1. mhassan.net's Avatar
    I've been struggling to restore iOS 4.3.3 on my iphone 4 after apple released ios 4.3.4 and stopped signing 4.3.3. my phone was jailbroken on 4.3.3, and just wanted to restore fresh 4.3.3 few days ago (4.3.4 was already out). I ran into many issues, until I gave up and upgraded to 4.3.4 just to make the phone work! after more research and testing, I've finally came up with step-by-step guide to restore back to 4.3.3, which I can jailbreak untethered.


    OS and Tools used
    - Windows XP SP3
    - iTunes 10.3.1
    - TinyUmbrella 5.00.06 and fixrecovery43
    (The Firmware Umbrella - TinyUmbrella)
    - iREB-r4
    (Hotfile.com: One click file hosting: iREB-r4.zip)


    Before Starting:
    Please close all tools related to restore (e.g. iTunes and TinyUmbrella), because we will open incertain order


    Step 0: SHSH saved while was on 4.3.3

    As you know, you must have saved your iPhone SHSH while on 4.3.3
    otherwise you can't restore to an earlier version of iOS.
    My phone was already jail-broken on 4.3.3, so Cydia has saved the SHSH on Cydia server.

    But you may have also/otherwise saved SHSH using TinyUmbrella (TU).


    Step 1: Map gs.apple.com to Cydia OR TinyUmbrella TSS

    If you have saved SHSH to Cydia, then simple edit etc/hosts file, and add the following line:

    74.208.10.249 gs.apple.com

    the path of hosts file on widows is:
    c:\WINDOWS\system32\drivers\etc\hosts

    ... OR ...

    if you have saved SHSH using TU, you can otherwise use it instead of Cydia to trick iTunes about signing 4.3.3.

    To do so, start TU, click "Advanced" tabbed-page, and make sure of the following options state:

    - Save ALL Available SHSH
    (not related to restore, but should be left checked to save SHSH for your iDevices whenever possible)

    - Set hosts to Cydia on Exit
    (preferably unchecked. but anyway it doesn't matter because TU will stay open during the whole restore)

    - Request SHSH from Cydia
    (should be unchecked if SHSH was not saved to Cydia)

    - overwrite existing SHSH on "save SHSH"
    (checked by default and has nothing to do with restore)

    - When connecting device prefer custome name
    (checked by default and has nothing to do with restore)

    go ahead and click "Start TSS Server"


    So in summary, you either edit etc/hosts directly to refer to cydia, or use TU TSS.

    after doing one of the two options above (Cydia or TU), you end up with your etc/hosts file having either one of the following:

    74.208.10.249 gs.apple.com
    (this is if you have done it manually)

    OR

    127.0.0.1 gs.apple.com
    (TU adds it automatically when you start TSS server)

    You must not have both entries (unless one of them is commented out with #)


    Step 2: Connect iPhone to backup then put in DFU mode

    Connect iPhone to PC (which automatically launches iTunes)
    then backup and sync your iphone to be able to restore it to the last state after installing fresh 4.3.3 iOS.

    Then while the iPhone connected, put it in DFU mode by following the steps below:

    1- Turn it off by holding the power button for few seconds until the "Slide to Power off" appears, then slide to power off.

    2- Then immediately hold both the Power button and Home button simultaneously for 10 seconds.

    3- After the 10 seconds, let go the Power button, while keeping the Home button pressed for few seconds until iTunes detects the iPhone in recovery mode. The iPhone screen is black and nothing shown on it in DFU mode.

    now close iTunes without performing restore
    (we will open again in a minute)


    Step 3: Use iREB to put iPhone is PWNED DFU mode

    this step is to avoid the iTunes error 1601 at the beginning of iOS restore.

    start iREB-r4 and click the button corresponding for iPhone 4.
    it should detects the phone in DFU mode as we left it in DFU since last step.

    iREB then exploit the Limera1n vulnerability and put the iPhone in PWNED DFU.
    it pops up a message informing you it's done.

    close iREB after it returns to the main page.


    Step 4: Start iTunes and restore iOS 4.3.3

    start iTunes, which again detects the phone in recovery mode
    (which is now PWNED DFU)

    click Shift + Restore and point to the original 4.3.3 iOS from Apple to start restoration.

    iTunes shows the following statuses while restoring

    - Extracting Software
    - Verifying iPhone Restore with Apple
    (here comes the role of editing hosts file or using TU TSS. if you can't go beyond this step, then there is something wrong with verifying SHSH)

    - Preparing iPhone for Restore
    (if stuck here for some time and got error 1601, then may be the PWNED DFU was not successfully. So repeat step 3 again to run iREB)

    (if you go past this step, iPhone shows white screen then goes black and the Apple logo appears)

    - Verifying iPhone Restore with Apple
    (then iPhone shows a progress bar under Apple logo)

    - Waiting for iPhone
    - Preparing iPhone for Restore
    - Restoring iPhone Software
    - Verifying iPhone Software
    - Verifying iPhone Restore
    - Restoring iPhone Firmware

    this last step fails with error 1013 while the progress bar on iPhone is at about 2/3. The iPhone start in recovery mode (iTunes icon on screen)

    just click OK to the error message and leave iTunes working

    Step 5: Fix recovery after error 1013

    Put the iPhone in DFU mode again.
    (hold both power and home till the screen goes black, then leave both, then immediately press both again for 10 seconds and continue as explained above till iTunes detects it in recovery mode)

