November 23, 2024
Apple is Aggressively Combating the Ability to Downgrade With SHSH Blobs

Apple is Aggressively Combating the Ability to Downgrade With SHSH Blobs

Posted June 26, 2011 at 11:11pm by iClarified
The iPhone Dev-Team reports that Apple is about to aggressively combat the ability to restore to previous firmware versions using saved SHSH blobs.

Currently, iOS devices owners can save their SHSH blobs using a tool like TinyUmbrella. This allows you to restore to a firmware version that is lower than the firmware currently running on your device. According to the iPhone Dev-Team, Apple is now making this process much more difficult with iOS 5.

---
Starting with the iOS5 beta, the role of the "APTicket" is changing - it's being used much like the "BBTicket" has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn't depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.


This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket). geohot's limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible. Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you'll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it's the boot sequence on the device starting with the LLB.

Although it's always been just "a matter of time" before Apple started doing this (they've always done this with the BBTicket), it's still a significant move on Apple's part (and it also dovetails with certain technical requirements of their upcoming OTA "delta" updates).

Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them. We're just letting you know what Apple has already done in their exisiting beta releases - they've stepped up their game!
---

We'll keep you up to date with more information on the situation as it developers...



Apple is Aggressively Combating the Ability to Downgrade With SHSH Blobs
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (10)
You must login or register to add a comment...
Tom
Tom - June 27, 2011 at 8:05am
Only way to combat this is like I been saying DevTeam is working with apple! Hence the reason no unlock for newer basebands.
Tiddlekins
Tiddlekins - June 27, 2011 at 2:18am
This totally makes sense and I think that Apple is doing the right thing here. Jailbreaking in an era of OTA updates is just asking for trouble.
Steve Jobs
Steve Jobs - June 27, 2011 at 12:10am
The iPhone 5 we be released the second week of September. Good luck downgrading, jailbreaking, and unlocking this one.
hb
hb - June 27, 2011 at 12:40am
or just buy an unlocked iphone5! problem solved!
Larry Flynt
Larry Flynt - June 27, 2011 at 1:36am
Why would you think that? Any unlocking will have to go through your phone's provider (ie. AT&T, Sprint, etc), not Apple directly. As far as I know, there's no law saying your provider has to unlock a phone after the contract term is up. Unlocking a phone means potentially losing a customer to their competition, do you really think they'll be in any hurry to have that happen? If they do offer the ability to unlock your phone after the contract is up, you can sure as hell bet they're gonna charge you a not-so-small service fee for the "privilege".
Frank
Frank - June 27, 2011 at 2:08am
Tou should stress, Mr flint, that your comment only applies to USA ie AT&T locked iPhones because carrier unlocks for iphoneshave been going on for a while in most parts of the world.
DaWoman
DaWoman - June 27, 2011 at 4:11am
Since Apple started to sell unlocked iPhone 4's, they might also sell the next version of the iPhone (5?) unlocked as soon as it's released. There's a decent chance that we won't have to worry about unlocking future iPhones to use with any GSM carrier. Jailbreaking the next iPhone will definitely be a challenge.
Esteban Trabajos
Esteban Trabajos - June 27, 2011 at 4:42am
Lol steve jobs. hey seriously... No matter how much apple tryies, there is always a boy genius or other 3rd parties who will bring different methods to exploit our owned devices.
only a matter of time
only a matter of time - June 27, 2011 at 6:40am
It will still get jailbroken eventually . . In years to come, now that the like of Microsoft, HTC and Samsung are opening up bootloaders ..... this will probably change ...
Me
Me - June 27, 2011 at 1:32pm
iphone 4's were available unlocked from day one here in Canada (and other parts of the world) so my bet is that the iphone 5 will also be available unlocked from day one here :)
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS