Results 1 to 11 of 11

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Understand the ECID protection of iTunes

  1. #1
    Default Understand the ECID protection of iTunes
    I'll try to put here what I understood from all this process and what happens between iTunes and Cydia. Updates are welcome.

    Apple doesn't want you to use old firmwares so now, the firmware that you download must be modified on your laptop by iTunes with a digital signature that only Apple servers can provide.

    When you plug your iPhone to iTunes, your device ECID number (a unique ID that identifies your device globally) will be grabbed by iTunes, incorporated in a digital request and sent to Apple. Then Apple servers reply some secret information that is a sum of your ECID, the FW version signature that they let you install (this is the most important), and their private cryptographic key. Its secret not because you can't read it, but because only Apple can generate it through their private crypto key.

    Then iTunes takes this unique digital signature and tries to modify the firmware file to be installed. Since the signature contain version-specific info (the version that they let you install), it will only match that specific version of FW file.

    Since you want to install 3.0[.1] but the returned digital signature is currently for 3.1 only, the whole process fails.

    Enter Saurik's Signature Caching Server. If you configure your computer correctly as described in its blog, iTunes will contact Apple signature server through Saurik's server, as a proxy server. Thats when Saurik has the opportunity to save or cache the unique Apple response to iTunes (that contains the combination of your ECID, the FW version and their private digital signature). Its a good thing for you.

    If you have your ECID+FW version signature "on file" (meaning your ECID+FW version+Apple signature cached on Saurik's server), and if you fake your iTunes to point to Saurik's server, an old FW restore makes iTunes feel like Apple allowed him to install this FW, because instead of getting Apple server's response, it will get the cached response from Saurik.

    From Apple's perspective, Saurik is a cracker applying a classical man-in-the-middle attack with our help. From our perspective, he is simply providing us ways to use OUR device the way WE want. The true is: this is not OUR iPhone. It is OUR hardware only, running software owned by Apple that was licensed to us in a very specific way, as all software licenses.

    Apple can easily improve this method (nullifyimg Saurik's caching server) using HTTPS instead of HTTP while iTunes talks to Apple servers. It won't allow Saurik to read what is passing through him and cache what is relevant.

    So you can't downgrade because Apple only let iTunes to handle the FW versions they want. In a cryptographic way.

    What confuses me is why this process still dependents so much on iTunes? It seems to me that Redsn0w has the same skills of going into the device boot sections and do what it wants. So why Redsn0w doesn't do the entire job of installing the FW and relies on iTunes to do that ?

    Thoughts ?
    Last edited by avibrazil; 2009-09-26 at 12:03 PM.

  2. #2
    iPhone? More like MyPhone iGuru's Avatar
    Join Date
    Sep 2009
    Location
    Cheltenham, UK
    Posts
    188
    Thanks
    5
    Thanked 109 Times in 32 Posts

    Doh.

    I just spent the last 3/4 of an hour writing an article explaining exactly what the signature server does. And closed the wrong window loosing everything.

    Edit: Instead of just writing a quick reply. I decided to write a fully fledged article on this. Hopefully I should finish it today.
    Last edited by iGuru; 2009-09-26 at 08:34 PM.
    iGuru, aka macdotnub/mac.nub - Twitter: http://www.twitter.com/macdotnub
    Get your ECID SHSH file! (For 3GS Restore verification) http://bit.ly/JnDw2 (Thanks to semaphore!)

  3. #3
    My iPhone is a Part of Me Madman604x's Avatar
    Join Date
    Aug 2009
    Location
    Canada
    Posts
    655
    Thanks
    38
    Thanked 43 Times in 43 Posts

    my understanding of the situation is:

    Apple doesnt want people to use 3.0[.1] firmwares so they blocked them from being signed. Apple used our ECID and other things to determine if we are allowed to use a specific firmware. thery generate a code that talks to iTunes and allows or blocks us.

    Cydia/Saurik set up a repository server for us to generate our own codes and store them indefinately.

    umbrella also allowws us to generate our own codes and store them locally on our own PC's

    modifying your host file will direct iTunes to look to the Cydia/Saurik server for the ECID codes that allow us to restore to whatever firmwares we want, provided we have them already stored there.

