Downgrade iOS 4.0.2 to iOS 4.0.1 without SHSH Blobs

If you are already stuck on iOS 4.0.2 without having saved SHSH Blobs in Cydia and still want to jailbreak (say, your iPhone 3GS), then don’t you worry. A user named CodeBlue has discovered a method that will downgrade iOS 4.0.2 iPhone to iOS 4.0.1, jailbreak, patch the safari exploit with PDF Fix. Just follow the simple steps listed below:

How to Downgrade iPhone 3GS iOS 4.0.2 to iOS 4.0.1 without SHSH Blobs

Step 1: Download 4.0.1 ipsw

Step 2: Extract it with winrar or winzip to a folder on the desktop. You may need to rename the firmware file from .ipsw to .zip to do this.

Step 3: Open the buildmanifest.plist with the notepad. Search and replace all – 8A306 with 8A400. Save. Repeat the same with the file restore.plist

Step 4: Download 4.0.2 ipsw and open this with winrar or winzip.

Step 5: Take all the files from the 4.0.1 and drag them over to the 4.0.2 zip archive that you have open.

Step 6: Delete all the dmg files that have 002 at the end, leaving only the 001 files left.

Step 7: Save the archive. And rename it back to .ipsw if you changed the name to get winrar/winzip to open it.

Step 8: Optional: (this helps ensure you get an SHSH file request for the future, but should not be necessary to just restore 4.0.1). Add the 74.208.10.249 gs.apple.com line to the host file (you may follow our previous post on how to do this).

Step 9: Put the device into DFU mode, open iTunes and restore the firmware you changed. Wait for a while and it will restore your iPhone to iOS 4.0.1

Note: this only works due to the similarities in 4.0.2 to 4.0.1 and 4.0. This will not be a way to downgrade to 3.1.x and may not work in future firmware updates.

Voila! The downgrade from iOS 4.0.2 to iPhone iOS 4.0.1 is successfully completed. You can now jailbreak your iPhone 3GS with jailbreakMe and carrier unlock with ultrasn0w easily.

The methods works! CodeBlue himself tested it on his iPhone 3GS and iPod Touch 3G MC.

iPhone 3GS (32 gig) WHITE running 4.0.2:

I managed to downgrade a fresh iPhone 3GS running 4.0.2 back down to 4.0. How you may ask? honestly, I do not know. Apple, as we all know, stopped signing the 4.0 firmwares which forced you to update your firmware to a higher version. We all know the infamous SHSH or Blobs. Cydia managed to make “your life easier” and backup your blobs along the way through your jailbreaking life. And TinyUmbrella, helps you store your blobs locally or remotely request to store or to receive your blobs.

Story is, I used TinyUmbrella (umbrella-4.01.01) and downgraded WITH NO LOCALLY STORED BLOBS ON MY COMPUTER AND NO BLOBS ON CYDIA FOR THIS DEVICE. And somehow, I managed to get back down to 4.0. Using iTunes Shift and Restore feature.

I have had another beta tester to test his iPhone 3GS with new bootrom and his iPhone was never jailbroken before and he was running 4.0.2. I gave him my steps and at first attempt failed, yet he tried once more and it was successful. He successfully jailbroke his phone also.

iPod Touch 3G MC (32 gig) running 3.1.3:

I was curious and tried my method again for this ipod touch. now this one is my best proof of all in my honest opinion. This iPod never had been jailbroken before nor has it ever seen 4.0. THIS IPOD WAS FRESH. I knew that if I wanted 4.0 firmware, Apple won’t allow me because they stopped signing this, instead they will force me to 4.0.2. So I tried my method again, and first attempt failed again. So i closed iTunes, disconnected iPod Touch, turned off TSS server and rebooted the TSS server and brought up iTunes with my iPod once again plugged in.

Tried my method, and guess what…. it worked….. I avoided the signing rejection from Apple and I’m at 4.0 and jailbroken.

That being said, I want to remind you again that my desktop computer never touched an iPod or iPhone before meaning TinyUmbrella is completely new to this computer and I have no Blobs/SHSH stored on this computer or anywhere else such as Cydia AT ALL.

While downgrading iOS 4.0.2 to iOS 4.0.1 firmware you might stuck with error 1015 in iTunes. To fix or troubleshoot error you may try the following guides:

You might also Like to check out more on iOS 4.x, 3.1.3 Jailbreak and baseband unlock:

Via – pwnmyi

[Update: 1] Why the method is not working for All?

