FAQ on Jailbreaking/Unlocking/Upgrading/Downgrading for iDevices

[inVictus]

Rules for this thread:
1. Please read this first post before throwing your questions!!!

2. If you have any concerns regarding a certain jailbreak tool, please post it in its respective threads:

• [Only registered and activated users can see links. ]
• [Only registered and activated users can see links. ]
• [Only registered and activated users can see links. ]
• [Only registered and activated users can see links. ]

I. Basic FAQ/TERMS:

1. What's a jailbreak?

• Jailbreaking your device means installing a small program that removes restrictions in the default software. A jailbroken device can run apps and extensions (themes and tweaks) not approved by Apple. Jailbreaking does not slow down your device or use extra battery, and you can still use all your existing apps and buy new ones from the App Store. Jailbreaking simply enables you to do more with your device, nothing is taken away.

2. Tethered Jailbreak

• This type of jailbreak requires that you plug your iPhone/iPod into your computer and run the jailbreak each time you need to reboot the iDevice. This could be from a reboot after installing certain apps in Cydia, or from letting the battery die. It will often come boot back on with the iTunes logo showing on screen. You must connect your iDevice to your computer, close iTunes if it opens (and if on a windows system, it is a good idea to open the Task Manager - ctrl+alt+Del and go to the processes tab, look for and end task on iTunesHelper.exe - there will be some other apple functions running, but ONLY End Task on that one). Then run your jailbreak again (it will not "rejailbreak" it per say, you will not lose any information or cydia apps)
• Tethered means being basically "attached" to your computer in a way; you must boot your device by running code on it (via the dock connector) to make use of an exploit.

3. Untethered Jailbreak

• An untethered jailbreak is a type of jailbreak where your device does not require you to reboot with a connection to an external device capable of executing commands on the device.

4. Is Jailbreak reversible?

• Yes! If you ever decide that you want to undo your jailbreak, connect your device to your computer, sync to make a full backup, press Restore in iTunes to wipe the device, and load your backup when prompted. All your App Store apps and the information in them will be preserved as usual.

5. Can I "Brick" my device by Jailbreaking?

• The short answer is, no. While it is theoretically possible to brick your device by flashing an invalid baseband bootloader or purposefully erasing your NOR, those are extremely advanced actions that will not be undertaken by the vast majority of users, especially by accident. It is IMPOSSIBLE to brick your device simply by jailbreaking it, since DFU mode and recovery mode will always be available to recover from a bad flash or a serious iOS error.

6. Why Jailbreak?

• Access to "Jailbroken App Store" (Cydia)
  
  • Able to install apps which are offered on Cydia and aren't available on the iTunes App Store
  
  
• Execute scripts and commands (for advanced users)
• Winterboard; Enhanced ability to custom your iphone screen (Tweak the visual aspects of the iPhone's OS)

7. What is Unlocking?

• Some iPhone units come as a "Locked" unit, means it is "Locked" to a particular network/carrier. If you wish to use your iPhone with another carrier, you need to unlock.
• Unlocking lets you place calls with any GSM carrier by inserting different Subscriber Identity Modules (SIMs) into the phone. Normally these SIMs from unapproved carriers won't work. When your iPhone is unlocked, just buy a local GSM-compatible SIM, place it in your phone, and make your calls. You'll be able to use your iPhone around the globe without paying exorbitant roaming fees.
• You need to Jailbreak your iPhone first before you can "Unlock" your iPhone.

8. Baseband

• The baseband is a subsystem on the iPhone which manages all functions which require an antenna, like phone line communications etc. Modifying this subsystem is how unlocks are achieved. The baseband is separated from the OS and has it’s own processor and it’s own firmware. It’s firmware is called the baseband firmware. Baseband versions look like this: 4.01.13_G (1.1.1) 4.03.13_G (1.1.3). An iTunes restore will not modify the baseband of your iPhone unless your baseband is erased or downgraded prior to the restore.

9. What is an SHSH?

• SHSH or SHSH blobs are a security mechanism created by Apple to stop iDevices from going back to older firmwares. This mechanism consisted of multiple strings of random numbers and letters. They seem random to us, but Apple comes up with them through a technique. We, to this day, do not know the technique that is used.
• When your device restores, it will phone home to Apple's servers to take the SHSH blobs off their servers. Your device (newer 3G[S] or later) will then check and make sure that the SHSH blobs are valid for the firmware it is restoring to. If it doesn't match up, your restore will fail. If the blobs are correct, then it will continue the restore as normal.
• Older devices (older 3G[S] or earlier) do not have this check in the device, instead, Apple created a pseudo-check in iTunes. This can easily be bypassed. We'll talk about bypassing later on.

