Dev Team說：Blob monster

[iPhone派報生]

It looks like Apple is about to aggressively combat the “replay attacks” that has until now allowed users to use iTunes to restore to previous firmware versions using saved SHSH blobs.

Those of you who have been jailbreaking for a while have probably heard us periodically warn you to “save your blobs” for each firmware using either Cydia or TinyUmbrella (or even the “copy from /tmp during restore” method for advanced users).  Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it.  That’s all about to change.

Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used.  The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number).  This APTicket authentication will happen at every boot, not just at restore time.  Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket).  geohot’s limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible.  Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you’ll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it’s the boot sequence on the device starting with the LLB.

Although it’s always been just “a matter of time” before Apple started doing this (they’ve always done this with the BBTicket), it’s still a significant move on Apple’s part (and it also dovetails with certain technical requirements of their upcoming OTA “delta” updates).

Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them.  We’re just letting you know what Apple has already done in their exisiting beta releases — they’ve stepped up their game!



更多...

[Hiraku]

囧了，看起來是Apple改變了認證，導致以後除了SHSH之外還有一個隨機亂數
而且這個亂數是每次重刷都會不一樣的...
總之iOS5的SHSH降級會變得更難

[johnchau]

讓我想升上ios5的慾望又更低了....

[hata0628]

看來以後變成要嘛你就升級等jb不然就乖乖用舊版........

這樣如果系統不穩想重刷就麻煩了!!!

[魔術師~小皮]

我早上看到這個也是 心揪了一下=_=

[ttsugar]

個人以為Apple這麼做只會斷了未來市場買方的意願 差不多該跟iPhone說再見了. Android 看起來倒是方便不少. 最近用過的幾支Android跟iPhone 4也不相上下. 開網頁的速度還些許勝出.

[魔術師~小皮]

個人以為Apple這麼做只會斷了未來市場買方的意願 差不多該跟iPhone說再見了. Android 看起來倒是方便不少. 最近用過的幾支Android跟iPhone 4也不相上下. 開網頁的速度還些許勝出.

我沒有實際求證過 不過
safari 本來開網頁的速度就..很後面**
不過 看有個影片好像說..
ios上面的新架構 讓safari
速度從2分變30分 變成贏的?

[thomasshan]

囧了，看起來是Apple改變了認證，導致以後除了SHSH之外還有一個隨機亂數
而且這個亂數是每次重刷都會不一樣的...
總之iOS5的SHSH降級會變得更難

我看iphone download blog上所描述的
似乎是"每次重開機"都會產生一個"隨機ECID"
必續透過金鑰來解碼, 而那個金鑰只掌握在Apple手上
所以5.0之後降版幾乎變得不可能

說真的, 不能JB的iPhone真的會讓我有點縮手
除非能有Activator, Sbsetting, RemoveBG一樣的功能
這樣我會考慮不JB..

我手上這隻IP 4我想會保留在4.x版
九月的IP 5(4s?)會讓我遲疑..(若是與IP 4沒太大差異)
不過我不會因此跳槽Android..
手機畢竟是拿來用的, 適合自己比較重要!!

[魔術師~小皮]

我看iphone download blog上所描述的
似乎是"每次重開機"都會產生一個"隨機ECID"
必續透過金鑰來解碼, 而那個金鑰只掌握在Apple手上
所以5.0之後降版幾乎變得不可能

說真的, 不能JB的iPhone真的會讓我有點縮手
除非能有Activator, Sbsetting, RemoveBG一樣的功能
這樣我會考慮不JB..

我手上這隻IP 4我想會保留在4.x版
九月的IP 5(4s?)會讓我遲疑..(若是與IP 4沒太大差異)
不過我不會因此跳槽Android..
手機畢竟是拿來用的, 適合自己比較重要!!

還有注音優化...
這些如果有內建..就太好了

[iesmicky]

如果Cydia中的軟體能在App Store買(能用??)就好了XD