Challenge For Jailbreakers.

It looks like Apple is close to aggressively combat the “replay attacks” that have till currently allowed users to use iTunes to revive to previous firmware versions using saved SHSH blobs.

Those of you who are jailbreaking for a minute have in all probability heard us periodically warn you to “save your blobs” for every firmware using either Cydia or TinyUmbrella.  Saving your blobs for a given firmware on your specific device permits you to revive *that* device to *that* firmware even when Apple has stopped signing it.  That’s all close to amendment.
Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being employed very similar to the “BBTicket” has continually been used.  The LLB and iBoot stages of the boot sequence are being refined to rely on the authenticity of the APTicket, that is uniquely generated at every and each restore (in different words, it doesn’t rely simply on your ECID and firmware version…it changes on every occasion you restore, based mostly partly on a random number).  This APTicket authentication can happen at each boot, not simply at restore time. as a result of solely Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

This will solely have an effect on restores beginning at iOS5 and onward, and Apple are going to be able to flip that switch off and on at can (by gap or closing the APTicket signing window for that firmware, like they are doing for the BBTicket).  geohot’s limera1n exploit happens before any of this new checking is finished, thus tethered jailbreaks can still continually be attainable for gadgets where ( limera1n ) applies and  Also, restoring to pre-5.0 firmwares with saved blobs can still be attainable (but you’ll soon begin to want to use previous iTunes versions for that).  iTunes ultimately is *not* the part that matters here..it’s the boot sequence on the device beginning with the LLB.

Although it’s continually been simply “a matter of time” before Apple started doing this (they’ve continually done this with the BBTicket), it’s still a big move on Apple’s half (and it conjointly dovetails with bound technical necessities of their upcoming OTA “delta” updates).

Note: though there should be ways in which to combat this, a beta amount is admittedly not the time or place to debate them.  We’re simply letting you recognize what Apple has already worn out their existing beta releases — they’ve stepped up their game!

Shortlink:

Posted by Paracha on December 16, 2011. Filed under Apple, Technology. You can follow any responses to this entry through the RSS 2.0. Both comments and pings are currently closed.