If you are an iPhone, iPod Touch or iPad user who has been jailbreaking your device, here is some bad news. The upcoming iOS5 will not allow users to downgrade to an earlier version of the OS out of the box.
Also Read: iOS 5 – Everything You Need to Know About It
A new post by The Dev-Team says that Apple is using a new technology in the iOS5 which will disallow users from downgrading to a lower version of iOS. Jailbreakers have usually had an option to backup their SHSH blobs in case something goes wrong with the update. They could then use the SHSH blob to downgrade their iPhone or iPod Touch to a older version.
It looks like Apple is about to aggressively combat the replay attacksthat have until now allowed users to use iTunes to restore to previous firmware versions using saved SHSH blobs.
Those of you who have been jailbreaking for a while have probably heard us periodically warn you to save your blobsfor each firmware using either Cydia or TinyUmbrella (or even the copy from /tmp during restoremethod for advanced users). Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it. That’s all about to change.
Starting with the iOS5 beta, the role of the APTicketis changing â€” it’s being used much like the BBTickethas always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware versionâ€¦it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.
This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket).
Starting with iOS5, Apple will be using a new technology which they can turn on and off at will. This will limit the device from being restored to an earlier version. However, all is not lost yet since the Dev-Team says that tethered jailbreaks will still be possible and users would be able to downgrade to an earlier version provided they use an older version of iTunes, so don’t delete those old installers yet.
geohot’s limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible for devices where limera1n applies. Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you’ll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..it’s the boot sequence on the device starting with the LLB.
Apple has always been playing games with jailbreakers by watching over them and quickly releasing patches when an exploit is discovered and used for jailbreaking. Apple has also gone out and released unlocked iPhone 4 in the market. This might be aimed at controlling the unlocked iPhone market which is achieved through jailbreaking. With the introduction of iOS5, Apple might be hoping to restrict jailbreaking completely, even though it is legal.