I've been struggling to restore iOS 4.3.3 on my iphone 4 after apple released ios 4.3.4 and stopped signing 4.3.3. my phone was jailbroken on 4.3.3, and just wanted to restore fresh 4.3.3 few days ago (4.3.4 was already out). I ran into many issues, until I gave up and upgraded to 4.3.4 just to make the phone work! after more research and testing, I've finally came up with step-by-step guide to restore back to 4.3.3, which I can jailbreak untethered.
OS and Tools used
- Windows XP SP3
- iTunes 10.3.1
- TinyUmbrella 5.00.06 and fixrecovery43
(The Firmware Umbrella - TinyUmbrella)
- iREB-r4
(Hotfile.com: One click file hosting: iREB-r4.zip)
Before Starting:
Please close all tools related to restore (e.g. iTunes and TinyUmbrella), because we will open incertain order
Step 0: SHSH saved while was on 4.3.3
As you know, you must have saved your iPhone SHSH while on 4.3.3
otherwise you can't restore to an earlier version of iOS.
My phone was already jail-broken on 4.3.3, so Cydia has saved the SHSH on Cydia server.
But you may have also/otherwise saved SHSH using TinyUmbrella (TU).
Step 1: Map gs.apple.com to Cydia OR TinyUmbrella TSS
If you have saved SHSH to Cydia, then simple edit etc/hosts file, and add the following line:
74.208.10.249 gs.apple.com
the path of hosts file on widows is:
c:\WINDOWS\system32\drivers\etc\hosts
... OR ...
if you have saved SHSH using TU, you can otherwise use it instead of Cydia to trick iTunes about signing 4.3.3.
To do so, start TU, click "Advanced" tabbed-page, and make sure of the following options state:
- Save ALL Available SHSH
(not related to restore, but should be left checked to save SHSH for your iDevices whenever possible)
- Set hosts to Cydia on Exit
(preferably unchecked. but anyway it doesn't matter because TU will stay open during the whole restore)
- Request SHSH from Cydia
(should be unchecked if SHSH was not saved to Cydia)
- overwrite existing SHSH on "save SHSH"
(checked by default and has nothing to do with restore)
- When connecting device prefer custome name
(checked by default and has nothing to do with restore)
go ahead and click "Start TSS Server"
So in summary, you either edit etc/hosts directly to refer to cydia, or use TU TSS.
after doing one of the two options above (Cydia or TU), you end up with your etc/hosts file having either one of the following:
74.208.10.249 gs.apple.com
(this is if you have done it manually)
OR
127.0.0.1 gs.apple.com
(TU adds it automatically when you start TSS server)
You must not have both entries (unless one of them is commented out with #)
Step 2: Connect iPhone to backup then put in DFU mode
Connect iPhone to PC (which automatically launches iTunes)
then backup and sync your iphone to be able to restore it to the last state after installing fresh 4.3.3 iOS.
Then while the iPhone connected, put it in DFU mode by following the steps below:
1- Turn it off by holding the power button for few seconds until the "Slide to Power off" appears, then slide to power off.
2- Then immediately hold both the Power button and Home button simultaneously for 10 seconds.
3- After the 10 seconds, let go the Power button, while keeping the Home button pressed for few seconds until iTunes detects the iPhone in recovery mode. The iPhone screen is black and nothing shown on it in DFU mode.
now close iTunes without performing restore
(we will open again in a minute)
Step 3: Use iREB to put iPhone is PWNED DFU mode
this step is to avoid the iTunes error 1601 at the beginning of iOS restore.
start iREB-r4 and click the button corresponding for iPhone 4.
it should detects the phone in DFU mode as we left it in DFU since last step.
iREB then exploit the Limera1n vulnerability and put the iPhone in PWNED DFU.
it pops up a message informing you it's done.
close iREB after it returns to the main page.
Step 4: Start iTunes and restore iOS 4.3.3
start iTunes, which again detects the phone in recovery mode
(which is now PWNED DFU)
click Shift + Restore and point to the original 4.3.3 iOS from Apple to start restoration.
iTunes shows the following statuses while restoring
- Extracting Software
- Verifying iPhone Restore with Apple
(here comes the role of editing hosts file or using TU TSS. if you can't go beyond this step, then there is something wrong with verifying SHSH)
- Preparing iPhone for Restore
(if stuck here for some time and got error 1601, then may be the PWNED DFU was not successfully. So repeat step 3 again to run iREB)
(if you go past this step, iPhone shows white screen then goes black and the Apple logo appears)
- Verifying iPhone Restore with Apple
(then iPhone shows a progress bar under Apple logo)
- Waiting for iPhone
- Preparing iPhone for Restore
- Restoring iPhone Software
- Verifying iPhone Software
- Verifying iPhone Restore
- Restoring iPhone Firmware
this last step fails with error 1013 while the progress bar on iPhone is at about 2/3. The iPhone start in recovery mode (iTunes icon on screen)
just click OK to the error message and leave iTunes working
Step 5: Fix recovery after error 1013
Put the iPhone in DFU mode again.
(hold both power and home till the screen goes black, then leave both, then immediately press both again for 10 seconds and continue as explained above till iTunes detects it in recovery mode)
Start fixrecovery43 which should detect the device in DFU mode and continue working.
