Apple Steps Up Their SHSH Game, Combats Downgrading and Jailbreaking

Those who depend on falling back to a previous version of iOS to jailbreak may be in for a shock after they update to iOS 5. Starting in the newest version, you may not be able to downgrade to a jailbreakable OS with saved SHSH blobs. This is by way of MuscleNerd, who then wrote a post on the Dev-Team Blog about the issue:

Those of you who have been jailbreaking for a while have probably heard us periodically warn you to “save your blobs” for each firmware using either Cydia or TinyUmbrella (or even the “copy from /tmp during restore” method for advanced users).  Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it.  That’s all about to change.

Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used.  The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number).  This APTicket authentication will happen at every boot, not just at restore time.  Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

If you have the SHSH blobs for a pre-iOS 5 version of iOS, then you should always be able to downgrade. However, after iOS 5 has been the dominant operating system on the market for a while (say, a year or so), then there’s a good chance that you will be pressured to upgrade to iOS 5 because of app incompatibilities.

MuscleNerd does mention the following in the post:

Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them.  We’re just letting you know what Apple has already done in their exisiting beta releases — they’ve stepped up their game!

Even if they have plans or methods to get around the updates that Apple is imposing, discussing them when things could change so quickly and easily is never a good idea. We’ll keep you informed; there’s a possibility that after iOS 5 comes out, a new tool to use when downgrading will be released.

Post a response / What do you think?