How to Restore IPSW with/without iTunes. Jerry Cook; Updated on 2021-01-22 to iPhone Care; In our digital life, there are a lot of situations that we will need to install IPSW file on iPhone, iPad or iPod touch, like, update iOS system, restore unsigned ipsw without iTunes, downgrade iOS, repair iOS issues, restore device to factory reset and so forth. Flash Custom Ipsw With 3utools No Blobs Download On this tutorial, the developers are not using purplerestore to inject the edited package but libimobiledevice, a software for mac, windows, and Linux. On this version, is working on windows versions with all steps. I will add a description of the commands. You will need again.
I collect old computers, and so my friends often find interesting things for my collection. My friend Paul recently gave me an old iPad 2 for my museum.
The thing is, it didn’t feel very old. I still use an iPad 3 every day as my main tablet (it still works fabulously well, apart from the bloat on modern web pages, that sometimes tend to cause Safari to grind to a halt). The donated iPad 2 ran iOS 9.3.5 (very slowly), which is basically what my iPad 3 runs (iOS 9.3.6 due to last year’s GPS bug that Apple patched).
Step 1 Open any web browser on your computer and go to this URL – ipsw.me. Step 2 Download the latest iOS firmware version for your device. Also, make sure your hard disk has enough space left. Step 3 You should now have these two files as shown below. PwnageTool is a MAC OS X only jailbreaking tool that jailbreaks your iOS device by creating a custom IPSW (Apple’s Firmware File); once this IPSW is created you must restore it to your iDevice through iTunes. PwnageTool 5.1.1 (iOS 5.1.1): Mac OS X. Sn0wBreeze is actually the Windows alternative to the PwnageTool.
So to be a candidate for my museum I really wanted to revert it to its original state, which would have been iOS 4. But Apple don’t allow downgrades, and all installs of iOS have to be cryptographically signed by Apple.
So I set about seeing if jailbreaking the iPad would help. Apparently not – jailbreaking on its own doesn’t bypass the iOS signing.
But I found a few references to iOS 6.1.3. It seems this was the first version of iOS to allow OTA (Over The Air) updates to iOS. So Apple allowed 6.1.3 to be manually installed via USB (so that devices running earlier versions could update, and then update to the latest version over the air).
So I tried a few versions of this – first using a Windows tool (3utools) – which failed with an obscure error, and then using iTunes on a Mac (having downloaded iPad2,1_6.1.3_10B329_Restore.ipsw from https://ipsw.me/iPad2,1) – which revealed that Apple wouldn’t sign it any longer. That corrupted the device so I was forced to reinstall 9.3.5 using iTunes.
Doing a bit more reading, it seemed Apple had stopped signing 6.1.3 a few months ago, possibly due to a security bug in iCloud on iOS 6 that they wanted to avoid being exploited? Details were a bit vague.
Then I found some references to them still signing OTA updates to 6.1.3, just not manual updates via IPSW files. The tool Vieux promised to be able to downgrade to iOS 6.1.3 or 8.4.1. Again the description is vague, but I think it’s installing the update from the IPSW file, but persuading Apple that it’s an OTA install to fool them into signing it? I’m not exactly sure – there is never much deep technical documentation on these hacking tools – the authors seem to think everyone just wants tools that are easy to use, so don’t often explain how they work!
Vieux looked promising, but for 32bit systems like my iPad 2, it required ssh access, which requires a jailbreak!
3utools Custom Ipsw Tool
So next, find a jailbreak for iOS 9.3.5. It seems there is only one that works: Phoenix. It’s an app that you ‘side load’ onto your device, and after each boot, you manually run it to activate the jailbreak. Any app loaded has to be signed by Apple, and there were various webpages promising versions of Phoenix already signed, but Apple revokes the certificate as soon as they find them, so they don’t last long.
The alternative is various tools that you can use to sign the app yourself. Anyone can sign their own app for development purposes, but the certificate only lasts 7 days. Or if you have a developer account (as I do), you get a year until you have to re-sign and re-install it.
3utools Custom Ipsw Free
Reading forums, it seemed many tools that previously did this (3utools, Cydia Impactor) no longer worked.
I did try a tool called iOS App Signer, which should have signed an app using my developer certificate for a full year of use, but I couldn’t get the signed app to install on the iPad, whatever certificate or settings I used. I gave up on that (but see below for a possible reason).
Then I found a couple of tools AltServer and AltDeploy. They seem similar. AltDeploy just signs an app with a 7 day certificate based on an iTunes account and installs it to your device. AltServer does the same, but then runs a server on your computer so your jailbroken device connects to your computer via wifi, and requests a new version before the 7 days run out.
Both of them install a rather dodgy plugin. It might make sense, but the developers don’t explain why. It’s a plugin to the Mail app on your Mac, which they say has to be installed, and Mail running, for the app signing to work (they say it’s something to do with requesting your iTunes credentials). A bit more explanation wouldn’t go amiss. I eventually allowed it access (since I don’t use Apple’s Mail app for my email anyway, so there’s nothing useful to hack there).
I then used AltDeploy to sign the Phoenix app. This also failed, but this time I got an error that I could search for (a bad app display name). It seems the Phoenix app uses extended characters in the app name (to join the o and e characters together). The app signing didn’t like that. Perhaps that’s also why iOS App Signer didn’t work? I didn’t go back to check.
Anyway, this issue suggested changing the Phoenix5.ipa filename to .zip, expanding it, opening the Payload folder, showing the package contents, editing Info.plist, changing the Bundle Display Name to remove the dodgy character, saving, re-zipping the Payload folder, and renaming back to .ipa. Then the signing worked, and I had the Phoenix jailbreak app on my iPad!
I followed the instructions to activate it, then kickstart it, then opening Cydia and installing ssh.
Next get the dependencies for Vieux:
I could then plug in the iPad via USB and downgrade:
(When prompted you have only 10 seconds to unplug the USB lead and reconnect it!)
After I did that, I had a factory-reset device running iOS 6.1.3. It seems to be stock iOS, signed by Apple with no jailbreak (although I believe there are iOS 6 jailbreaks that could be installed). But I want it nice and clean, for my museum :-)
Here’s some useful links for what I used that worked:
- AltDeploy: https://github.com/pixelomer/AltDeploy
- Tutorial for AltDeploy: https://kubadownload.com/news/altdeploy-sign-ipa-files
- Tutorial for using AltDeploy to install Phoenix: https://kubadownload.com/news/phoenix-jailbreak
- Phoenix jailbreak: https://phoenixpwn.com/
- How to fix the app name issue in Phoenix: https://github.com/pixelomer/AltDeploy/issues/56
- Vieux tool to downgrade iOS: https://github.com/MatthewPierson/Vieux
- Downloads for old versions of iOS (ignore the warnings about not being able to sign them if using Vieux for iOS 6.1.3/8.4.1/10.3.3 on compatible devices as it will take care of the signing): https://ipsw.me/
Check out that retro skeuomorphic design! It’s not quite the original iOS 4, but visually it’s almost the same, as the flat design didn’t come in till iOS 7.
And now it truly is a museum piece :-D