If you’re a somewhat tech-savvy iDevice owner, you probably found out that you can’t install any version of iOS whenever you want quite quickly. This is because of Apple’s firmware signing mechanism which only lets you install recently released versions of iOS that Apple approves of.

This article will focus on 64-bit devices and only describes the basics without getting into the technicalities

What are SHSH blobs?

SHSH are 1024-bit RSA signatures that are verified by the bootloader when you restore your iPhone/iTouch/iPad to any version of iOS.

If you’re an A7 user that has blobs for iOS 10.2-10.3.3, you can go back to those FWs from iOS 11.0-11.3.1 if you saved your blobs! (noncesetter is in the picture)

SHSH is generated when you do a restore (to a signed version) via iTunes but you can manually save these signatures yourself to restore to versions of iOS that Apple doesn’t currently sign. When you save your SHSH, you get SHSH blobs and these are used to verify restores even if Apple isn’t signing that firmware as Apple stops signing a version of iOS a few days/weeks after a new one is released.

Unfortunately, restoring your device to unsigned version of iOS isn’t as simple as having SHSH. This is because with recent devices (Apple A7+), you need more things to be able to use your SHSH blobs. These things are:

• A noncesetter in order to set your nonce generator
  • Every noapnonce blob you save contains a generator that you have to input into a n0ncesetter to start the restore.
  • A n0ncesetter requires a kernel exploit to be released for the version of iOS that your device is currently on.
  • This requirement can be circumvented if your device produces nonce collisions but these only happen on a few A7/A8 devices on older versions of iOS (9.1-10.2). As a result, it won’t be discussed further in this article.
• A signed SEP
  • Other than verifying the restore image, 64-bit devices also need to verify the SEP firmware (Secure Enclave Processor).
  • Unfortunately, blobs for this can’t be saved as of yet. This means that the SEP needs to be signed by Apple and SEP signing follows firmware (SHSH) signing. However, the SEP for iOS 11.4.1 is compatible with older versions like iOS 11.3. Check r/jailbreak to see what’s compatible

Saving your SHSH is a good idea even if you don’t jailbreak because it makes your device more valuable on the used market for jailbreakers. Furthermore, they could also be useful if you want to downgrade your version of iOS if the latest version of iOS is giving you problems.

How do I save them?

BMSSM is pretty useful because there sometimes is more than one model of the same device. If you save blobs for the wrong model, your saved blobs will be useless

Now that you know what SHSH blobs and how they can be used, we’ll move on to saving them. Saving them is pretty simple and this is what you have to do:

1. Grab TSSChecker from Encounter’s fork
2. Grab BMSSM to get your Board ID
3. Get your device’s ECID by following this
4. Extract TSSChecker and navigate to it via command prompt
5. Use the following command and fill in the blanks (ignore the inverted commas) – “tsschecker -s -e <insert your ECID here> -B <insert your board ID (Model) you got from BMSSM here> -i <insert the version of iOS you want to save blobs for>”
   • It must be noted that you can ONLY save blobs for currently signed versions of iOS!
6. Press Enter and you’ve got your noapnonce (with a generator to be used with a noncesetter) SHSH blobs!
7. Put them in a safe place such as an external HDD and/or cloud services

If you don’t want to use a PC, you can use Conan’s TSS Saver website BUT do note that the website uses a queue system. This means that your blobs won’t be saved immediately which could make you lose your opportunity to get them if you’re trying to save them shortly before Apple stops signing the iOS version you want to get blobs for.

Saving your SHSH is pretty simple if you know what you’re doing! (I’m saving iOS 11.4.1 for my iPad Air 1)

Furthermore, TSS Saver was overloaded and didn’t save blobs for many when Apple did a signing mess-up last January in which they signed lots of firmwares that they shouldn’t have. This led to a situation in which people lost their chance to save blobs for their devices because they didn’t know how to save them locally (or were asleep)!

Conclusion

Do note that this article only covers the tip of the iceberg when it comes to iOS signing, downgrading and upgrading. If you wish to learn more about these things, head over to iPhoneWiki or ask around on r/jailbreak!