No device data was set. Please select a device from the list.

How does iOS Firmware Signing Work?

iOS Firmware signing is controlled directly by Apple through their TATSU Signing Server (TSS). This server replies to your device’s requests to downgrade, upgrade, or install a certain iOS version. If the iOS version is currently allowed by Apple, the TSS server will reply back with a signed ticket that we call an SHSH2 blob. The phone validates the blob on its end and begins the restore.

In the case the iOS version you try to downgrade to is not currently signed, the TSS server will simply reply with an error code and the device will have no blob, so the restore will fail.

Over the years, people have exploited these TSS responses by saving them to a file while the iOS version was still signed so they could use them later. The practice worked for a very long time and it allowed all sorts of downgrades to happen thanks to the locally saved SHSH blobs.

Nowadays, saving SHSH2 blobs is still possible and still useful, but because SEP and Baseband components cannot simply be downgraded, we have to rely on their compatibility amongst multiple versions. For example, even with saved SHSH2 blobs, if you want to downgrade to iOS 14.3 while iOS 15.6 is the latest version, that will just not work. Sure, you have a valid SHSH2 blob, the device won’t complain, but the SEP and Baseband from iOS 15.6 is simply not compatible with iOS 14.3 thus breaking everything SEP + BB handles (FaceID, TouchID, File System Encryption, Passcode, Keychains, Cellular connection, etc.) this will bootloop the device.

It’s still recommended to save your SHSH2 blobs even to this day, because it many cases it can still be a viable way of downgrading / upgrading. Nowadays the best cross-platform and open-source way of saving iOS SHSH2 blobs for signed iOS versions and Betas, remains BlobSaver on GitHub.

*RC = Release Candidate, the final version of a Beta iOS version which eventually becomes the stable release with a different build number.”;