Apple Getting Smarter. Set to Destroy SHSH Restoring for iOS 5
Apple is getting a little smarter it seems in shutting down jailbreakers abilities to restore their iPhones to previous firmware. The method we commonly use today to install previous versions of firmware, whether it be for Cydia app compatibility, or because the latest iOS does something that we don’t want or like, users have always had the ability to downgrade as long as they took care to save a few numbers and letters on a private server someplace beforehand.
It looks as if that is about to change. With iOS 5, Apple is showing a means of disabling the restoration method we are so familiar with. It seems SHSH Blobs just aren’t going to cut it anymore. Much like the iPhone baseband does currently, firmware on iPhone, iPod Touch, and iPad is taking a big step toward being irreversible upon update.
Musclenerd has tweeted the whole unfortunate story in a series of tweets via Twitter. Here’s all of them slammed together.. get your tissues ready:
Uh oh…the days of restoring with saved SHSH blobs are nearing an end :( Apple is getting much smarter with the APTicket. Everything is now in place for Apple to do on the AP side what it does on the BB side (nonces with signing windows). They can’t undo the access limera1n provides (tethered JB booting) but they’re about to eliminate SHSH blob replay attacks. They’ll be enforcing this starting in the LLB. Pre-5.0 restores w/saved blobs will remain OK (with older iTunes though).
He mentions a few good points here though. First off, current devices will ALWAYS BE ABLE TO JAILBREAK no matter what firmware, due to the Limera1n hardware exploit. Also, these changes that are being made by Apple look to only effect iOS 5 and on. For those who wish to go to iOS 4 at all, your SHSH Blobs being saved (needing to be saved already that is) should be sufficient still for a downgrade. However, it looks as if that will be the end of the line as far as going back in time.
Ultimately, they do this in iOS 5 by implementing a system which actually CHANGES your SHSH Blobs (randomizing it) upon a reboot… so everytime your iPhone reboots, the blobs for that firmware are changed. This makes things for the end user, when it comes to downgrading very difficult, and impossible with the current method of doing so. The dev-teams newest blog post about this matter can explain even more to help you understand. You can read that HERE.
There is no real way to tell if this will end up stopping things completely though. You never know what a little patience can do later on, or what a mysterious (or well-known) hacker can do with this new firmware as time goes on. Stay tuned for more as it develops!