Skip to main content

iOS5 contains aggressive anti-jailbreak measures

IDevice jailbreaking stalwarts at the iPhone Dev Team have unearthed new measures in Apple's forthcoming update to its mobile operating system intended to "aggressively combat" one of the main methods used to unlock the iPhone and its ilk.

The company has added a new layer of security to the current iOS5 developer beta which stops jailbreakers from 'downgrading' devices to earlier firmware versions using older versions of iTunes and system back-ups commonly known as 'SHSH blobs'.

Saving these blobs before each firmware update allows jailbreakers to revert to a previous version using Cydia or TinyUmbrella software, in many cases rendering useless Apple's subsequent attempts to lock the hackers out of the operating system's walled garden.

"Starting with the iOS5 beta, the role of the 'APTicket' is changing," notes the Dev Team blog (opens in new tab). "It’s being used much like the 'BBTicket' has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore."

In other words, it doesn’t depend merely on the device's unique ECID number and firmware version. It changes every time you restore, based partly on a random number. Which makes the 'replay attacks' commonly used to bypass Apple's efforts redundant.

"This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless."

The changes will only take affect for those buying a device after iOS5 rolls out, so if you want to keep your current iDevice's jailbroken status intact, you should avoid the new OS like the plague.

It's not all doom and gloom, though. Because the process of APTicket signing occurs after Geohot's limera1n exploit does it's work, the Dev Team reckons tethered jailbreaks - which require the device to be connected to a host computer during each power cycle - will still be possible.

One theory is that the new security is being enforced because of Apple's intention to add over the air (OTA) updates to iOS5, meaning OS upgrades can be pushed to devices using Wi-Fi rather than a cabled connection, much like Android devices. There's also the possibility that Apple, which can turn the signing routines on and off at will, will not include them in the public release at all.

There's also a suspicion that Apple has been persuaded to lock iOS5 down further by airtime providers who are naffed off at jailbreakers being able to use their iPhones to get free Internet tethering, something they are keen to be able to charge extra for.

Whatever transpires, the game of cat and mouse between Apple and the jailbreaking community will continue, and you can be pretty sure it will be a matter of mere days after the public release of iOS5 public release this autumn before the whole thing is cracked wide open again.

"Although there may still be ways to combat this," reassures the Dev Team. "A beta period is really not the time or place to discuss them. We’re just letting you know what Apple has already done in their existing beta releases - they’ve stepped up their game!" monitors all leading technology stories and rounds them up to help you save time hunting them down.