There is much discussion on many blogs about a potential means of downgrading iOS 4.0.2 to 4.0.1 by simply changing a couple values in the buildmanifest.plist and copying all of the images from 4.0.1 into 4.0.2 and then deleting the files ending with 002. Following all of this, perform a DFU restore and somehow you will be on 4.0.1.

There is a perfectly logical explanation for all of this and I will lay out exactly what is happening and explain why it is working for the folks that are the lucky ones.

Let me get this out first.

This is not a miracle, at least not in the sense you all hope for

SHSHs are STILL required for any iPhone 4, iPhone 3GS, iPad, iPod Touch 3G, and iPod Touch 2G (MC Model)

There is NO way around this… unfortunately this method included.

Let me start by explaining something very important. The buildmanifest is used by iTunes to build much of the TSS request that is used to obtain your SHSH for any given firmware revision. Unfortunately, the BuildNumber has no part to play in the request for SHSH. All that you ended up doing in following these directions is request 4.0.1 SHSH blobs.THAT IS ALL. Since every single one of you that got this to work changed your hosts file to point to Cydia, Cydia responded to the TSS request with an SHSH blob that wasALREADY ”on-file”. There was no magic. There was no miracle, apart from the lucky break that your device had been put on Cydia’s SHSH request list at some time in the distant past.

That’s it in a nutshell folks. There was no amazing technique for bypassing Apple’s TSS. There was no amazing exploit that exists in DFU mode allowing for 4.0.2 -> 4.0.1 downgrading. It’s simple; Cydia had your SHSH because at sometime in the past either:

Someone saved your SHSH with that device using TinyUmbrella and the default options

Someone restored that device with Cydia in the hosts pointing to gs.apple.com

Someone jailbroke the device and pressed ‘Make my life easier’

That’s it folks. Sorry to be a buzzkill but there was much confusion about this issue and many blog posts that simply didn’t give the full story of what exactly were going on.

Thanks - notcon

Follow our previous guides on how to downgrade iOS firmware.

Tagged as: iOS 4.0.1, iOS 4.0.2, iPhone Jailbreak

James

is it possible for 4.1 to 4.0.1
Qur3an

With new iPhone 4 .. i tried .. and after extracting the file .. and while seeing this message at the status bar on top of iTunes (Verifying iPhone restore with Apple ) .. i got a message:

(The iPhone “iPhone” could not be restored. This device isn’t eligible for the requested build)

Why is that so???
Qur3an

Me 2 .. It didn’t work with my Iphone 4 .. It keeps telling me that It coudn’t restore the version !!
Shaoxy

No it didn’t work for my 3Gs.
http://twitter.com/paenguin paenguin

how were you able to do it? i’ve done this a million times, still gives me 3194 error. i have itunes 9.2 installed. can you share the firmware?
Dirty

My winrar and winzip wont let copy files into the already existing archive..My CPU freezes every freeking time….Where can I get the custome ipsw thats already been manipulated
Dirtyascanb

My winrar and winzip wont let copy files into the already existing archive..My CPU freezes every freeking time….Where can I get the custome ipsw thats already been manipulated
Dianne0623

can you please help me . email me at dianne0623@gmail.com please.
Dianne0623

can you please tell me how you did this or please contact me email me at dianne0623@gmail.com idk why it doesnt work it say its not able to work.
Dis1

brilliant, thanks much
Neo-46

it work, it work really, haaaaaaa
llthebeatll

I’m using a mac. I can’t get itunes to let me pick the custom ipsw file. I seem to be stuck on the whole step 9 process.
Seductivetouch

got an iphone gs 32gb worked perfect cheers
Judez

Doesn’t work. It says firmware file not compatible when it’s time to restore. :(
Gaurav

It is not working for all as one point is missed on main items. You need to go to system32/drivers/etc and use the option 8 which is add 74.208.10.249 gs.apple.com .

IF you dont add then it will give you error 3194..

Gaurav
Karok59

Any post a link for patch file….pls!!!
Zero

try this its work ipod touch 3g 8gb
http://twitter.com/usbhero Sharad

Tried 3-4 times – did not work. What am I doing wrong. I have 16GB White 3GS (if this matters). Please help who have successful done it. Thanks
noone

Worked for me. Thanks. I read on another site that you can just download 4.0.1 file and just rename it to 4.0.2. Has anyone tried just to rename?
1. Right click on file 4.0.2 (iPhone2,1_4.0.2_8A400_Restore.ipsw)
2. Click rename to 4.0.1 (iPhone2,1_4.0.1_8A306_Restore.ipsw)
3. then go to iTunes and restore.
Good luck folks!!!
Noone

Just rename the file *.zip to *.ipsw.

