[Apple to Prevent iDevices from Being Rolled Back to Previous iOS Versions; iPad 2 Jailbreak Not Announced Yet]
Apple has always taken an offensive approach to Jailbreaking. In the webOS (HP's acquired OS from Palm) world, it is embraced by HP and called HomeBrew apps. What HP embraces, Apple fights vigorously. Most updates from Apple include some OS changes that hopes to hamper any progress that the Jailbreaking community had previously made. It is funny that they fight it, yet monitor it for ideas to "borrow" for their own use. iOS 5 is continues the fight.
According to the iPhone Dev Team Apple has stepped up its game when it comes to preventing iOS jailbreaking. iOS 5 is now said to prevent users from rolling the firmware back to a previous version.
We have some important updates for you today, jailbreak fans, which come “officially” all the way from the iPhone Dev Team. And before you start fantasizing about the iPad 2 jailbreak, which some people expected today, we’ll tell you right from the start that today isn’t a fun day.
The iPhone Dev Team talked about Apple’s plan on making your jailbreak experience a bit more miserable by preventing your devices from being rolled back to previous iOS versions. The new changes will occur once iOS 5 becomes official but what’s important here is that all current iDevices, up to the iPad 2, will be jailbreakable for life even after iOS 5 arrives.
It also means that some of you may not be able to install older iOS versions on your iDevices even if you have those SHSH blobs saved. But let’s take a look at the full jailbreak update that the iPhone Dev Team released today:
It looks like Apple is about to aggressively combat the “replay attacks” that have until now allowed users to use iTunes to restore to previous firmware versions using saved SHSH blobs.
Those of you who have been jailbreaking for a while have probably heard us periodically warn you to “save your blobs” for each firmware using either Cydia or TinyUmbrella (or even the “copy from /tmp during restore” method for advanced users). Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it. That’s all about to change.
Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.
This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket). geohot’s limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible for devices where limera1n applies. Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you’ll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it’s the boot sequence on the device starting with the LLB.
Although it’s always been just “a matter of time” before Apple started doing this (they’ve always done this with the BBTicket), it’s still a significant move on Apple’s part (and it also dovetails with certain technical requirements of their upcoming OTA “delta” updates).
Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them. We’re just letting you know what Apple has already done in their exisiting beta releases — they’ve stepped up their game!
While Apple goes on the counteroffensive with iOS 5 when it comes to jailbreaking and installing older firmware on its mobile devices, I don’t think the hackers working on jailbreak tools will sit by and let Apple have its way. On the other hand it’s way too early to talk about iOS 5 jailbreaking (and I do mean the final iOS 5 version, not the two betas which can already be jailbroken) so we’ll have to wait for iOS 5 to become official to see what’s next in the iOS jailbreaking world.
By Carl W. Brooks