iOS 5 could shut down SHSH downgrades?
According to the Dev-Team Blog, it looks like Apple might be making the practice of downgrading iOS using SHSH blobs, much more difficult. SHSH blobs are something stored by the Jailbreak store Cydia and utilities like TinyUmbrella and used to get around the requirement that Apple's servers sign every iOS installation. The Dev-Team says the new measures have something to do with the process behind over-the-air (OTA) updates.
Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.
This will only be in place for iOS 5 onward, and only when Apple makes use of it. It also can't stop limera1n, which happens before these checks in the boot sequence. What, if any, workaround may be possible the Dev Team doesn't say... and won't until iOS 5 is out of beta.
Whether or not Apple is actually targeting Jailbreak with this is difficult for me to say. I've often conjectured that Apple enjoys the "incubator" that is Jailbreak -- a way for para-iOS features to be tested on a large user base without having to sanction it, and a way to serve the hardcore market without having to support it. They've even ignored exploits in past iOS point updates. We'll have to wait and see if a) Apple implements it in furtherance of OTA updates, b) if the Dev-Team finds a way around it, and c) how Apple responds to any circumvention.
Editor-in-Chief of iMore, Executive Producer at Mobile Nations, co-host of Iterate and ZEN and TECH, cook, grappler, photon wrangler.
| Tweet |
|
|
← Previously
iPad Live, tonight at 9pm EDT. Be there!Leave a Reply
Note: Comments must be civil, respectful, and on-topic. If a comment does not add to the conversation, if it contains spam advertising, or inappropriate language or content, it will be removed. Insulting the topic, author, staff, site, network, or other commenters will result in the comment being marked as spam and potential prevent future comments from appearing on the site. Do not post as a business or your comment will likely be confused with spam. Comments containing links may be held for moderation. Relax, enjoy, and share in the discussion.
Apple should be smart and not shutdown the JB community, they get an entire development community to do R&D and testing for free.
Yup.. The community exploit iOS yet injected many extra feature for iUsers that proven used by apple. Fight the piracy, not creativity.
I wonder if this is just a new security precaution for OTA updates. Apple has left Jailbreak alone for so long / employed their programmers it seem strange that they are picking up the fight again now. As you say, time will tell.
It would be interisting if Apple gave us an app that would allow access to Cydia and the installation of JB apps, perhaps with a user acknowledgement that if JB apps were used, Apple would no longer provide support for the decvice until all JB apps were removed and the device was restored to original non-JB contition.
thats an oxymoron. they provide an app to do something they don't support? sorry, but no. the legalities of that would be too problematic for them
+1 embrace your opposition, don't make enemies of them.
Doesn't matter. Decide what OS you want to run, then jailbreak.
The SHSH blobs are in my pants.