Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Fake SHSH blobs & APTickets?

M

moonman239

Cancelled
Original poster
Mar 27, 2009
1,541
32
I'm just wondering if anyone's thought of the possibility of making a fake blob and APTicket for A5 devices. If I contacted the jailbreak devs, what do you think they'd say?

The idea is that people who don't have blobs or APTickets saved could downgrade to a jailbreakable firmware.
 
While they could be made, the iPhone wouldn't accept them as they would not be signed with Apple's private signing key.
 
Of course it has! :rolleyes: I'm sure it's been thought of a 1000 times but as of now it can't be done.. you can't beg barrow or steel it. unless you saved the shsh blobs yourself for that device..
 
If you could create fake APTickets and SHSH blobs, what would be the point of them repeatedly reminding people to save their blobs? Why not just fake them? Logic, please use it.
 
Intell said:
While they could be made, the iPhone wouldn't accept them as they would not be signed with Apple's private signing key.
Click to expand...

My theory is they could compare the SHSH blobs of multiple devices with known UDID's, then figure out how to make a signed SHSH blob & APTicket.
 
moonman239 said:
My theory is they could compare the SHSH blobs of multiple devices with known UDID's, then figure out how to make a signed SHSH blob & APTicket.
Click to expand...

Still won't work. Apple's key is an AES 256-bit key. Trying to reverse that key would take a very long time.
 
moonman239 said:
My theory is they could compare the SHSH blobs of multiple devices with known UDID's, then figure out how to make a signed SHSH blob & APTicket.
Click to expand...

By the time you do that, the iPhone would be a Microship embedded on people brains that allow you to make phone call between planets. ;)
 
moonman239 said:
My theory is they could compare the SHSH blobs of multiple devices with known UDID's, then figure out how to make a signed SHSH blob & APTicket.
Click to expand...

it can be done ofc my friend, it you can go you can also come back, but its illegal to fake the apple apticket, this is why is not public, maybe it can be done at home but you cant make it public, this is why dev team has stopped making public releases they have, it need to be legal so they can make it public, dont stop your dreams! All can be done! :D
 
What you're thinking of is great, but there is two issues. Firstly, it is against the law to fake the SHSH blobs and Apt tickets because of the 256-bit AES key. (I apologize if this is wrong, it is just a guess).
Secondly, the cracking process takes a long long time, unless you have a super computer far more powerful than the ones today.
 
Last edited:
NickNeeck said:
it can be done ofc my friend, it you can go you can also come back, but its illegal to fake the apple apticket, this is why is not public, maybe it can be done at home but you cant make it public, this is why dev team has stopped making public releases they have, it need to be legal so they can make it public, dont stop your dreams! All can be done! :D
Click to expand...

It is not illegal. The only laws it would break are the laws of mathematics. But they are pretty hard to break :)

Good cryptography is hard to bypass. Hard as in "impossible unless you have computational resources like the NSA". And probably even the NSA cannot do it.
 
Just to spell out what I meant (and did not mean):

It is impossible to fake the SHSH blobs without knowing Apples private key, and impossible to reverse-engineer the key, even for the NSA. It might be possible to break into their servers and get it that way. That would not break the laws of mathematics, but a lot of other laws :)

And it might be possible to bypass the SHSH mechanism by somehow disabling the checks in the firmware. Difficult (otherwise it would already have been done), but I would not put it beyond the various jailbreaking teams.
 
NanoNyrd said:
And it might be possible to bypass the SHSH mechanism by somehow disabling the checks in the firmware. Difficult (otherwise it would already have been done), but I would not put it beyond the various jailbreaking teams.
Click to expand...

The old bootrom 3Gs has the SHSH blobs check system bypassed. If you have one, you can put any iOS version on it. Even if you don't have the SHSH blobs for that firmware version.
 
JZTech101 said:
What you're thinking of is great, but there is two issues. Firstly, it is against the law to fake the SHSH blobs and Apt tickets because of the 256-bit AES key.
Click to expand...

Where are you getting this nonsense?

Secondly, the cracking process takes a long long time, unless you have a super computer.
Click to expand...

Even if you did, it'd take you forever because there is no known way to figure out an AES256 key other than by an exhaustive search. Which at 2^256 combinations will take you upwards of a century even on the fastest computer known to man.
 
moonman239 said:
My theory is they could compare the SHSH blobs of multiple devices with known UDID's, then figure out how to make a signed SHSH blob & APTicket.
Click to expand...

hardly, let us know how that task works out for you !

----------
NickNeeck said:
it can be done ofc my friend, it you can go you can also come back, but its illegal to fake the apple apticket, this is why is not public, maybe it can be done at home but you cant make it public, this is why dev team has stopped making public releases they have, it need to be legal so they can make it public, dont stop your dreams! All can be done! :D
Click to expand...

Why do people keep thinking this is illegal ?
Not illegal and not feasible.
.
 
CyBeRino said:
Where are you getting this nonsense?


It was just a guess.
Even if you did, it'd take you forever because there is no known way to figure out an AES256 key other than by an exhaustive search. Which at 2^256 combinations will take you upwards of a century even on the fastest computer known to man.
Click to expand...

And I meant a super computer faster than the ones we have now.
 
CyBeRino said:
Where are you getting this nonsense?



Even if you did, it'd take you forever because there is no known way to figure out an AES256 key other than by an exhaustive search. Which at 2^256 combinations will take you upwards of a century even on the fastest computer known to man.
Click to expand...

They can be solved pretty quickly by quantum computers. Of course we don't have access to such computers (yet), but I suspect they will become common place within 20 years or so.
 
Everybody has though of it TS; the reason nobody has done it to distribute is because is ILEGAL. THE END.
 
terraphantm said:
They can be solved pretty quickly by quantum computers. Of course we don't have access to such computers (yet), but I suspect they will become common place within 20 years or so.
Click to expand...

Yeah, but I didn't want to complicate matters further.

(Seriously though that's going to be a fun time for cryptologists.)
 
Carlanga said:
Everybody has though of it TS; the reason nobody has done it to distribute is because is ILEGAL. THE END.
Click to expand...

It is not illegal to decrypt Apple's private signing key and redistribute it. Look at the private key Apple uses in the Airport Express to encrypt AirTunes. It was extracted from the firmware about a year ago and reditributed on the internet. Apple has yet to sue the person who extracted it, update iTunes to blacklist that key, update the Airport Express to use a different, or anything else that even suggests that they care about that key being public. Bottom line, it is not illegal to decrypt Apple's SHSH blobs to extract the key(s) used for signing them.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back