Apple Strikes Blow Against Dev Team, Kills Downgrades And Untethered Jailbreaks in iOS 5

By

limetime1

Come iOS 5, Apple might finally win the war against jailbreakers. Even if the Dev Team prevails, though, Apple still might succeed in limiting jailbreaking to tethered exploits only, as well as finally axe the ability for users to downgrade to older versions of iOS.

According to the Dev Team, the latest iOS 5 betas axes the ability to save their SHSH blobs, which is what allows users to downgrade to previous iOS firmware versions through iTunes.

For jailbreakers, that means that the ability to roll back to a previous version of iOS will be limited to pre-iOS 5 firmwares, and even then only using older versions of iTunes. It’s not live now, but Apple can turn it on anytime they want.

Even from a non-jailbreaking perspective, it’s a troubling development: if Apple bones up a future iOS release as badly as they boned up iOS 4’s release for the iPhone 3GS, users will be powerless to downgrade to a version of iOS that works better.

It gets worse, though.

Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used.  The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number).  This APTicket authentication will happen at every boot, not just at restore time.  Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

Right now, what this means is that all existing non-tethered jailbreaking methods (i.e. jailbreaks that require the jailbreaking exploit to be rerun every reboot) will be toast when iOS 5 hits the update waves. The only exception will be geohot’s tethered limera1n exploit, which runs before the APTicket in the boot sequence.

So here where we are right now. In iOS 5, you’ll be more tightly locked into your current firmware than ever before, and unless the Dev Team finds some new exploits, tethered jailbreaking may be the only future iDevice jailbreaking has left. How will the mouse wiggle out of the cat’s paws this time?