Clean up your inbox today and keep it that way forever

Apple Blocks SHSH Blob Method Of Downgrading Firmware Versions In iOS 5

Apple and the jailbreak community have always enjoyed somewhat of a cat-and-mouse game between them and today we are learning that Apple has pounced to fix up one of the common circumventions used by jailbreakers. The circumvention in question doesn’t involve an actual exploit to jailbreak devices but rather a way that people were using to downgrade from one iOS version to another – often to a version that was capable of being jailbroken.

Apple had implemented a system where it would only authorize certain iOS builds to be installed, making it nearly impossible for downgrades. The circumvention was that by using SHSH blobs people could use iTunes to restore to a previous firmware version. According to what the jailbreak Dev-Team has said in a blog post today, that is all changing in iOS 5 as Apple moves to a new signing process. As the Dev-Team explains, the new process will become much more like the BBTicket (Baseband Ticket), which will make it much more difficult to reverse engineer:

Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

It isn’t all bad news though, restoring to pre-iOS 5 firmware versions will still be possible (although it will probably require an old version of iTunes) and tethered limera1n exploits will not be affected by this. As for why Apple has decided to now change this process, the Dev-Team explains that it was only a matter of time before Apple made the changes and that with delta iOS updates, it was made all the more necessary. The Dev-Team ends the post by noting that whilst Apple has “stepped up their game”,  there may be ways to combat this move.

[Via Dev-Team Blog]

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.