Apple to Block SHSH Downgrade With Next iPhone?

[-aggie-]

Interesting article that I haven't seen being discussed:

http://www.ihackintosh.com/2010/03/the-end-of-restores-to-previous-firmwares/

The text:

Apple to Block SHSH Downgrade With Next iPhone
28 March 2010 by Osornior

The firmwareumbrella published in his blog that he found a new key named APTicket that might be a means for Apple to stop us jailbreakers from restoring to versions of firmwares that are not signed anymore.

This would mean Apple would get complete control over what you restore and when you restore it. While jailbroken devices are able to accept custom firmwares, the new bootroom 3gs and the ipt3g and MC can’t be restored to a custom firmware as of now, so this might become a real situation for the devices to come. This is, of course, until the great team of iPhone hackers, finds a workaround.

Here is an extract from thefirmwareumbrella

“My guess is that in future versions of iTunes, Apple will probably handle the TSS request/response and later this year implement the code to process the response in the actual bootrom of the device. Here’s what I mean:

The newer iTunes versions will send a certificate request in the TSS request by adding a new key to the TSS request.
Their TSS server will create a new certificate with an effective date attached to it. (Making it invalid if used after that date) Until the new bootrom rolls out, iTunes will handle the decrypting of the response blobs using the nifty new signed certificate response ala APTicket.

Once Apple ships new devices with the bootrom capable of validating the new APTicket (or whatever they call it in the future) they can add logic to check the bootrom of the device and conditionally process the response from the TSS server(for old bootroms) or allow the device to process it(for new bootroms).

Looking at the above, it’s a fairly bullet-proof means of stopping local restores. Since the APTicket will be signed and likely shsh’ed I wouldn’t be surprised if they load APTicket or something like unto it BEFORE the LLB is loaded. This way they can not only control what VERSION of the firmware you install, they can also control WHEN you can install it by a means with far longer and sharper teeth.

If they implement the above, the only means of restoring will be via jailbroken device.”

And here is a response to the post from geohot

“Welcome to proper challenge response, guess someone at Apple finally read a book on security. At least it’s not in the bootroms yet.”

Guess we will have to sit tight and wait to see how this next movement of the overlord unfolds.

 

[VulchR]

My 3GS is not JB'ed, but in general I wish the folks at Apple would spend their time improving the iPhone software and hardware than getting into an arms race with hackers.

 

[thelatinist]

Interesting article that I haven't seen being discussed:

http://www.ihackintosh.com/2010/03/the-end-of-restores-to-previous-firmwares/

The text:

Well, yes, notcom posted this on http://thefirmwareumbrella.blogspot.com/ over a month ago. But this was always expected; downgrades with SHSH were only ever possible because Apple didn't implement even the most basic security on the signature check. You can't really expect them to continue to allow what is perhaps the largest public Man-in-the-Middle attack in history...

 

[terraphantm]

If it will be based on the effective date, why not just change the date on the iphone before restoring?

 

[gixxerfool]

If I'm reading this right, which I don't think I am, does this mean that everyone should hold off on updating iTunes as well?

 

[ngenerator]

If I'm reading this right, which I don't think I am, does this mean that everyone should hold off on updating iTunes as well?

Well yes, a jailbreaker should always hold off on updating anything (iTunes+iPhone). At least until the dev-team or MN gives the "all clear".

 

[phrint]

If I'm reading this right, which I don't think I am, does this mean that everyone should hold off on updating iTunes as well?

I wouldn't necessarily think that withholding on the upgrading of iTunes itself will do anything. To me, it seems that the technology discussed in the article needs to be implemented in the bootrom of the device meaning that Apple can dictate restoring rules to newer devices with the code but not older ones. If this is correct, then the 3G and the early 3GS values are going to skyrocket in the secondary market.

 

[gixxerfool]

Well yes, a jailbreaker should always hold off on updating anything (iTunes+iPhone). At least until the dev-team or MN gives the "all clear".

That's good advice. I never thought there would be an issue with updating iTunes. Th phone makes sense though.

 

[Applejuiced]

That sucks.
Keeps getting harder and harder to do whatever you want to your own device

 

[-aggie-]

That sucks.
Keeps getting harder and harder to do whatever you want to your own device

And everyone talks about how bad Microsoft is!? Apple, the new and improved Microsoft. Welcome to 1984.

It's time for two kids in a garage to start a new company.

 

[Applejuiced]

Yep, its hard as it is now to keep a JB 3GS without having to jump thru 10 hoops.
I imagine the next iphone will be a bigger pain to deal with when it comes to JB.
Hope the JB community comes out strong and finds workarounds over these new measures.

 

[ifruitfly]

sad, very-very sad... jobbs' is the personification of hypocrisy in so many--very ironic--ways. i hope his hubris cuts into sales. i, for one, would be very happy to leave the iphone for another device that had the functionality and freedom that a JB provides. perhaps its high time for a linux-phone?