What is an ECID SHSH, and why do I need it?

Updated: July 7, 2011

First I'll give you some background, then I'll show you how to use both the TinyUmbrella progam, and Cydia to preserve your ability to restore firmware or downgrade firmware.

Beginning with the iPhone 3G S, a special designator called the ECID (Exclusive Chip Identification number) was incorporated into every iPhone manufactured. Apple did this as a method to thwart jailbreaking and unlocking attempts. There certainly may have been other reasons for the inclusion of this unique number.

With the introduction of iOS 4.0 firmware, Apple has also included the iPhone 3G in this plan. While the iPhone 3G doesn't have an ECID, Apple must still approve restoring to iOS 4.x firmware when requested.

This is how the ECID comes into play: When you want to restore your iPhone you connect it to the iTunes program with the USB sync cable, you click the restore button and a restore request is sent to Apple (along with your ECID). The Apple server then determines whether or not the firmware you are requesting to restore to is the current firmware available. If it is, then Apple's server takes the ECID and sends back a digital signature approving the restore to iTunes, and the restore process begins. This signature is called the SHSH (an abbreviation for Signature HaSH) and is also referred to as a blob (as a blob of data is received from Apple). If your request is to restore to firmware that is not current, Apple denies the request by not sending a digital signature back to iTunes, and the restore process comes to a halt with an error. Fortunately (for now at least), this process is static and the digital signature does not change over time (for each unique firmware version). Because of this weakness, there is a simple way around obtaining this signature forever. Note: Beginning with iOS 5.0 firmware this will all change.

Saurik, the creator of Cydia, wrote at great length about this process and he created a method of using Cydia to get around this. In order to have Cydia, you must already be jailbroken. Fortunately there is another way of obtaining the signature without being jailbroken. I will cover both methods.

Saurik's article is about how he has set up Cydia to grab the SHSH for everyone's iPhones. This ensures you can restore to the firmware version that you want indefinitely. All you have to do to make this work is edit a file called hosts on your computer and reroute Apple's server address (gs.apple.com) to Cydia's address (74.208.10.249). There has been some talk from the creator of TinyUmbrella that Cydia may not continue act as a proxy or automatically save your SHSH for upcoming firmware. I have read nothing from Saurik on this point.

Keep in mind when you update to a new firmware your modem firmware is usually also updated. This system will not allow you to restore to an older modem firmware, only to the older main OS firmware. Usually this is not an issue to be concerned about. For example, iOS 4.0, 4.0.1. and 4.0.2 all had the same modem firmware (5.13.04 for the 3G and 3G S, and 01.59.00 on the iPhone 4). Sometimes this modem firmware will operate with other main OS firmwares.

You will be able to restore to new firmware updates as Cydia will continue to generate the file it needs for newer firmwares automatically if it has your ECID "on file". It is important to understand that you do not need to have the latest firmware on your iPhone to get the SHSH for it. Why? Because Apple will always approve restores to the most recent firmware, and thus will provide a digital signature to approve the restore.

The next step in obtaining the SHSH came about when a programmer named Semaphore (notcom on Twitter) came up with a way of expanding Saurik's concept. He recognized that while Saurik's method is very helpful, it relies on Saurik's servers to be operating (they've gone down before for several days and take a couple weeks after a new firmware is released to store the SHSH), and for the iPhone to be already jailbroken (since you need Cydia to retrieve the SHSH.)

Semaphore created a program called TinyUmbrella. It can retrieve the SHSH for an iPhone, and the phone doesn't even need to be jailbroken! It can also retrieve the SHSH directly from Cydia (if it has them to begin with). The iPhone doesn't need to be on the most recent firmware for TinyUmbrella retrieve the SHSH for it. When TinyUmbrella saves your SHSH it also sends this request along to Cydia so that it will also have this signature. The SHSH is converted into a file and stored on your computer. You can also back up these files for safekeeping. When you are ready to restore to an older firmware, you start up the server program within TinyUmbrella. It modifies your hosts file automatically and masquerades as Apple's digital signature server. It then uses the file already stored on your computer to approve the restore request.

While using TinyUmbrella is the preferred method since it is the easiest, I will cover both methods so you are fully aware of your options.



Go to Semaphore's site here. Then download TinyUmbrella. This program is updated frequently. So I am hosting the exact same version I am writing about (5.00.03) as I don't have the time to update this tutorial all the time. You can download version 5.00.03 here.

Double click the .pkg file that was saved to your computer.




Follow the instructions in the installation screens.




Launch the program. Here's what it looks like if you've never used it before.




Here's the Advanced screen with the default settings. Files will be stored in your user folder. Take note of the other settings here. This is how I leave it configured.

If you want to remove all evidence of the jailbreak and the unlock process, then simply restore your iPhone using iTunes. You must change your hosts file so that gs.apple.com is not redirected to the Cydia IP address, otherwise the restore will not function properly. If you used TinyUmbrella to change your hosts for you then this is where you uncheck the box that says "Set Hosts to Cydia on Exit". Keep in mind doing this may mean you lose your jailbreak or unlock forever.