    Start fixrecovery43 which should detect the device in DFU mode and continue working.
    You must have internet connection at this point because fixrecovery download some stuff from Apple.

    fixrecovery writes some stuff to a DOS window, then exits and let the rest happen on the phone (which looks like a terminal with lot of stuff get written into)

    Once done, the iPhone reboot and Apple logo appears, followed by a progress bar for a short time, then the iPhone is running as normal and detected by iTunes which can activate, and restore.

    you can then jailbreak 4.3.3 iOS as normal


    Hope that helps and working for you.
    07-22-2011 12:04 PM
  2. joseph74's Avatar
    Thanks so much .. that was so helpful..
    08-31-2011 07:18 PM
  3. mhassan.net's Avatar
    Thanks alot for our feedback
    09-07-2011 03:18 PM
  4. bpodnar's Avatar
    I've tried to do a restore on my iPhone 4 with 4.3.3 but on last step when fixrecovery do his job my screen stays black, no apple logo, iPhone isnt rebooting. Now I have dead iPhone. How to fix that?
    10-10-2011 06:21 AM
  5. [HP]'s Avatar
    I'm with bpodnar!

    I followed everything, but exactly in the last step, the iphone never restarted. Now I just have a black screen and nothing works. I believe it's in Infinite DFU Loop.

    Erm.... urgent please?!
    10-24-2011 06:02 PM
  6. hpcomputergeek's Avatar
    I'm with bpodnar!

    I followed everything, but exactly in the last step, the iphone never restarted. Now I just have a black screen and nothing works. I believe it's in Infinite DFU Loop.

    Erm.... urgent please?!
    Hold down the home+power buttons for 10-20 seconds and it should turn on.
    10-24-2011 06:48 PM
  7. [HP]'s Avatar
    Tried that, it does'nt. Thanks for the help anyway.

    I'll try on my laptop, maybe I'll get more lucky since I'm getting yet another error now (2005) which is aparently low USB speed and I got it conected to my board.
    10-24-2011 06:50 PM
  8. hpcomputergeek's Avatar
    Tried that, it does'nt. Thanks for the help anyway.

    I'll try on my laptop, maybe I'll get more lucky since I'm getting yet another error now (2005) which is aparently low USB speed and I got it conected to my board.
    Yea, try on your laptop.
    10-24-2011 06:51 PM
  9. [HP]'s Avatar
    I did. It kept on giving me the error 1600, which makes sense cos to restore it needs to be in restore mode not DFU mode, and I'm stuck in DFU mode. probably pwned dfu mode
    10-24-2011 07:04 PM
  10. hpcomputergeek's Avatar
    I did. It kept on giving me the error 1600, which makes sense cos to restore it needs to be in restore mode not DFU mode, and I'm stuck in DFU mode. probably pwned dfu mode
    Did u do shift+restore?
    10-24-2011 07:21 PM
  11. [HP]'s Avatar
    Yes of course, Im trying to load iPhone3,1_4.3.3_8J2_Restore, untouched from apple.

    Gives me the error 3194, here on my PC, which I can fix if I run TSS on tinyumbrella.
    After fixing that, I get the error 2005.

    I tried to click Fix Recovery on tinyumbrella, and it gives me a white screen on the iphone then it starts loading all the crap from the fixrecovery43 if I'm not mistaken, and as soon as it ends, black screen again.
    10-24-2011 07:25 PM
  12. hpcomputergeek's Avatar
    Yes of course, Im trying to load iPhone3,1_4.3.3_8J2_Restore, untouched from apple.

    Gives me the error 3194, here on my PC, which I can fix if I run TSS on tinyumbrella.
    After fixing that, I get the error 2005.

    I tried to click Fix Recovery on tinyumbrella, and it gives me a white screen on the iphone then it starts loading all the crap from the fixrecovery43 if I'm not mistaken, and as soon as it ends, black screen again.
    Did you use iTunes 10.3?? That's a very old version of iTunes. Try updating iTunes and try restoring again.
    10-24-2011 07:32 PM
  13. [HP]'s Avatar
    I thought that too, so I installed very latest. 10.5

    Still no luck.

    I tried to run iREB-r4 and fix everything, still error 2005.
    Last edited by [HP]; 10-24-2011 at 07:36 PM.
    10-24-2011 07:32 PM
  14. hpcomputergeek's Avatar
    I thought that too, so I installed very latest. 10.5

    Still no luck.

    I tried to run iREB-r4 and fix everything, still error 2005.
    Well, sad to say this. Go to the apple store and they'll get you restored. If not, you got a broken iDevice.
    10-24-2011 09:33 PM
  15. [HP]'s Avatar
    Yeah, here's a friendly advice everyone, stay away from iREB!!!!
    10-25-2011 11:59 AM
  16. hpcomputergeek's Avatar
    Yeah, here's a friendly advice everyone, stay away from iREB!!!!
    IREB usually works.
    10-25-2011 04:20 PM
  17. Madeline Tanderre's Avatar
    This seemed to fix my error 1601 problem pretty quick... How To Fix Stuff: How To Fix iTunes Error 1600,1601,1602,164
    09-22-2013 03:38 PM
LINK TO POST COPIED TO CLIPBOARD