Firmware signature verification

[Melab]

Exactly what performs the hardware-based SHSH check on the iPhone, iPod touch, and the iPad? Is it the bootrom? And if so, is a device with an old bootrom unable to perform SHSH checks?

[wine_guy]

iTunes actually does that. That's why you can trick it into letting you downgrade by pointing the hosts file to Cydia's server with your old SHSH blobs.

[Melab]

Uh, no. That is definitely not the case.

Now, revisiting my question with an additional one: does the old bootrom iPhone 3GS check SHSH blobs?

[Simon]

Yes it does

[Melab]

Then what is the difference between the old bootrom and the new bootrom?

[Orby]

Then what is the difference between the old bootrom and the new bootrom?

The difference is the bootrom on the "fixed" units hard-checks the size of LLB before loading it from NOR. The old bootrom only checks it via software from the non-signed portion (therefore, a size mismatch and the bootrom exploit is possible).

In short, 24kpwn (permanent untethered jailbreak) is possible on the old-bootrom. It is not on the new one.

[Melab]

So any device with the old bootrom, including the first revision of the iPhone 3GS, does not check/verify the SHSH blob through any hardware-based process, theoretically being able to load any firmware without having to worry about SHSH blobs?

[Orby]

So any device with the old bootrom, including the first revision of the iPhone 3GS, does not check/verify the SHSH blob through any hardware-based process, theoretically being able to load any firmware without having to worry about SHSH blobs?

Not quite.

The bootrom does check SHSH blobs on the old-bootrom models too (with the same force and penalties).

However, as far as I can tell, the bootrom itself only checks the blobs on the three IMG3s it directly interacts with--iBSS, iBEC, and LLB. All subsequent IMG3 files loaded in have their blobs checked by the preceding piece of software that loads them in as part of their normal signature check (LLB checks iBoot, iBoot checks the kernelcache, etc.)

While we have the ability to write arbitrary data to the device (so we could get 3.1.2's iBoot onto a device without the matching SHSH blobs), we wouldn't be able to convince the device to boot up normally (LLB would notice the missing blobs and invalidate iBoot, halting the startup).

[Captinsmooth]

damn orby beat me to it. I had it all typed out..lol

[Simon]

Did you really lol?

[Orby]

damn orby beat me to it. I had it all typed out..lol

I'm sorry. <3?

[Captinsmooth]

Yes, I mean it was n laments terms but none the less the same info for the most part. Probably a bit more comprehensible to the average forum goer then what orby said...lol

[Melab]

Actually, I understand orbyorb.

Now, orbyorb, does this mean that the original iPhone and the iPhone 3G (the second one) used hardware-based verifications also?

As in the public key that it is verified against is soldered into the chip?

[Orby]

Actually, I understand orbyorb.

Now, orbyorb, does this mean that the original iPhone and the iPhone 3G (the second one) used hardware-based verifications also?

As in the public key that it is verified against is soldered into the chip?

They do not use hardware-enforced SHSH blobs. Though the iPhone 3G (and iPT2G) use SHSH blobs with iOS 4.0 (3.1.1 with the iPT2G) and later, it does not (can not) hardware-check the blobs--all checks start no earlier than LLB and continue down the line. Since these checks only exist in software, it's possible to downgrade/restore to a version of LLB etc. that does not have this enforcement, and just proceed normally sans personalized IMG3s.

However, with both of these devices (old bootrom for iPT2G) with Pwnage2 or 24kpwn, Apple's security measures to ensure only signed code is being run at each stage of the bootup process (the Chain of Trust) is so thoroughly broken that these soft-SHSH blob checks only come into play when restoring to out-of-date stock firmware.

EDIT: The public key certificate for SHSH blob verification is both burned into ROM (for 3GS and later) /and/ placed into the SHSH blobs themselves (I think).

[Melab]

Meaning hardware-based verification was added with the first iPhone 3GS model and not with the iPhone 3GS model that comes with the new bootrom?

[Orby]

Meaning hardware-based verification was added with the first iPhone 3GS model and not with the iPhone 3GS model that comes with the new bootrom?

Correct.

[Melab]

Is this also the case with the iPod touch 2G -- old or new bootrom, a hardware-based verification is performed?

[Orby]

Is this also the case with the iPod touch 2G -- old or new bootrom, a hardware-based verification is performed?

The iPod touch 2G is software-only checked for both models. Though since there is no chain-of-trust breaking exploit on the new-bootrom models, they are essentially new-bootrom iPhone 3GSs (though you can downgrade iBoot to 2.2's version with no SHSH blobs and ARM7_Go with steaks4uce, it'll hang tethered).

EDIT: Unlike the 3GS, however, old and new-bootrom units could theoretically downgrade to iOS 2.x/3.0.x without issue and go from there. Just the newer firmwares with the extra checks throw a wrench into things.

[Melab]

Now, I'm not sure if anyone has actually taken a look at the chip itself, but could potentially open up a new bootrom device and snip-snip a couple of connections to prevent the verification from taking place?

With an X-Acto knife of course because these connections are millimeter thin strips of copper.

[Orby]

Now, I'm not sure if anyone has actually taken a look at the chip itself, but could potentially open up a new bootrom device and snip-snip a couple of connections to prevent the verification from taking place?

With an X-Acto knife of course because these connections are millimeter thin strips of copper.

I highly doubt it.

From what I understand, these verifications are only a few bytes in length and are snugly inside the processor die.

Trying to remove them that way will almost guarantee a bricked processor.

Now JTAGging the unit, vis à vis Geohot's original iPhone unlock, might be more fruitful--but you'll need to not only have a crap-ton of devices to afford to brick, you'll also probably need a schematic showing the correct points and switches on the board (along with necessary resistors/voltages/etc.) along with having some serious electrical engineer skills.