How To: Save Your iPhone's SHSH2 Blobs So You Can Downgrade iOS for Future Jailbreak Methods

Save Your iPhone's SHSH2 Blobs So You Can Downgrade iOS for Future Jailbreak Methods

When a new jailbreak method comes out, Apple is quick to patch the vulnerability it exploits by issuing a new iOS update. If you were to accept such an update, you'd no longer be able to jailbreak your iPad, iPhone, or iPod touch unless you could roll back your firmware to a version that could be jailbroken. But Apple even takes things a step further and stops signing older iOS firmware versions, which makes downgrading next to impossible. This is where your SHSH2 blobs come into play.

If you save your current SHSH2 blobs, you'll always be able to roll back your firmware to the iOS version your phone is currently running — even if Apple stops signing it. This means that if a jailbreak method for your current iOS version is made available after you've updated to a future iOS version, you'll be able to do a custom restore with iTunes to downgrade your firmware to the version that works with the jailbreak method. In short, it's sort of like future-proofing jailbreak.

Saving your SHSH2 blobs used to be a complicated process, but that has thankfully changed. You can now preserve your current iOS firmware in just a few easy steps, which makes it easy to restore your device if you ever make a mistake during a jailbreak attempt. It also simplifies the process of downgrading to a lower version in the event that a jailbreak method is released after you've updated.

Requirements

  • Mac or Windows PC with iTunes installed
  • Lightning USB Cable

Understanding SHSH2 Blobs

In a nutshell, SHSH and SHSH2 blobs refer to digital signatures that Apple employs to make specific IPSW files, better known as iOS software, for each of the device they make. This method ensures that only trusted software is installed on their iPads, iPhones, and iPod touches.

Whenever a new iOS software is released, Apple stops signing the signatures on previous versions, thus giving users no choice but to update to the latest iOS version. So using saved SHSH2 blobs to restore using a custom firmware is akin to forging a signature on iTunes in order for it to verify the older software and allow for its installation into your device.

Step 1: Connect to Your Computer & Open iTunes

To get started, connect your iPad, iPhone, or iPod touch to your computer with your Lighting cable, then open iTunes if it didn't pop up automatically. Make sure you're on the device's information page, then look for the Settings section located on the left-hand side and select "Summary."

Step 2: Find Your ECID & Model Identifier

In order to save your device's SHSH2 blobs, you'll need to find its ECID and Model Identifier numbers. To do so, simply click on the serial number located right under "Capacity" in your device's general information tab within iTunes.

Each time you click on the serial number, it will show a different device identifier number, so keep clicking until this menu shows your device's ECID. Once you've found it, copy the ECID number into your clipboard as you'll need it later on.

After you've sorted your ECID out, you'll need to find your device's Model Identifier. Simply follow the same steps you did when finding the ECID by clicking on the serial number in iTunes until it shows up. You don't have to copy the info, though you'll need to remember it later on and make sure it matches up with the selections you make later on.

Step 3: Convert Your ECID into Hexadecimal

The tool we'll be using to extract the SHSH2 blobs works best when your ECID is a hexadecimal value. So if your ECID only contains numbers rather than a combination of letters and numbers, you'll need to convert it to hexadecimal before you proceed.

To do that, simply head to this link, then paste in your ECID into the Decimal Value field, then click "Convert." From there, copy the number in the Hexidecimal Value field and save it somewhere safe, because this is the number you'll be entering into the SHSH2 extraction tool next.

Step 4: Input ECID & Model Identifier

Now that you have both the ECID and Model Identifier on hand, you're almost ready to save your SHSH2 blobs. To do that, we'll be using an open-source utility created by Redditor 1Conan, so head to the following link to access it:

From there, paste your ECID into the box under the same name, then select your specific device type and Model Identifier from the two drop-down menus provided under "Identifier." Finally, be sure to check off the CAPTCHA box to prove you're not a robot, then click "Submit."

Step 5: Save Your SHSH2 Blobs

At this point, the site will automatically save your SHSH2 blobs, so give it a few minutes to do its job. Once it's finished, you'll be greeted with a link that lets you download the SHSH2 blobs, so go ahead and click it to do so. We'd also recommend bookmarking this link since you can use it to download your files again if you ever lose them in the future.

In the event that you forget your link, however, you can always go back to the site and re-enter your ECID in the "Lost your link?" box, then click "Submit" to retrieve your SHSH2 download link again.

With your SHSH2 blobs now saved, you'll be prepared if and when that long-awaited jailbreak for the latest iOS version finally arrives. Once it comes to downgrade, you can use these SHSH2 blobs with the FutureRestore/Prometheus tool to get the iOS version you want back on your device. As always, though, feel free to leave your comments down below to share your ideas or any tips concerning this topic.

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Cover image and screenshots by Amboy Manalo/Gadget Hacks

6 Comments

"If you save your current SHSH2 blobs, you'll always be able to roll back your firmware to the iOS version your phone is currently running"

Ehmmm, no man, only if you actually got the jailbrake to set up the SSH from generator from shsh2 file.

Not really, you can use 3uTools to install previous versions if you have the shsh file and your able to download shsh with that tool I believe. I downgraded from iOS 12.1.2 to 12.1.1 without any data loss or problems and I did not have a jailbreak.

My ECID has letters on it how to convert it to Hexadecimal? please help.

If your ECID already has letters then it is a hexadecimal number already and doesn't require conversion.

That tool is not that open-source. For me open source means sharing it all along with the quintessential parts of the program, which in this case means the methods that write the contents of the blob files. You only know that it sends a request to a PHP file which then does the real thing but that source file is not shared: it is closed-source.

When it says that shsh2 blobs will be saved in .https...... and I click on the link it comes up as 404 not found . How long should it take to save to that link?

Share Your Thoughts

  • Hot
  • Latest