{"id":5576,"date":"2011-06-27T10:36:18","date_gmt":"2011-06-27T18:36:18","guid":{"rendered":"http:\/\/www.perivision.net\/wordpress\/?p=5576"},"modified":"2011-08-19T17:11:58","modified_gmt":"2011-08-20T01:11:58","slug":"serious-challenge-to-jailbreakers-in-ios-5-dont-upgrade-yet","status":"publish","type":"post","link":"https:\/\/www.perivision.net\/wordpress\/2011\/06\/serious-challenge-to-jailbreakers-in-ios-5-dont-upgrade-yet\/","title":{"rendered":"Serious challenge to Jailbreakers in iOS 5. Dont upgrade yet"},"content":{"rendered":"<p><a href=\"https:\/\/www.perivision.net\/wordpress\/wp-content\/uploads\/2011\/01\/iphone_jailbreak_pirate.jpg\"><\/a><a href=\"https:\/\/www.perivision.net\/wordpress\/wp-content\/uploads\/2011\/01\/iphone_jailbreak_pirate.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-4006\" title=\"iphone_jailbreak_pirate\" src=\"https:\/\/www.perivision.net\/wordpress\/wp-content\/uploads\/2011\/01\/iphone_jailbreak_pirate.jpg\" alt=\"\" width=\"273\" height=\"336\" srcset=\"https:\/\/www.perivision.net\/wordpress\/wp-content\/uploads\/2011\/01\/iphone_jailbreak_pirate.jpg 273w, https:\/\/www.perivision.net\/wordpress\/wp-content\/uploads\/2011\/01\/iphone_jailbreak_pirate-243x300.jpg 243w\" sizes=\"auto, (max-width: 273px) 100vw, 273px\" \/><\/a>iOS 5 is still not official, but you may want to hold off even when it launches.\u00a0 Seems that there have been some major changes to iOS5 that will make jailbreaking much harder.\u00a0 Currently, when you jailbreak you phone, you are basically overriding the OS to allow access to certain API calls that are not officially supported.\u00a0 As all jailbreakers know, once you update the OS, you have jailbreak it again, and reinstall everything again because the new OS does a complete overwrite.\u00a0 Thats all fine and good and we have gotten use to that.\u00a0 However, word is going around that the new version of iOS 5 will check the authentic of the OS on every boot, not just load whatever version its told to load.\u00a0 It does not work exactly like this, I&#8217;m explaining this in simple terms.\u00a0 Here is a more exact description of what is going on straight from the <a href=\"http:\/\/blog.iphone-dev.org\/post\/6952986620\/blob-monster\">Dev-Team blog..<\/a><\/p>\n<blockquote><p>Starting with the iOS5 beta, the role of the \u201cAPTicket\u201d is changing \u2014  it\u2019s being used much like the \u201cBBTicket\u201d has always been used. \u00a0The LLB  and iBoot stages of the boot sequence are being refined to depend on the  authenticity of the APTicket, which is uniquely generated at each and  every restore (in other words, it doesn\u2019t depend merely on your ECID and  firmware version\u2026it changes every time you restore, based partly on a  random number). \u00a0This APTicket authentication will happen at every boot,  not just at restore time. \u00a0Because only Apple has the crypto keys to  properly sign the per-restore APTicket, replayed APTickets are useless.<\/p><\/blockquote>\n<p>So what does that mean to us now?\u00a0 Basically, as long as you are in iOS4, nothing.\u00a0 So stay there untill the crack masters figure out a way around this.\u00a0 I&#8217;m guessing the logical approach is at the iBoot stage, let it &#8216;think&#8217; its loading the correct APTicket, whatever it is, and then redirect to the cracked Blob. Time will tell.<br \/>\nHopefully this is clear enough, but if you still do not feel like you understand, have a look at a comment made by <a href=\"http:\/\/intensedebate.com\/people\/aksansai\">aksansai<\/a>. I think he <em><\/em>clearified thing quite nicely.\u00a0 If you have already read this far and still feel confused, give this a read.<\/p>\n<blockquote><p>1) The new method of signing APTickets will prevent you from moving back  and forth in the iOS 5.x branch of releases. Since the iOS 4.x firmware  are based on ECID and firmware version, you&#8217;ll be able to use your  saved SHSH blobs to revert back to iOS 4.x (assuming [a] you have an  older iTunes handy [b] have your iOS 4.x SHSH blobs saved [c] have the  ability to serve out [replay] the SHSH blobs to iTunes upon restore &#8211;  via TU, for example). This means that all current devices, with the  exception of iPad 2, will be able to move between iOS 4 and iOS 5 (most  current ONLY) without issue.