10. DFU Mode

• DFU Mode is a special mode in which the iPhone can still interact with iTunes, yet it does not load the iPhone OS or iBoot. The iPhone's screen appear lifeless when in DFU mode, making it impossible to tell by looking at it whether the iPhone is in DFU or powered off. PwnageTool exploits a vulnerability when the iPhone is in DFU to flash custom firmware to the iPhone. As iBoot and the OS are not yet loaded, downgrading the firmware version if possible.
  
  • To enter DFU mode:
  • Plug iDevice into computer (first) and then turn it off. If you need iTunes open to detect it (for a restore) open it now. If you do not need it open (for jailbreaking) Make sure it is closed before putting into DFU mode
  • Hold down the power button for 3 seconds - it will begin to power on
  • Without releasing Power, press and hold the Home button. Keep both held in for 10 seconds
  • Release ONLY the Power button. Keep Home held in for up to 30 seconds. Usually @ 20 seconds it will enter DFU mode.
  
  
• If properly in DFU Mode, the screen will be blank (as noted above) and if iTunes is open, it will give a message saying it detected an iPod/iPhone in "Recovery" mode. (it says Recovery in recovery mode or DFU mode).

11. Recovery/Restore Mode

• Recovery Mode is a state of iBoot that is used during standard upgrades and restores. As iBoot is active, it does not allow you to downgrade your device’s software. Unless it is ‘pwned,’ it will not allow custom firmware to be flashed.

II. Saving SHSH:

Please take note of these:

• Cydia stores your SHSH on its remote server. It also has a mechanism for requesting the SHSH for new firmwares you are on when they come out, it means it is saved remotely without your intervention. This is a safe and effective way to save the SHSH of a jailbroken device.
• If you are not jailbroken and want to save your SHSH, your only real choice is to use TinyUmbrella which does not require you to be jailbroken.
• Grabbing SHSH for your currently using firmware must be done while it is being signed by apple. If you missed it, then you can use iFaith
• SHSH playback won't work for iOS 5.0+. This means that restoring iOS 5 will not work the way it did with iOS 4 and below.
• Note that you should still be able to use your SHSH for any iOS 3 or iOS 4 version without any problems.
  

A. Steps in using TinyUmbrella to save SHSH:
1. Please download the latest TinyUmbrella [Only registered and activated users can see links. ].
2. Connect your device and run TinyUmbrella.
3. Click on your device on the left and then click "Save SHSH":

] 4. Your SHSH are saved on Cydia's server (if you have the option on the advance tab "Request SHSH From Cydia" turned ON) and locally on your PC/MAC, since I am using Win7, mine is located here: C:\Users\inVictus™\.shsh

B. Steps in using iFaith to save SHSH:

Some info on iFaith:
iFaith allows you to dump SHSH blobs directly on to your physical iDevice. Now the difference between other SHSH saving programs like TinyUmbrella is that iFaith allows you to save SHSH blobs for a specific firmware you are running even if Apple is not currently signing that firmware. In most cases, using iFaith is also a more reliable way to downgrade your iDevice.

iFaith 1.3.2 Supports For
iPhone 4
iPhone 3G
iPhone 3GS
iPod touch 4
iPod touch 3G
iPad iG
Apple TV 2
iPod Touch 2G (MC Model User Recommended)

Steps:

1. Please download the latest iFaith 1.3.2 [Only registered and activated users can see links. ].
2. Connect your device and run iFaith then click "Dump SHSH Blobs"

] ] 3. Put your device in DFU mode using iFaith, press start and follow the instruction on iFaith window:

] Once your iDevice is in DFU Mode just sit back and wait for the process to finish. The Process will automatically start on you iDevice.

] It will take some time to process. It takes about 2-4 Minutes for the whole process to complete.
Once it is done with the Kernel step, it will ask you to the location where you want to save the SHSH File.
Just save it some where safe.
Once done, it will popup with a message saying:

] 4. That’s it and in the end you will get a small file saved. The extension btw is ".ifaith"

C. CHECKING FOR SHSH

• After following Section II-A, view the "LOG" tab. It will tell you if you have SHSHs and if you *don't*
• If you're unsure how to read the log, feel free to ask its pretty straightforward though.

