Blob-o-riffic

Today marks the public release of iOS6! For those devices capable of running 6.0, the 5.1.1 SHSH blob signing window will soon close, so it’s very important that you backup your 5.1.1 blobs now while you still can. We advise you do it for every device you have (see tutorial sites like iClarified if you don’t know the process).

A few months back we released a redsn0w feature that lets you downgrade A5+ devices from 5.1.1 to anything lower (if you had saved blobs). Unfortunately once the 5.1.1 window closes, redsn0w’s 5.x downgrade feature will no longer work. Most A5+ users will not be able to downgrade. So if you’re an A5+ owner up at 6.0 when the 5.1.1 window closes, you’ll be stuck there without a jailbreak for now.

We’re happy to report there are some serious deficiences in the 5.x restore process that are permanently exploitable. They’ll never be fixable by Apple because they’re all self-contained in the 5.x IPSWs. Here’s the breakdown:

A4 devices and 3GS will always be downgradable (and jailbreakable) with saved blobs due to limera1n. The tethered iOS6 jailbreak for those devices (and untethered for old-bootrom 3GS) will be out when Cydia and other important pieces are all working properly. iPad2 owners who have both 4.x blobs and 5.x blobs will always be able to downgrade to those versions, even once you come up to 6.0 and the 5.1.1 window closes (don’t do that yet though!). You need both 4.x and 5.x blobs to qualify for the 5.x downgrade even though you only wish to downgrade to 5.x (you need only your 4.x blobs to downgrade to 4.x) iPad3, i4S (and iPad2 owners who don’t satisfy #2) will always be able to RE-restore the current 5.x OS that’s already on their device. So if you’re at 5.1.1 when the window closes (and you’ve saved your blobs), you’ll always be able to RE-restore to 5.1.1 again. This makes the 5.1.1 jailbreak a lot less fragile – you don’t have to worry about messing up your install with funky extensions or getting into a boot loop, because you can always RE-restore from 5.1.1 to 5.1.1 again (or from 5.0.1 to 5.0.1 again, etc). But once you fall off the 5.x train by restoring to 6.x, you’ll be stuck there until the next jailbreak.

Please be aware that RE-restores and iPad2 downgraded devices will always end up with the latest baseband (not the one that came with that firmware). So don’t go near any of this if your unlock depends on the baseband version.

All of these features will be released shortly in a new version of redsn0w. In the meantime please be sure you have your 5.1.1 blobs and stay at 5.1.1. Happy iOS6 day!

Update #1: For a refresher on why saved blobs are not as powerful as they used to be, please see our Blob Monster post (the scenarios described above are possible only due to mistakes made by Apple, but those mistakes are being cleaned up with each new firmware).