How to Downgrade iPhone 3GS OS 3.1 to 3.0 With Cydia SHSH

As promised earlier, Saurik made iPhone 3GS Downgrade/Restore to 3.0 possible. Today Saurik posted on his blog in a more detail about this hack, for Saurik post click here. The hack is useful for only those peoples who submitted their SHSH to Cydia Server before the release of OS 3.1 via Cydia’s “make my life easier” button. According to Saurik “over 50,000 3G[S] devices got their ECID SHSHs “on file”, and are now prepared to continue to restore to iPhone OS 3.0 indefinitely.” The process is very simple all you have to do is to add Saurik’s Server address to your system hosts file. This trick make iTunes thinks it is talking to Apple, it is talking to Cydia instead while the restoring process. Doing this will allow iTunes to access signatures already stored by Cydia’s “on file” feature. In simple words this duplicates the functionality exposed by Apple’s signature server, except using “on file” results rather than live requests.

If you aren’t aware of ECID, Cydia SHSH then read the following to understand what ECID is and why you need to dump your Signature files.

_____________________________________________________________________________________

ECID : This is a unique chip ID and will be different for every iPhone. When iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It’s important you get these signatures for your phone before a new version of the software comes out.

Why i need ECID SHSH Dump : Apple added a new piece of security called ECID, The nature of the 3GS hardware allows Apple to stop IPSWs from being usable unless you’ve already gotten the signed chunks they send to you based on your ECID (a unique chip ID). Actually Apple applies ECID so the iPhone will refuse to accept the ipsw file while downgrading because of a bad signature. It will treat it as a custom ipsw without having the apple server sign the ipsw specifically for your phone id before flashing.

_____________________________________________________________________________________

Note:

1. This process is only for those who saved their SHSH to Cydia Server already.
2. Don’t use this procedure for 3.0.1, because Saurik Server do not have signatures for 3.0.1
3. Read the process and Saurik post two-three times before starting the process.
4. If you upgraded to 3.1 then wait for Pwnage tool for Jailbreaking 3.1, though your baseband is updated so chances of Soft Unlocking or UltraSn0wing your phone again are very less.

_____________________________________________________________________________________

How to Edit and Save Hosts file in Windows

* Open Notepad with Administrative privileges by clicking Start, All Programs,Accessories, and then right-click Notepad and select to open as Administrator.

22

* Now that Notepad is open with Administrative privileges browse to (C:WindowsSystem32driversetc) in Notepad and open the hosts file, and add the following entry to the bottom of the file.

74.208.105.171 gs.apple.com

Host in Notepad

Now you navigate to files menu and save the hosts file. By doing this you changed the communication server, and then we will ensure that iTunes checks the firmware
on the server rather than opens Saurik to Apple! Because your ECID is on that server, the verification will fail and restore the previous version will be done without too many problems!

_____________________________________________________________________________________

How to Edit and Save Hosts file in Mac OS X

* Navigate to /etc and look for hosts file, right click on hosts file and open with Text Edit, and add the following entry to the bottom of the file.

74.208.105.171 gs.apple.com

Picture 1

* Now save the file and click on Save As.Picture 2
* Because Text Editor can’t save your system files, here comes the tricky part, in save as windows use the following settings. Or take a close look at the following image.

1. In Where locate to Desktop
2. Uncheck the “ If no extension is provide, use .txt “ and then press the save button.

Picture 3

* A host file will be appear on your Desktop, just drag and drop to /etc and follow the onscreen instructions.Picture 4
* Press the Replace and enter your PasswordPicture 5

By doing this you changed the communication server, and then we will ensure that iTunes checks the firmware on the server rather than opens Saurik to Apple! Because your ECID is on that server, the verification will fail and restore the previous version will be done without too many problems!

____________________________________________________________________________________

Now you can do your Normal Restore to 3.0 (with Recovery Mode) and Downgrading from 3.1 to 3.0 (with DFU Mode) as usual. For more details on Recovery Mode and DFU Mode read our previous article here.

____________________________________________________________________________________

To Downgrade iPhone 3GS from 3.1 to 3.0 :

Step 1: Put your iPhone in DFU mode with following instructions.

* Connect your iPhone to your computer.
* Turn iPhone off.
* Hold power and home together for 10 seconds (exactly).
* Release power but keep holding home until the computers beeps (observed on a PC) as a USB device is recognized.
* A few seconds later iTunes should detect your iPhone.
* If the Restore Logo is present on the screen, you are in Recovery Mode, not DFU.

Step 2: Once your iPhone is in DFU mode following message will be appeared in iTunes. Click on “OK” , Now hold Option key while clicking Restore in iTunes and browse the OS 3.0 firmware for your iPhone 3GS. Now the restore process will take 10 – 15 minutes.

If you get error message like 1011, 1013, 1015, just ignore them(Actually the firmware 3.0 is already successfully installed). For error (1015) “Instead, we should accept the message and run a new restore exactly as you have just done. In short will: Re-Put the iPhone into DFU, re-select the Firmware 3.0, and wait. The process will fail again and iTunes will return the same message as before “The iPhone” iPhone “could not be restored. An unknown error occurred (1015). Do not panic because it’s completely normal. To resolve this situation can proceed as, Simply launch RedSn0w and do the Jailbreaking Unlocking process again.

But if you encountered with error message like 1601, 1602, 1600 or anything else then try putting the iPhone into DFU mode and try again.