Results 1 to 5 of 5

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: How does APTicket work and why can it not be bypassed in iOS 5

  1. #1
    Default How does APTicket work and why can it not be bypassed in iOS 5
    Why can't iOS 5 firmware be downgraded to other iOS versions (like 5.0.1 to 5.0)? I understand that a cryptographical nonce is generated that is to be signed before an iOS 5 firmware can be installed, but I can't how this is a problem. There are no hardware-based measures in place that generate and verify a signed nonce, so if I theoretically had a bit-by-bit copy of all the mutable memory I have on my iPod touch running 5.0, upgraded to 5.0.1, and then restored the iPod's internal memory exactly to its previous state (running 5.0), it would never know that I had upgraded to 5.0.1.

  2. #2
    Not only is it based on your unique device but now there is an added protection that generates a ticket on a random number on every restore and boot.

  3. #3
    I understand that, but the process must be explained in more detail and my theoretical situation must be addressed.

  4. #4
    It the pseudorandom number was generated on every boot then I would have to restore my iPod everytime I turn it off.

  5. #5
    Super Galactic Moderator Orby's Avatar
    Join Date
    Aug 2010
    Location
    Omicron Persei Eight
    Posts
    5,725
    Thanks
    40
    Thanked 599 Times in 540 Posts

    Quote Originally Posted by Melab View Post
    It the pseudorandom number was generated on every boot then I would have to restore my iPod everytime I turn it off.
    I don't think the number is generated every boot, but only as a "run once" command upon being initially written to NAND.

    Patching out the nonce generation in LLB and checks later on in the chain are likely trivial. Problem is, that breaks the cryptographic signature on LLB that is checked every boot by the bootrom. While writing unsigned code is possible via the limera1n exploit, the device will refuse to load LLB and thus not boot...

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •