Downgrading / restoring older firmware - iPhone 3G S and iPhone 4

Updated: May 11, 2012

Page 1 of 3

This is a three-part tutorial.
  • This page, page 1 is for the iPhone 3G S and the iPhone 4.
  • Page 2 is for the iPhone 4S.
  • Page 3 presents a history of the ECID SHSH and the ApTicket. It also covers how to use the TinyUmbrella program and Cydia for retrieving SHSHs.
The process for downgrading firmware and or restoring firmware that is no longer current has changed with the introduction of iOS 5. Not only do you need an SHSH but you need an APTicket to trick iTunes into restoring your iPhone to firmware that Apple doesn't approve of. You can read more about this on page 3 of this tutorial, and at the iPhone Dev Team's site here.

This page will concern itself with downgrading from 5.0.1 to 5.0 firmware. You can also downgrade to other firmwares using this same method.

You do not need to be jailbroken to perform this process. Here's my iPhone 4 on 5.0.1 firmware. My iPhone is a factory unlocked model so you'll see at the end of the tutorial that I have a T-Mobile signal without being jailbroken. If you rely on an unlock, you'll have to jailbreak and unlock using ultrasn0w to finish this process. Keep in mind, downgrading the iOS on the iPhone does not downgrade the modem firmware (baseband). The only advantage to doing this, at present, is to install firmware that can be jailbroken. Perhaps you updated by mistake and want to recover from this situation.

iPhone




Step 1.

To begin this process you must first have the SHSH for 5.0 firmware (or whatever firmware you'd like to install). You can use TinyUmbrella to obtain these files. This program is available here. You can read more about the usage of TinyUmbrella on page 3.

Once you've installed the program, connect your iPhone to your Mac. You'll see your iPhone's name under the connected devices header on the left. Once you do click the Save SHSH button on the right. It may take a minute to retrieve all the SHSHs. You can only restore to the firmware that you have an SHSH for. They will be listed in the window in the center of the program that says Saved SHSHs for your iPhone name. Note: I've erased some of the numbers below for privacy reasons.

iPhone




Step 2.

Next we'll create a custom firmware by stitching your SHSH to it. This will also include an APTicket which is a new form of verification introduced with 5.x firmware.

Launch redsn0w and click Extras.

iPhone



Click SHSH blobs.

iPhone



Click Verify.

iPhone



Select the SHSH you want to use and click Open.

iPhone



The pop up must state that your APTicket is present and valid. Click OK.

iPhone



Click Stitch.

iPhone



Click IPSW.

iPhone



Select the firmware file that you want to stich your SHSH to then click Open. I have a complete list of every firmware made by Apple along with download links from Apple on this page.

iPhone



Click Local.

iPhone



Select the SHSH for the firmware (and for the particular device if you have several) and click Open.

iPhone



The firmware will be created. It will take a couple minutes.

iPhone



Your custom firmware file will have your ECID at the beginning of the file name. Click OK.

iPhone




Step 3.

Next we'll use that custom firmware and restore it to the iPhone. If you were to try to use the stock 5.0 firmware file and restore it (even in DFU mode) you would receive this message.

iPhone



Launch redsn0w and click Extras.

iPhone



Click Pwned DFU.

iPhone



Turn your iPhone off and click Next.

iPhone



Instructions for entering DFU mode will appear. They start right away and go very quickly so try to keep up! Note: The next three screen shots of redsn0w do not have a version number at the top. This is because I get tired of having to grab these screen shots each time the version number increments just to demonstrate that it is the latest version.

Press and hold the on/off (sleep/wake) button for three seconds.

iPhone       iPhone



While holding the on/off (sleep/wake) button, press and hold the home button.

iPhone       iPhone



Release the on/off button, but keep holding the home button.

iPhone       iPhone



Click Cancel when you see this message.

iPhone




Step 4.

Launch iTunes. A pop up will appear. Click OK.

iPhone



Hold down the option key and click the Restore button.

iPhone



Select the firmware file that starts with the same ECID of the iPhone that you want to restore with the newly stitched firmware. Click Open.

iPhone



The iPhone will turn on and the Apple logo will appear with a spinning wheel. A status bar will appear.

iPhone



iTunes will provide status as it restores the iPhone.

iPhone



When the restore has finished you'll receive an error message. Click OK.

iPhone



Click OK again for this pop up.

iPhone



The connect to iTunes graphic will appear on the iPhone.

iPhone




Step 5.

Launch redsn0w. It will automatically close iTunes if it is still open. Click Extras.

iPhone



Click Recovery fix.

iPhone



Press and hold the power (sleep/wake) button until the screen turns black. Then click the Next button and follow the instructions for entering DFU mode. The connect to iTunes graphic will appear again while you are doing this. Ignore it.

Instructions for entering DFU mode will appear again.

Press and hold the on/off (sleep/wake) button for three seconds.

iPhone       iPhone



While holding the on/off (sleep/wake) button, press and hold the home button.

iPhone       iPhone



Release the on/off button, but keep holding the home button. I usually hold it until the screen turns white.

iPhone       iPhone



You'll see a graphic for downloading jailbreak data, and then code will scroll on the screen. The iPhone will then boot normally to the set up screen.

iPhone       iPhone




Step 6.

Finally set up your iPhone. You'll notice I already have a signal with my T-Mobile SIM. That is because I have a factory unlocked iPhone and do not need to jailbreak or use ultrasn0w to unlock.

iPhone       iPhone





Here I am back on 5.0 firmware.

iPhone





Return to top of page