III. Upgrading iOS while Preserving Unlockable Baseband (1.59.00 and 5.13.04 or Below)

DOWNLOADS:

• [Only registered and activated users can see links. ] or [Only registered and activated users can see links. ]
• [Only registered and activated users can see links. ]
• [Only registered and activated users can see links. ]
• [Only registered and activated users can see links. ]

STEPS:

• First things first, open TinyUmbrella and select "Save SHSHs." View the log, if it says you have the SHSH that you want to upgrade to saved on Cydia's server, you're golden. If not, don't bother following these instructions.
• Now open Sn0wbreeze (or pwnagetool), select expert mode, select the stock iOS ipsw, and build your custom firmware. Be sure not to select the baseband upgrade option.
• If you have an official SIM to activate with, make sure in General to UNCHECK the box to activate. If you don't have the SIM, CHECK the box to activate.
• After building your custom iOS firmware, you will open iTunes. If it was open before you did the TinyUmbrella step, close it and open it again.
• Now open Redsn0w, select stock iOS to continue, and select ONLY the DFU mode option. Don't try to select the baseband upgrade or Cydia. Follow on-screen instructions to set phone into pwned dfu mode.
• Hold shift and click restore (hold option for Mac) and select your CUSTOM iOS. Don't accidentally select the stock iOS or you'll upgrade the baseband.
• When iTunes finishes restoring, you should have access to your springboard if you chose to activate. If you have a SIM and chose to not activate, open iTunes and activate with your SIM now.
• Proceed to open Cydia and install Ultrasn0w to unlock.

IV. Downgrading/Upgrading to ANY FIRMWARE that you HAVE SHSH

NOTES:
**iPhone 3G owners, you don't need SHSHs to downgrade to 3.1.x, but you will need them for any iOS 4 versions. If you want to downgrade from iOS 4 to 3.1.x, follow the next set of instructions after this**
**If you don't have any SHSHs, you can't do this, you'll just get error 3194.**

If you don't know if you have SHSHs or you don't know how to check, please check Section II-C.
If you don't have SHSHs saved, you can stop here.

A. STEPS FOR DOWNGRADING WITHOUT PRESERVING THE BASEBAND

• Connect your device, open TinyUmbrella, your TSS Server should be running. Open iTunes.
• Shift (option on Mac) + restore to stock firmware of your choice that you have SHSHs for.
• iTunes will restore. You will get error 1015 or 1013.
• To bypass this error on 4.2.1, use Greenpois0n to exit recovery OR use TinyUmbrella's Fix Recovery option. I prefer to use Greenpois0n but that's just me.
• To bypass the error on 4.1 or below, use TinyUmbrella's Exit Recovery (not fix recovery) option.
• Jailbreak as normal. If you don't know which tool to jailbreak for which firmware version, feel free to ask. Just don't forget to specify which iPhone you have.

B. STEPS FOR DOWNGRADING AND PRESERVING BASEBAND (OR FOR THOSE WITH THE 6.15.00 BB)

• Create a custom firmware for the fw version you're wanting to restore to, that you have SHSHs for. You can create custom firmwares with Sn0wbreeze or PwnageTool. Please review the first set of instructions (Section III-A) to get an idea of how you want to create your custom firmware. In PwnageTool, you don't want to include the iPad baseband when you create the custom firmware.
• Open TinyUmbrella and start the TSS Server (if you haven't already).
• Open iTunes. If this was open before you opened TU, close it and open it again.
• Now open Redsn0w, select stock fw to continue, and select ONLY the DFU mode option. Don't try to select the baseband upgrade or Cydia. Follow on-screen instructions to set phone into pwned dfu mode.
• Shift (option on mac) + restore to the custom firmware once successfully in pwned DFU mode.
• You should *not* get any errors. If you do, start from step 1 and do it all over again.
• Once the restore is complete you should have access to your springboard if you hacktivated (activate option in sn0wbreeze/pwnagetool). You'll be on emergency call screen without hacktivation, just use your SIM to activate in iTunes then.

C. iPhone 3G USERS, HERE'S HOW TO DOWNGRADE TO 3.1.x

• This is very easy. Go download a stock 3.1.x firmware. Get TinyUmbrella while you're at it.
• Open iTunes, hold shift (option on Mac) and click restore. Select your 3.1.x firmware.
• iTunes will restore. If you get error 1015, open TU.
• Select exit recovery (not fix recovery) in TU.
• Jailbreak as normal.

**YOU COULD ALSO USE A CUSTOM FIRMWARE IF YOU LIKE.**

Addendum:
You can also use this method upgrading to a certain firmware. Just make sure you have the SHSH for that firmware. I used this method upgrading from 4.3.2 to 4.3.3 whe the latest iOS is 4.3.5.