See more...

iPhone Dev Team: Apple Stepped Up Their Game, Jailbreaking iOS 5 Becoming Harder

When the iOS 5 was announced and previewed by Apple in their keynote presentation back earlier in this month's WWDC, a good deal of features were announced that sparked great interests among the company's fan base. But along with the excitement, there are folks from the jailbreak community that are getting nervous because they know that Apple will do what it takes in order to give jailbreakers a hard time.

iOS 5 Jailbreak
At this time, it doesn't look the jailbreak community has backed down against Apple's countermeasures to combat jailbreaking because the iOS 5 Beta 1 was jailbroken merely hours after it was released. But there are jailbreak hackers who have admitted that Apple definitely stepped up their game in order to combat jailbreaking in the iOS 5. Some even claimed that it may have even killed their jailbreak tool for good.

Which definitely rings true, because although jailbreak solutions are available for the iOS 5, they are mostly tethered jailbreaks which many people would find to be less than ideal. Another testament to Apple's commitment to combat jailbreaking in iOS 5 is detailed in a blog entry by the iPhone Dev-Team. This concerns the restoration of previous firmware versions by saving SHSH blobs. According to the renowned iPhone hacker team, this trick won't be applicable anymore with the iOS 5.

Those of you who have been jailbreaking for a while have probably heard us periodically warn you to “save your blobs” for each firmware using either Cydia or TinyUmbrella (or even the “copy from /tmp during restore” method for advanced users).  Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it.  That’s all about to change.

Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used.  The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number).  This APTicket authentication will happen at every boot, not just at restore time.  Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

So basically, the saving the SHSH blobs only worked with previous iOS versions because it is based on the device's ECID number. Now it doesn't merely come down to your ECID and firmware version. Each time you restore now or even for each boot, you will be asked for a crypto key and only Apple has them.
iOS 5 Limera1n Exploit
Fortunately, all of this new checking happens before the limera1n exploit occurs so it is always possible to do a tethered jailbreak for applicable devices. Reverting to old firmware versions might still be possible but you may have to install an older version of the iTunes.

although there may still be ways to combat this, a beta period is really not the time or place to discuss them.  We’re just letting you know what Apple has already done in their existing beta releases — they’ve stepped up their game!

So needless to say, Apple indeed kicked it up a notch with regards to preventing (or at least made it tricky) jailbreaks on the iOS 5. Or it could be possible that jailbreak developers are merely taking it slow as the iOS 5 is still on its beta phase. After all it makes no sense to exhaust their time and resources to jailbreaking an iOS beta when it could be patched easily on the next release.

We'll just have to see how things will go once the final version is out.

Contact Us for News Tips, Corrections and Feedback

Related posts

Leave a message...