apdump – Dump onboard SHSH Blobs without Jailbreak

apdump is a utility that dumps the onboard SHSH Blobs of a jailbroken device. It is developed by developer gjest.

Well, the apdump is what people usually call an SHSH Blob. SHSH are no longer in use, but people kept calling apdumps this way because the term was much better known. Starting from iOS 5, Apple replaced the old SHSH blobs with the apdumps. 64-Bit devices always used them. In TSS Saver, you save an apdump, not an SHSH Blob.

If you missed the window when the iOS version was signed Want to degrade in the future, you could still overturn the apdump from the device itself. However, there are some caveats when using this method.



The APTicket contains the signed hashes that allow the device to boot. APTickets were introduced with iOS 5 and sometimes referred to as “the new SHSH blobs”. The purpose of the signatures is to prevent people from downgrading or putting Android or other custom firmware on their devices.

Older devices (32-bit) used traditional SHSH blobs on iPhone iOS 3 and iOS 4, and APTickets and SHSH blobs on iOS 5-10. Newer appliances (64-bit) have always used APTickets only (iOS 7-11).

The term SHSH blobs often refer to both traditional SHSH blobs and APTickets (nowadays “save your iOS X.Y blobs” means “get your APTicket for iOS X.Y while you still can”).

What is apdump?

This is an application for those who want to back up the APTicket a device that is not jailbroken should be useful in the future.

How does it work?

  • The user sideloads the application.
  • Once the user runs, reads the file SHSH present at this location – /System/Library/Caches/apticket.der in a plist container.
  • Then you can dump the APTicket using any of the options.

How to save apdump (SHSH Blobs) From Device For Future Downgrade (No Jailbreak Required)

The APTicket you empty the device does not contain a nonce generator. There is some diffusion of misinformation online that APTickets dumping is not valid. They are. You can even check the img4tool use. The problem is that, currently, there is no one program can use with these APTickets, but that does not mean that the situation cannot change in the future.

Although you cannot use the APTicket as you use a blob saved SHSH spilt into the future restoration for now, in the future, these tickets could be beneficial. It is worth saving; primarily as the tools used to do so does not require the device jailbroken.

How is it Useful?

APTickets are unique to each device and iOS build.

Given that your flair is correct, your current APTicket is a permission to use iOS 10.2, granted to your iPhone 6 by Apple. It cannot be used with another iPhone 6, and it cannot be used to boot, e.g. iOS 10.2.1.

We save APTickets / blobs to be able to install a specific version at a later time, even after Apple stopped handing out permissions for it.

Traditional SHSH blobs could be replayed, but APTickets get rid of that problem by also containing a random 20 or 32-byte nonce.

This means that you cannot “ask for permission” to use iOS 11.0.3 now and use that permission in half a year since the device would ask for a different nonce than the one you used to save the ticket.

Sharing options:

  • Pasteboard: text representation of plist only
  • Mail: subject, device/ticket information (ECID hexadecimal and December shape, pattern, system version/build), file object attached
  • Posts: file object (9+ iOS only), information device / ticket assistance, text representation
  • Notes: file object (iOS 9)

Please note that at the moment there is no way to restore using the ticket without also knowing the generator of the nonce, but that could change in the future (e.g. if support for iOS 9 and higher is brought to the loader for 64-bit).

The app extracts the nonce and presents it to the user (as part of the filename and when sharing as to Mail/Messages), so those who want to attempt to recover the generator can do that.