I'm going to connect my Verizon iPhone 4. Click your iPhone's name in either the connected or recent devices section and you'll see some information about your iPhone on the right including what firmware, baseband and bootloader are on your iPhone. Note: I've blurred out some of my information. Click the Save SHSH button to start saving your files. If you have any stored on Cydia they will be downloaded.




It may take a few minutes to download all the SHSHs. In my example it found five SHSHs. I can use these files to restore to these firmwares (4.2.6, 4.2.7, 4.2.8, 5.0b1 and 5.0b2) any time I want to. It was able to retrieve older firmware SHSHs because I had Cydia get them on file when they were the current firmware. It's very important to do this. Keep in mind however that the modem firmware does not get restored to the version that came with the original firmware. Sometimes modem firmwares work with other main firmwares however.

Note: If for whatever reason you can't download your SHSH, go to the Advanced tab, uncheck Request SHSH from Cydia, and try again. It will now download the most recent SHSH from Apple. Sometimes Cydia has issues.




If you have other iPhones, or iPads, connect them and repeat the process. When you've finished it will display all SHSH files for all your iPhones when you click the SHOW ALL SHSHS section. Although it is much less chaotic to view SHSHs by individual device, by selecting one under the RECENT DEVICES header.

It's also important you backup the files that TinyUmbrella saves in case something happens to your computer. There's a couple ways you can go about this. First click on the Advanced tab, then look below where it says Save SHSH Directory: That is the path where the files are stored.




To get to this directory, on your Mac click Go, select Go to Folder... enter the path, click Go again and you'll be in the folder. You can then copy these files somewhere else.




Your other option is to configure TinyUmbrella to just save them someplace more readily accessible. In the Advanced tab click the ... button and pick a new folder for them. Then click the Save SHSH (or Save All SHSHs) button.
Once you have your SHSHs saved for your device(s), and a new firmware is released, and TinyUmbrella is updated to work with this new firmware, all you have to do to save your new SHSHs is click a button. Launch the program (your iPhone(s) don't need to be connected), click where it says SHOW ALL SHSHS, then click the button that says Save ALL SHSHs. You'll notice spinning wheels next to your iPhone(s)... After a minute or two you'll see the new SHSHs.


If you would like to see how to restore an iPhone 3G S to a firmware that Apple is no longer signing, then go to this page. I demonstrate how to downgrade from 4.0 firmware to 3.1.3 and then unlock again. The method described here can obviously be adapted to the 3G or other firmwares. The version of the program I'm using in that tutorial is older (4.00.80), but I am hosting that version of the program.

If you are a member and want to see an iPhone 4 on 4.1 firmware being restored to 4.0.1 firmware (which as of this writing is no longer being signed by Apple) then click here. I am using TinyUmbrella 4.1.12 in this demonstration.




Here is how the Cydia process works. This is my iPhone 3G. I launched Cydia and was greeted with this message right away. The "ECID" I'm displaying is obviously fake. I pressed the "Make my life easier, thanks!" button.




Next you'll see the message that your device has a pending TSS request. A little more than 24 hours later and I received confirmation of being on file for 4.0, and 4.0.1 firmware. This is how it works with an iPhone 3G S, and iPhone 4 as well.




On your Mac, go to your Applications/Utilities folder. Launch the application Terminal.app. Enter this command to edit your hosts file: (you may be prompted to enter your password)






Your hosts file should look something like this.




Go to the bottom of the file and enter the following line:



Your file should now look like this. Now what will happen is when you want to restore your iPhone to a non approved firmware, iTunes will send out a request to gs.apple.com which is being rerouted to 74.208.10.249 (the home of Cydia). Cydia will receive the request instead of Apple and of course Cydia will approve your request and send back the special file (already saved in advance with Apple's signature on it) to iTunes to approve your restore. If you want to restore to stock firmware then you must place a # symbol in front of this IP adress, or just remove the line all together.




When you are done, click File, then select Save.




Next launch iTunes (with your iPhone connected). If you want to restore to older firmware you must press the Option key (on your Mac) while clicking the restore button in iTunes.




In the file browser window that appears, navigate to the firmware you want to restore with.




If you don't know where to find older firmware versions, check my list here.

A note about downgrading. Generally speaking when you downgrade the main OS firmware (i.e. 4.0 to 3.12, et cetera) the modem firmware (i.e. 5.13.04, also referred to as baseband) does not downgrade in step. You'll wind up with a mismatch, where one version of software wasn't intended to come with another version of software. Whether the mismatch will work is another story. This mismatch will cause iTunes to give you an error at the end of the restore process, and the connect to iTunes graphic will appear on the iPhone with no apparent way to get rid of it and get the iPhone to activate.

If you are restoring to the same firmware (i.e. 4.0.1 to 4.0.1) that is no longer being signed you will also receive an error message. The connect to iTunes graphic will appear on the iPhone with no apparent way to get rid of it and get the iPhone to activate.

In this scenario I've restored to 4.0.1. After the restore has completed I receive this error message. Click OK.




The connect to iTunes graphic appears on the iPhone.




This error message will appear next. Click OK.




You can use TinyUmbrella to solve this problem. Just click the Kick out of Recovery button as demonstrated in the TinyUmbrella instructions.

At this point you can activate and set up your iPhone.