Home

A5-A6X Blobs Dumper Wiki

Instructions

Video: https://youtu.be/CpEwglZDheM (mostly identical, few visual changes)

1. Preparation:

• On your device install these packages from Cydia:
  • Core Utilities
  • Core Utilities (/bin)
  • OpenSSH
• Install OpenSSH on macOS too if needed, with homebrew: brew install openssh

2. Device Info:

• Open up a terminal window
• cd into where the scripts are:
  • e.g. on macOS: cd ~/Downloads/A5-A6X-Blobs-Dumper-master/
  • or on Windows: cd "/c/Users/`whoami`/Downloads/A5-A6X-Blobs-Dumper-master/"
• Now find the model of your device: connect device to computer, open iTunes/Finder, open the tab of your device, and click on the Serial Number, until Model Identifier or Product Type shows up, this is your device model
• Also note down the iOS version your device is currently on for later

3. Downloading Files

• In terminal, run ./prepare <device model> <ios version>
  • Replace <device model> with the model that you saw in iTunes and <ios version> with the version your device is currently on.
  • For example: ./prepare iPhone4,1 8.4.1
• This may download two IPSW's, the first doesn't necessarily match the iOS version you are saving blobs for, but is used for extracting some files
• Several minutes may be required to download everything, and the second IPSW will match your version and is used for saving the blobs.

4. Stitching IPSW:

• In terminal, run ./patchipsw <device model> <device IP>

  • Your device model is still the same one you saw in iTunes, and you can find your device's IP by going into Settings on the device. In Settings, open the Wi-Fi tab, and click on the (i) or (>) button next to the Wi-Fi network you are connected to, your device's IP is listed as "IP Address"
  • An example command for this would be: ./patchipsw iPhone4,1 192.168.1.88

• After running the command, you may be asked yes/no, enter in yes.

• You will now be asked for a password, the default password is alpine, so type this in, as you type in the password, it will look like nothing is being typed in, but it actually is, don't worry, just press enter once you've typed alpine into the password box.

• The next stage will take a few minutes to grab a file off your device, and then stitch it into the IPSW, along with a custom FirmwareBundle.

5. Entering kDFU mode:

• In terminal, run ./enterkdfu <device IP>
  • Again, replacing <device IP> with the one you got from your device
• You will be asked for a password again, the default one is alpine, remember nothing shows when you type the password but you are still typing it.
• After a few seconds, your device will reboot into kDFU mode, your screen will look completely black.
• Plug your device into the computer, or re-plug if it's already connected, and wait until iTunes/Finder says that it detected a device in Recovery Mode. Now just completely ignore iTunes for the rest of this tutorial, don't touch anything in iTunes: what ever iTunes says, just ignore it.

6. Dumping the blobs:

• First, set your System Date to the year 2012. This allows the blobs to be validated.
• Go back to your terminal window, and press Control + C on your keyboard.
• Now run ./dumpblobs <device model> <ios version>
  • Where device model is your device's model that you got at the start, and iOS version is the version of iOS your device is currently running, for example, if I had an iPhone 4S running iOS 8.4.1, and I wanted to dump the blobs for it, I'd type: ./dumpblobs iPhone4,1 8.4.1
• When asked, unplug your device then plug it back in to the computer! This is a very important step, the process will then continue in 16 seconds. The backlight of the device should now be on.
• A few moments later, your Blobs will be saved onto your Desktop (~/Desktop)
• You can now set your System Time back.
• Don’t lose this file, email it to yourself, upload it to cloud services, burn it to a CD, back it up. Never lose it!

Problems? See Troubleshooting

To restore using your saved blobs:

NOTE: Even though futurerestore v224 is an old release, the newer futurerestore v194 seems to have a problem with ECID matching on 32-bit devices, so use v224 linked above (v224 is older despite the version number). The Windows version of futurerestore here is compiled without libipatcher, so you'll have to restore using macOS, or in a macOS VM. Alternatively, use Legacy iOS Kit with shsh blobs.

• Download futurerestore v224
• On device, enter kDFU by either:
  • Using kDFU app, repo: https://lukezgd.github.io/repo/
  • Or follow this tutorial again up to entering kDFU mode, no need to proceed to dumping the blobs
• futurerestore:
  • To restore, run: ./futurerestore -t blobs.shsh --use-pwndfu --latest-baseband ipsw.ipsw
  • If device has no baseband (iPods and WiFi-only iPads), change --latest-baseband to --no-baseband
  • blobs.shsh are the blobs you've saved earlier using this method, and ipsw.ipsw is the one that matches the blobs.
  • Other methods can be used to preseve baseband if it was saved (latest is usually fine though)
• Finished