1. Right click on file and choose rename,
2. then change the extension,
3. then save.

But if you don’t see the extensions, you can change that in folder options.
Noone

Just rename the file *.zip to *.ipsw.

1. Right click on file and choose rename,
2. then change the extension,
3. then save.

But if you don’t see the extensions, you can change that in folder options.
Ansibomb

This worked for 4.0.2 > 4.0 on a Ipod touch 3g.
jon

it worked for me on 3gs
Jikocpa

can you tell me how to make itunes use my new copy of the software instead of downloading a new copy?
Nil_prep

Okay exactly how do I change the extension from zip to ipsw because it won’t let me switch the two so it can become firmware
Cynako

error 11, how to ? :’(
azn808

I’ve tried countless times and still isnt working for me so….oh well I guess… Maybe will get help from someone to do this for me and hoping it will work then….. Thanks for all the help tho
azn808

didn’t work on mine? :(
azn808

i have 3gs 32 gig and have the same problem
azn808

an error message pops up “firmware file is not compatible”.
azn808

i have iphone 3gs 32gig and still not working for me….. :(
Karisora

I got it to work on 3gs 16gb new boot rom!! The first time it failed giving me an error 1601 when I got to the preparing to restore screen. I tried it again and everything went perfect! Make sure you use the edit to the host file with 74.208.10.249 gs.apple.com
atom999

worked on my 3gs 16bg
atom999

..(changing the ‘host’ file AND restarting itunes to take effect!…)
Chickenhawk84

Yes!… it just worked for me. Step 8 was MANDATORY for me…it didn’t work without changing that ‘hosts’ file. Big thankz to 74.208.10.249 for hosting the zombie server.
=)
iPhone Lover

Whoa! flawlessly worked for my 3gs
Karisora

hey, you got it to work? how?
Jsizzle30

i have a 3gs 16 gb its nt working i get the 3194 error any seggestions
Jsizzle30

now im where these guys below me are lol
Jsizzle30

i got everything merged but i cant find it in itunes to open it when i shift click……??????????????????????
S Joli T

I think so. I tried both ways, with Firmware folder from 4.0.1 and then leaving the original from 4.0.2 untouched. Didn’t work either way on brand new iPhone 4.
S Joli T

I meant in (2) iTunes says the device is not eligible.
S Joli T

No, not working on iPhone 4.

Either:

(1) it’s the firmware issue (it says it will restore to “4.0.1″, shouldn’t it say 4.0.2? maybe my fault but I didn’t leave any 8A306, I’m sure), or

(2) the issue of it not being signed somehow (running Umbrella TSS server I get iTunes error 3002, changing the /etc/hosts file to point to the Cydia server I get iTunes error “device not authorized”).
Jonko21

This doesnt work for the iphone 4 :(
frank

I only get the 3194 error all the time. Have tried this 4-5 times. Have a iPhone 3gs 16gb.
Spencer

nevermind i got it to work finally and it is restoring back to 4.0.1
thanks for the help
Spencer

I tried that but all it did was start to download the restore without bringing up an explorer window
frank

hold left “alt” button (mac) or “Shift” button (Windows) from the keyboard and click on “Restore” then release the alt button. You will be promoted by a window to select the firmware.
Joni Malkki

hold left “alt” button (Mac) or “Shift” button (Windows) from the keyboard and click on “Restore” then release the alt button. You will be promoted by a window to select the firmware.
Spencer

i modified the file but i dont know how to restore my iphone with it? help!
Pr3t3r

it should work
Jchopra11

I am still getting the 3514 error from apple.
I copied and pasted all my files from the 4.01 folder to the 4.02. I also updated the playlist files and put the entry in my hosts file.

This is a iphon3gs 16gb anything i may have missed?

Thanks
Beavisman_2000

can someone just upload the patched file?
Bossofgc

didn’t work on my iphone 4 either, tried several times
Kjkl

do you copy over the “firmware” folder too?
Kjkl

do you copy over the “firmware” folder too?
Aron

even did not worked on my iphone4 :(
Paul23

worked on my iPhone 3gs 32 gb
Suli_man

does it work on 3gs
Sam

are u sure it doesnt work on iphone 4 :(
azn808

Im trying one more time…..
Wae

How about iphone4 ?
PaulinRed

Whoa! I did it! Thanks for your help..
chondrus

thanx ^^ got it!!
Daneshgahi

Does it work on iPhone 4?
chondrus

trying.. 2nd time
Ronny Vel

tried on iphone 4, no luck with this method… will have to wait till 4.1 is released i guess

How to Downgrade iPhone 3GS iOS 4.0.2 to iOS 4.0.1 without SHSH Blobs

Related posts: