop.

2) Copy files Umbrella-GUI.jar to "fw-umbrella-semaphore" and the two files in Umbrella-GUI/lib to fw-umbrella-semaphore/lib.
Note: Umbrella-GUI.jar should now be in the same folder as umbrella.jar, and the 3 lib files should be in the lib folder making a total of 8 lib files there.

3) Simply double click Umbrella-GUI.jar, enter your ECID in the box, select version (see note below!) and click generate. A file called 00.shsh should appear in the folder.

Check your 00.shsh file is approx 64 KB, if it is not, it is not a valid ECID SHSH file.

Note: If you wish to get your 3.0/3.0.1 server your etc/hosts must point to Saurik's server and have your 3.0/3.0.1 ECID SHSH on file with Cydia.
If Cydia does not tell you that you have a 3.0/3.0.1 ECID SHSH on file, you will not be able to restore to 3.0/3.0.1 using this!

If you do have a 3.0/3.0.1 SHSH on file with Cydia, you can point to Saurik's server by doing this:

Windows:
1) Start -> Run -> C:\Windows\System32\drivers\etc
2) Right click "hosts" and click "Open" when the Open With box appears, select Notepad
3) Add this to a new line at the bottom: 74.208.105.171 gs.apple.com
4) Save the file

Mac:
1) Open Terminal.app (In Applications -> Utilities) and do: sudo nano /etc/hosts
2) Press the down arrow until you get to the bottom (empty) line
3) Type: 74.208.105.171 gs.apple.com
4) Press Ctrl + O, press enter, then Ctrl + X.

To verify you set it correctly:

Windows:

Open cmd.exe, and run ping gs.apple.com
It should respond:

Pinging gs.apple.com [74.208.105.171] with 32 bytes of data

Mac:

In terminal run ping gs.apple.com
It should respond:

Pinging gs.apple.com (74.208.105.171) with 56 bytes of data.

Getting your ECID SHSH ("Hard" Way)

Windows Users: Make sure you have Java Runtime Environment 5 or higher installed.

1) Download Umbrella Firmware & extract to desktop - this will create the folder "fw-umbrella-semaphore"

2) Start -> Run -> cmd.exe (Windows) Applications -> Utilities -> Terminal.app (Mac)

3) Type: cd Desktop/fw-umbrella-semaphore

Windows:

Run: umbrella.exe -e ecid -v version -c chipid
e.g. umbrella.exe -e 00000000AA00AA00 -v 3.1 -c 8920
Note: if you have 64bit Java installed, use umbrella64.exe instead!

Check your 00.shsh file is approx 64 KB, if it is not, it is not a valid ECID SHSH file.

Mac

Run: java -jar umbrella.jar -e ecid -v version -c chipid
e.g. java -jar umbrella.jar -e 00000000AA00AA00 -v 3.1 -c 8920

Check your 00.shsh file is approx 64 KB, if it is not, it is not a valid ECID SHSH file.

If you wish to attempt to retreive 3.0/3.0.1 SHSH blobs from Saruik's server, see the note from "Part 2 - Getting your ECID SHSH (Easy Way)" above.

Part 3 - Using TinyTTS to Restore

Windows:

1) Make sure 00.shsh is in the folder after running umbrella

2) Important! Disable any other servers using port 80 (usually webservers). TinyTTS needs to use it to create it's mini-webserver.

3) Run (double click) tinytss.exe (for if you have 32bit Java) or tinytss64.exe (for if you have 64bit Java)

Now you need to edit your etc/hosts again:

1) Start -> Run -> C:\Windows\System32\drivers\etc
2) Right click "hosts" and click "Open" when the Open With box appears, select Notepad
3) Comment out 74.208.105.171 gs.apple.com if it exists by putting a # in front so it looks like:
#74.208.105.171 gs.apple.com
4) Add this to a new line at the bottom: 127.0.0.1 gs.apple.com
5) Save the file

Open cmd.exe, and run ping gs.apple.com
It should respond:

Pinging gs.apple.com [127.0.0.1] with 32 bytes of data

If it does not say [127.0.0.1] you've not set hosts correctly, if it does, you can go ahead and restore to the version that matches your SHSH files using iTunes (See Part 4) :)

Mac:

1) Make sure 00.shsh is in the folder after running umbrella, then in Terminal.app type:
cd Desktop/fw-umbrella-semaphore

2) Important! Disable any other servers using port 80 (usually webservers). TinyTTS needs to use it to create it's mini-webserver.

3) Run: sudo java -jar tinytss.jar

Now you need to edit your etc/hosts again:

1) Open Terminal.app (In Applications -> Utilities) and do: sudo nano /etc/hosts
2) Comment out 74.208.105.171 gs.apple.com if it exists by pressing the down arrow until you get to it, then by putting a # in front so it looks like: #74.208.105.171 gs.apple.com
3) Press the down arrow until you get to the bottom (empty) line
4) Type: 127.0.0.1 gs.apple.com
5) Press Ctrl + O, press enter, then Ctrl + X.

In terminal run ping gs.apple.com
It should respond:

Pinging gs.apple.com (127.0.0.1) with 56 bytes of data.

If it does not say (127.0.0.1) you've not set hosts correctly, if it does, you can go ahead and restore to the version that matches your SHSH files using iTunes (See Part 4) :)

Part 4 - Using iTunes to downgrade

After checking the server is running, and gs.apple.com resolves to 127.0.0.1 as explained above, open iTunes 9
Note: 9.0.1 works fine, and I would recommend updating to 9.0.1 if you have not already.

1) Switch your iPhone off.
2) Hold down the home button and plug your iPhone up to the USB cable.
3) When iTunes opens and tells you your phone is in Recovery mode, hold down shift (Windows) option (Mac) then click Restore.
4) Now browse to the firmware you need to restore.
5) After selecting it, click Open.

If you are downloading from 3.1, you need to use this method to restore your phone twice.

The first time it should fail with "An unknown error occurred (1015)", basically, what has happened is that some of the NAND storage has been slightly reorganized in 3.1, and the 3.0 iBoot can no longer parse it.

Now, try again, this second restore is also going to fail with "An unknown error occurred (1015)", this is normal behaviour, don't worry. However, this second restore re-formats the NAND fixing the previous problem.

Note: If this does not work in recovery mode, try again, but using DFU mode instead.

Important (the last step) - Now, you need to re-jailbreak 3.0 and you're done:

If you are using an official carrier (Such as o2 in the UK, AT&T in the US, etc.) and have activated the firmware version you are restoring to previously you can use RedSn0w, as MuscleNerd kindly mentioned that if it has been officially activated before for that firmware version it will not hacktivate the phone.

However, if you are going to be using the official carrier and have not done so on that version before, you will need to use Purplera1n.

Anyone using unofficial carriers should use RedSn0w instead (though if you updated to 3.1, your baseband will have been updated and you will have lost the ability to use ultrasn0w to unlock).

That's all folks. Hope this clears up some of your questions!

Thanks so much to iGURU