In the last days, FSMdotCOM offered a brief explanation of the problems regarding jailbreaking, iPhone firmware 3.1 and iPhone 3Gs. Apple and the iPhone evolved a lot in the past couple of years and they learned a couple of things when it comes to software protection against jailbreaking.
iPhone 3GS have to communicate with Apple’s servers before allowing the installation of any version of firmware (restore or update ) .With the release of Firmware 3.1, Apple’s server has stopped certifying all previous firmware and this makes it impossible to restore your terminal to version 3.0 or 3.0.1. The certification is done through 3 files called IBSS, IBEC and ECID that, once signed, are a kind of “green light” to install the firmware through iTunes.
FSM EXCLUSIVE DEAL IBSS and IBEC files are generated during a firmware restore in iTunes and placed into a temporary folder on your computer. You will have no problem on retrieving this files, but the missing piece of this puzzle is the ECID file that Apple doesent allow you to retrieve for FW 3.0.
However, in the last Cydia update, Saurik has made available a tool, that has enabled over 50,000 users to save the ECID file.. This certificate resides on a file server available on Cydia and will remain there forever, ensuring that these people can downgrade their iPhone 3Gs to version 3.0, at any time.
NOTE: this tutorial is aimed ONLY to iPhone 3Gs users that have saved their ECID file through Cydia. If you are not sure about saving your ECID file throught Cydia, than load Cydia and on the homepage check if you see this message: This iPhone 3G[S] has an ECID SHSH on file.
How To Downgrade iPhone 3Gs from Firmware 3.1 to 3.0
1. find a file called “hosts” that manages connections to the servers:
- MAC: click the Finder icon from the top menu and then select the “Go> Go to Folder.” This will open a small window in which you will write “/etc/”. Once you click Submit you open the folder and you will find the file “hosts” and then open it in TextEdit.
- Windows: go to C:\Windows\System32\drivers\etc\ and use a text editor to open the file “hosts”
2. At this point we connect the server address to the IP address that corresponds to Saurik’s server instead of Apple. This way we can trick iTunes anxious to check the firmware saved through Cydia. To do this just copy this string and add it to the end of the file “hosts” that we have just opened: 74.208.105.171 gs.apple.com
3. Now you can step into the real downgrade process of your iPhone 3Gs, but it will not be as easy as the previous times. First of all you need to put the iPhone in DFU then: Plug it into your computer and simultaneously press the Home key and the Power button for 10 seconds exactly, after issuing only the power button and continue to click on Home until iTunes will not recognized a new device in recovery mode.
4. Your iPhone should have a full black screen and NOT the screen with iTunes icon and the cable. Many people confuse it with the DFU recovery mode but they are two very different processes, so before you continue, make sure you have the screen all black.
5. Now click on the ALT key (MAC) / SHIFT (Windows) of the keyboard and the button “Restore” in iTunes, select the firmware 3.0 and wait.
NOTE1: It ‘important to restore to FW 3.0 rather than 3.0.1 for which Saurik does not have full support on its server.
NOTE2: During recovery you may experience various errors.
NOTE3: If you get ” unknown error (3002) ” error, you ddidn’t save your ECID on Saurik’s server and pretty much the downgrade cant take place. Luckily it was found an exploit in iPhone FW 3.1 and with a little bit of patience you might be able to perform the jailbreak directly on iPhone Firmware 3.1
NOTE4: If you will get this error: ” The iPhone “iPhone” could not be restored. An unknown error occured (1015) ” , accept it, and re-do the entire process. ( put the iPhone into DFU mode, select iPhone FW 3.0 and wait ). The process will fail again and iTunes will return the same message as before “The iPhone” iPhone “could not be restored. An unknown error occurred (1015). Do not panic because it’s completely normal.
To resolve this situation can proceed in two ways: The first relates to Mac users and is using iRecovery to reboot the device, it will re-ignite in normal mode, the second title is “universal” because it works on both Windows and Mac and is ignoring the ‘error, continuing to work normally. Therefore, there can only start and run a regular Redsn0w Jailbreak Firmware 3.0
You’re done. Now you are back on iPhone OS 3.0 and can jailbreak your iPhone. All you need to do is to wait for the iPhone Dev-Team to release their PwnageTool for iPhone 3.1.
NOTE: probably the most important one. Saurik writes a great article explaining how to downgrade or restore your 3.0. He also goes into a very interesting discussion (that I totally agree with) about how Apple is mistreating us as a community. It’s a must-read in my opinion even if you don’t have a 3gs. If you do have a 3gs, you want to read this to understand how you can be able to jailbreak forever at least your 3.0 version.
[thx Saurik, BigBoss, iSpazio]