Blob Monster
It looks same Apple is most to aggressively conflict the “replay attacks†that hit until today allowed users to ingest iTunes to modify to preceding code versions using ransomed SHSH blobs.
Those of you who hit been jailbreaking for a patch hit belike heard us periodically warn you to “save your blobs†for apiece code using either Cydia or TinyUmbrella (or modify the “copy from /tmp during restore†method for modern users). Saving your blobs for a presented code on your specific figure allows you to modify *that* figure to *that* code modify after Apple has stopped signing it. That’s every most to change.
Starting with the iOS5 beta, the role of the “APTicket†is changing â€" it’s existence utilised such same the “BBTicket†has ever been used. The LLB and iBoot stages of the rush ordering are existence civilised to depend on the credibility of the APTicket, which is uniquely generated at apiece and every modify (in other words, it doesn’t depend but on your ECID and code version…it changes every instance you restore, supported partly on a random number). This APTicket marker module happen at every boot, not meet at modify time. Because exclusive Apple has the crypto keys to properly clew the per-restore APTicket, replayed APTickets are useless.
This module exclusive change restores play at iOS5 and onward, and Apple module be healthy to flip that alter soured and on at module (by opening or closing the APTicket signing window for that firmware, same they do for the BBTicket). geohot’s limera1n utilise occurs before some of this newborn checking is done, so tethered jailbreaks module ease ever be possible for devices where limera1n applies. Also, restoring to pre-5.0 firmwares with ransomed blobs module ease be possible (but you’ll presently advise to requirement to ingest senior iTunes versions for that). Note that iTunes finally is *not* the component that matters here..it’s the rush ordering on the figure play with the LLB.
Although it’s ever been meet “a matter of time†before Apple started doing this (they’ve ever finished this with the BBTicket), it’s ease a momentous advise on Apple’s conception (and it also dovetails with certain technical requirements of their upcoming OTA “delta†updates).
Note: though there may ease be structure to conflict this, a beta punctuation is really not the instance or locate to discuss them. We’re meet letting you know what Apple has already finished in their exisiting beta releases â€" they’ve stepped up their game!
No comments:
Post a Comment