You must have internet connection at this point because fixrecovery download some stuff from Apple.
fixrecovery writes some stuff to a DOS window, then exits and let the rest happen on the phone (which looks like a terminal with lot of stuff get written into)
Once done, the iPhone reboot and Apple logo appears, followed by a progress bar for a short time, then the iPhone is running as normal and detected by iTunes which can activate, and restore.
you can then jailbreak 4.3.3 iOS as normal
Hope that helps and working for you.
OS and Tools used
- Windows XP SP3
- iTunes 10.3.1
- TinyUmbrella 5.00.06 and fixrecovery43
(The Firmware Umbrella - TinyUmbrella)
- iREB-r4
(Hotfile.com: One click file hosting: iREB-r4.zip)
Before Starting:
Please close all tools related to restore (e.g. iTunes and TinyUmbrella), because we will open incertain order
Step 0: SHSH saved while was on 4.3.3
As you know, you must have saved your iPhone SHSH while on 4.3.3
otherwise you can't restore to an earlier version of iOS.
My phone was already jail-broken on 4.3.3, so Cydia has saved the SHSH on Cydia server.
But you may have also/otherwise saved SHSH using TinyUmbrella (TU).
Step 1: Map gs.apple.com to Cydia OR TinyUmbrella TSS
If you have saved SHSH to Cydia, then simple edit etc/hosts file, and add the following line:
74.208.10.249 gs.apple.com
the path of hosts file on widows is:
c:\WINDOWS\system32\drivers\etc\hosts
... OR ...
if you have saved SHSH using TU, you can otherwise use it instead of Cydia to trick iTunes about signing 4.3.3.
To do so, start TU, click "Advanced" tabbed-page, and make sure of the following options state:
- Save ALL Available SHSH
(not related to restore, but should be left checked to save SHSH for your iDevices whenever possible)
- Set hosts to Cydia on Exit
(preferably unchecked. but anyway it doesn't matter because TU will stay open during the whole restore)
- Request SHSH from Cydia
(should be unchecked if SHSH was not saved to Cydia)
- overwrite existing SHSH on "save SHSH"
(checked by default and has nothing to do with restore)
- When connecting device prefer custome name
(checked by default and has nothing to do with restore)
go ahead and click "Start TSS Server"
So in summary, you either edit etc/hosts directly to refer to cydia, or use TU TSS.
after doing one of the two options above (Cydia or TU), you end up with your etc/hosts file having either one of the following:
74.208.10.249 gs.apple.com
(this is if you have done it manually)
OR
127.0.0.1 gs.apple.com
(TU adds it automatically when you start TSS server)
You must not have both entries (unless one of them is commented out with #)
Step 2: Connect iPhone to backup then put in DFU mode
Connect iPhone to PC (which automatically launches iTunes)
then backup and sync your iphone to be able to restore it to the last state after installing fresh 4.3.3 iOS.
Then while the iPhone connected, put it in DFU mode by following the steps below:
1- Turn it off by holding the power button for few seconds until the "Slide to Power off" appears, then slide to power off.
2- Then immediately hold both the Power button and Home button simultaneously for 10 seconds.
3- After the 10 seconds, let go the Power button, while keeping the Home button pressed for few seconds until iTunes detects the iPhone in recovery mode. The iPhone screen is black and nothing shown on it in DFU mode.
now close iTunes without performing restore
(we will open again in a minute)
Step 3: Use iREB to put iPhone is PWNED DFU mode
this step is to avoid the iTunes error 1601 at the beginning of iOS restore.
start iREB-r4 and click the button corresponding for iPhone 4.
it should detects the phone in DFU mode as we left it in DFU since last step.
iREB then exploit the Limera1n vulnerability and put the iPhone in PWNED DFU.
it pops up a message informing you it's done.
close iREB after it returns to the main page.
Step 4: Start iTunes and restore iOS 4.3.3
start iTunes, which again detects the phone in recovery mode
(which is now PWNED DFU)
click Shift + Restore and point to the original 4.3.3 iOS from Apple to start restoration.
iTunes shows the following statuses while restoring
- Extracting Software
- Verifying iPhone Restore with Apple
(here comes the role of editing hosts file or using TU TSS. if you can't go beyond this step, then there is something wrong with verifying SHSH)
- Preparing iPhone for Restore
(if stuck here for some time and got error 1601, then may be the PWNED DFU was not successfully. So repeat step 3 again to run iREB)
(if you go past this step, iPhone shows white screen then goes black and the Apple logo appears)
- Verifying iPhone Restore with Apple
(then iPhone shows a progress bar under Apple logo)
- Waiting for iPhone
- Preparing iPhone for Restore
- Restoring iPhone Software
- Verifying iPhone Software
- Verifying iPhone Restore
- Restoring iPhone Firmware
this last step fails with error 1013 while the progress bar on iPhone is at about 2/3. The iPhone start in recovery mode (iTunes icon on screen)
just click OK to the error message and leave iTunes working
Step 5: Fix recovery after error 1013
Put the iPhone in DFU mode again.
(hold both power and home till the screen goes black, then leave both, then immediately press both again for 10 seconds and continue as explained above till iTunes detects it in recovery mode)
Start fixrecovery43 which should detect the device in DFU mode and continue working.
You must have internet connection at this point because fixrecovery download some stuff from Apple.
fixrecovery writes some stuff to a DOS window, then exits and let the rest happen on the phone (which looks like a terminal with lot of stuff get written into)
Once done, the iPhone reboot and Apple logo appears, followed by a progress bar for a short time, then the iPhone is running as normal and detected by iTunes which can activate, and restore.
you can then jailbreak 4.3.3 iOS as normal
Hope that helps and working for you.