The iPhone Dev-Team reports that Apple is about to aggressively combat the ability to restore to previous firmware versions using saved SHSH blobs.
Currently, iOS devices owners can save their SHSH blobs using a tool like TinyUmbrella. This allows you to restore to a firmware version that is lower than the firmware currently running on your device. According to the iPhone Dev-Team, Apple is now making this process much more difficult with iOS 5.
---
Starting with the iOS5 beta, the role of the "APTicket" is changing - it's being used much like the "BBTicket" has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn't depend merely on your ECID and firmware versionâ¦it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.
This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket). geohot's limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible. Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you'll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it's the boot sequence on the device starting with the LLB.
Although it's always been just "a matter of time" before Apple started doing this (they've always done this with the BBTicket), it's still a significant move on Apple's part (and it also dovetails with certain technical requirements of their upcoming OTA "delta" updates).
Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them. We're just letting you know what Apple has already done in their exisiting beta releases - they've stepped up their game!
---
We'll keep you up to date with more information on the situation as it developers...
Currently, iOS devices owners can save their SHSH blobs using a tool like TinyUmbrella. This allows you to restore to a firmware version that is lower than the firmware currently running on your device. According to the iPhone Dev-Team, Apple is now making this process much more difficult with iOS 5.
---
Starting with the iOS5 beta, the role of the "APTicket" is changing - it's being used much like the "BBTicket" has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn't depend merely on your ECID and firmware versionâ¦it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.
This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket). geohot's limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible. Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you'll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it's the boot sequence on the device starting with the LLB.
Although it's always been just "a matter of time" before Apple started doing this (they've always done this with the BBTicket), it's still a significant move on Apple's part (and it also dovetails with certain technical requirements of their upcoming OTA "delta" updates).
Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them. We're just letting you know what Apple has already done in their exisiting beta releases - they've stepped up their game!
---
We'll keep you up to date with more information on the situation as it developers...