<\/p>\n<p>2) The new method does not prevent  jailbreaking. At the moment, a tethered jailbreak is still possible due  to the ubiquitous limera1n hardware exploit used. If (and when) a  usable exploit in the iOS 5.x releases is discovered, an untethered  jailbreak can be fashioned.<\/p>\n<p>What this boils down is making the  iOS release similar to the baseband release. If you &#8220;accidentally&#8221;  upgrade from one release of iOS 5 to another, you&#8217;re stuck at the later  release without the ability to downgrade. There&#8217;s a plethora of reasons  to want to back-peddle to an earlier release of iOS. Downgrading from  iOS 4.3 to iOS 4.2.1 in the early phases of the jailbreak was desired  because many tweaks were incompatible with the newly introduced ASLR.  Folks relying on ultrasn0w *were* limited to using an older release  because of incompatibilities with iOS 4.3.<\/p>\n<p>Now, if there is  some desired behavior present in iOS 5.0 that is corrected in a later  release, you&#8217;re fine until you upgrade. If you upgrade and want that  desired behavior, you&#8217;re forced into a holding pattern until the  behavior is made available again in the newer release. This is probably  more to do with an untethered jailbreak more than anything else. As long  as you&#8217;re using a device with the limera1n exploitable bootrom, you  have a method of jailbreaking (tethered).<\/p>\n<p>iPad 2\/iPhone 5  consumers will no doubt be the biggest headache group due to this change  because if they accidentally upgrade to a later version of iOS 5  without a userland exploit (assuming a hardware exploit is not found),  they lose their ability to jailbreak altogether until yet another  userland exploit is discovered. Considering the difficulties that the  Chronic Dev Team and @comex have been facing with the iPad 2 (still  without a reliable jailbreak), this is where the headaches will be.<\/p>\n<p>OTA  updates for Apple is no doubt a huge boon for them allowing them to  hot-patch devices without requiring the user to hook-up, update  firmware, and restore from a backup. Assuming that OTAs can be easily  disabled, smooth sailing on the installed release of iOS 5 should be  peachy. However, older releases of firmware tend to get left out in the  cold the older they get via App Store apps. Taking advantage of new  features will no doubt cause certain apps to require iOS 5 (much like  many require iOS 4 today).<\/p>\n<p>I&#8217;m glad that folks like the iPhone  Dev Team are keeping watch with these types of changes. I know good and  well that Apple&#8217;s very keen use of PKI in their architecture gives them a  huge advantage, especially given their evolving methods. But, like all  things human &#8211; nothing is perfect.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>iOS 5 is still not official, but you may want to hold off even when it launches.\u00a0 Seems that there have been some major changes to iOS5 that will make jailbreaking much harder.\u00a0 Currently, when you jailbreak you phone, you are basically overriding the OS to allow access to certain API calls that are not&hellip; <a class=\"read-more\" href=\"https:\/\/www.perivision.net\/wordpress\/2011\/06\/serious-challenge-to-jailbreakers-in-ios-5-dont-upgrade-yet\/\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":4006,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[755,577,3,4,455],"tags":[1336,1335],"class_list":["post-5576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ios","category-ipad","category-iphone","category-jailbreak","category-rumor-control","tag-dev-team","tag-jailbreak-5"],"jetpack_featured_media_url":"https:\/\/www.perivision.net\/wordpress\/wp-content\/uploads\/2011\/01\/iphone_jailbreak_pirate.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pjzQD-1rW","_links":{"self":[{"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/posts\/5576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/comments?post=5576"}],"version-history":[{"count":5,"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/posts\/5576\/revisions"}],"predecessor-version":[{"id":5836,"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/posts\/5576\/revisions\/5836"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/media\/4006"}],"wp:attachment":[{"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/media?parent=5576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/categories?post=5576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.perivision.net\/wordpress\/wp-json\/wp\/v2\/tags?post=5576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}