- 誰かがそのデバイスをTinyUmbrellaのデフォルトオプションで、SHSHをセーブしていた
- 誰かがそのデバイスをCydiaサーバ経由で、gs.apple.comを通して(4.0.1世代以前に)復元してた
- 誰かがそのデバイスをjailbreakしていて、’Make my life easier’を押していた
There is a perfectly logical explanation for all of this and I will lay out exactly what is happening and explain why it is working for the folks that are the lucky ones.
Let me get this out first.
- This is not a miracle, at least not in the sense you all hope for
- SHSHs are STILL required for any iPhone 4, iPhone 3GS, iPad, iPod Touch 3G, and iPod Touch 2G (MC Model)
- There is NO way around this… unfortunately this method included.
Let me start by explaining something very important. The buildmanifest is used by iTunes to build much of the TSS request that is used to obtain your SHSH for any given firmware revision. Unfortunately, the BuildNumber has no part to play in the request for SHSH. All that you ended up doing in following these directions is request 4.0.1 SHSH blobs.THAT IS ALL. Since every single one of you that got this to work changed your hosts file to point to Cydia, Cydia responded to the TSS request with an SHSH blob that was ALREADY “on-file”. There was no magic. There was no miracle, apart from the lucky break that your device had been put on Cydia’s SHSH request list at some time in the distant past.
That’s it in a nutshell folks. There was no amazing technique for bypassing Apple’s TSS. There was no amazing exploit that exists in DFU mode allowing for 4.0.2 -> 4.0.1 downgrading. It’s simple; Cydia had your SHSH because at sometime in the past either:
- Someone saved your SHSH with that device using TinyUmbrella and the default options
- Someone restored that device with Cydia in the hosts pointing to gs.apple.com
- Someone jailbroke the device and pressed ‘Make my life easier’
That’s it folks. Sorry to be a buzzkill but there was much confusion about this issue and many blog posts that simply didn’t give the full story of what exactly was going on.