The Private Dev Team has developed a new utility ‘Bluefreeze’ that lets you downgrade (tethered) to any iOS firmware without having SHSH blobs. This tool essentially modifies iH8sn0w’s iFaith SHSH bundles. You can easily downgrade iOS 5.0.1 to iOS 5.0, 4.3.5, 4.3, 4.2.1, and 4.1 without SHSH blobs saved via TinyUmbrella or iFaith.
Note: Some of them claim that kernel downgrade is not possible without SHSH blobs. But since Bluefreeze is enlisted in The iPhone Wiki portal, the tools seems to be legitimate. Those who are unaware, theiphonewiki is maintained by top jailbreak developers and is the only source to learn about jailbreak exploits in deep.
iFaith has a protection built-in which doesn’t allow it to run on the wrong firmware files. But Bluefreeze tool modifies the firmware version (and firmware checksum) in the iFaith certificate file, disabling this built-in check. By doing so, any firmware version can then be installed on iOS device, even without having saved the SHSH files. Precisely, you actually install a firmware without signatures.
Bluefreeze asks you to build and browse to two IPSW’s one signed properly and one not signed. Then Bluefreeze swaps the properly signed img3 files in the properly signed firmware file with the incorrectly signed img3 files in the unsigned ipsw thus resulting in an ipsw file with properly signed img3 files. This firmware file is used for the downgrade.
Obviously, if you try installing incorrectly signed firmware, your iPhone will not boot. But since the limera1n exploit doesn’t account for incorrect signatures we can use the exploit (DFU mode, then using redsn0w) to boot up iPhone. The only downside is that you have to repeat this every time (similar to a tethered jailbreak), so it’s not a downgrade you would want. This should be your last resort, and only if you absolutely need a downgrade.
iOS devices that are supported are: iPhone 4 (CDMA / GSM), iPhone 3GS, iPod Touch 3G, iPod Touch 4, Apple TV 2G, iPad 1G. Both A5 chip driven devices like iPhone 4S and iPad 2 are not supported for some unknown reasons.
Bluefreeze 2.2 Change Log
- Bypasses error at Rebuilding ramdisk on 32bit computers (it’s a try catch, an error will still pop up but now we will know what’s causing the error, If you would like to avoid the error all together just go to options, Skip ramdisk)
- Added another Device: iPod Touch 2G (MC + MB model)
- Added firmwares: iOS 4.2.1 and 4.1
- Added custom firmware selection (allows user to manually select a firmware to downgrade to, only for advanced users, not all firmwares work)
Disclaimer: We at Cydia Blog should not be held responsible if you mess up your device in any way shape or form. We haven’t tested Bluefreeze on any of our idevice yet but we request you to please share the results with us in benefit of the jailbreak community as a whole.