With Apple releasing iOS 5 into the hands of developers, all hackers and jailbreakers immediately started digging into the new iOS which brought tons of new features and enhancements. It rose the investable question, does the jailbreak work on iOS 5? and we found the answer to that pretty soon when MuscleNerd and company updated redsn0w to support iOS 5 jailbreak, though efforts of getting it untethered are currently under way. Unfortunately, a recent post from Dev-Team on their official blog has brought our attention to a rather troubling matter.
Today, Dev-Team has revealed that Apple has moved to a new signing process in iOS 5, which means it won’t allow downgrading even if you have your ECID / SHSH blobs saved with cydia or TinyUmbrella offline. The new process is much like BBTicket (Baseband Ticket), which would make it a lot more complex to reverse engineer:
“Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.”
Nonetheless, it would still be possible to restore to a version prior to iOS 5 with the help of an older iTunes version. Also, iOS 5 can not prevent tethered jailbreaks with limera1n exploit even with future iOS updates. Luckily for us, Dev-Team is not ready to give up just yet as they say:
“…whilst Apple has “stepped up their game”, there may be ways to combat this move.”
[via Dev-Team Blog]