    Modifying you host file in another way, will allow Tinytss to utilize your own PC as a fake Apple server, allowing offline iphone restoration (if i am correct)

    with our ECID info on hand we bypass Apple and look to Cydia/Saurik for software varification. restore our phones as we please. everything is rainbows and unicorns.

    avibrazil brings up a good point, in which Apple could probably make iTunes use some stupidly difficult and secure way of contacting their servers requireing multiple verifications, capcha images etc.

    however if we DON'T update iTunes and have our ECID info saved, we can theoreticly keep using our current firmwares as we no longer require contact with Apple at all.

  4. #4
    iPhone? More like MyPhone iGuru's Avatar
    Join Date
    Sep 2009
    Location
    Cheltenham, UK
    Posts
    188
    Thanks
    5
    Thanked 109 Times in 32 Posts

    I've just finished the article I was writing, turned out to be 710 words in the end, so isn't too long.

    For anyone interested in reading it, you can access it via: http://www.macdotnub.co.cc/articles/

    You will need a PDF reader installed until I get round to making a HTML version of it too.
    iGuru, aka macdotnub/mac.nub - Twitter: http://www.twitter.com/macdotnub
    Get your ECID SHSH file! (For 3GS Restore verification) http://bit.ly/JnDw2 (Thanks to semaphore!)

  5. The Following User Says Thank You to iGuru For This Useful Post:

    Madman604x (2009-09-26)

  6. #5
    Thanks for the detailed info. Now, I have a better and clearer picture on the ECID things.


    Cheers~~~

  7. #6
    iPhone? More like MyPhone iGuru's Avatar
    Join Date
    Sep 2009
    Location
    Cheltenham, UK
    Posts
    188
    Thanks
    5
    Thanked 109 Times in 32 Posts

    Quote Originally Posted by alvink83 View Post
    Thanks for the detailed info. Now, I have a better and clearer picture on the ECID things.


    Cheers~~~
    No problem, glad you found it useful
    iGuru, aka macdotnub/mac.nub - Twitter: http://www.twitter.com/macdotnub
    Get your ECID SHSH file! (For 3GS Restore verification) http://bit.ly/JnDw2 (Thanks to semaphore!)

  8. #7
    I've successfully downgraded my iPhone 3GS from firmware 3.1 to 3.0. But, the sim card can't be detected after redsn0w activate my iPhone 3GS. For info, it's a factory unlocked set. Any idea?

  9. #8
    iPhone? More like MyPhone iGuru's Avatar
    Join Date
    Sep 2009
    Location
    Cheltenham, UK
    Posts
    188
    Thanks
    5
    Thanked 109 Times in 32 Posts

    Quote Originally Posted by alvink83 View Post
    I've successfully downgraded my iPhone 3GS from firmware 3.1 to 3.0. But, the sim card can't be detected after redsn0w activate my iPhone 3GS. For info, it's a factory unlocked set. Any idea?
    Try restoring 3.0 again, but this time use Purplera1n to jailbreak instead.
    iGuru, aka macdotnub/mac.nub - Twitter: http://www.twitter.com/macdotnub
    Get your ECID SHSH file! (For 3GS Restore verification) http://bit.ly/JnDw2 (Thanks to semaphore!)

  10. #9
    @iGuru

    Does purplera1n work on recovery or DFU mode?

  11. #10
    Somebody told me today at lunch that, as I wrote here, Apple will improve the ECID signing process using HTTPS instead of HTTP.

    This means Saurik won't be able to cache your signed ECIDs anymore in the future.

  12. #11
    My iPhone is a Part of Me Madman604x's Avatar
    Join Date
    Aug 2009
    Location
    Canada
    Posts
    655
    Thanks
    38
    Thanked 43 Times in 43 Posts

    Quote Originally Posted by avibrazil View Post
    Somebody told me today at lunch that, as I wrote here, Apple will improve the ECID signing process using HTTPS instead of HTTP.

    This means Saurik won't be able to cache your signed ECIDs anymore in the future.
    thats why its important to get your ECID info for 3.1 NOW! at any rate as soon as the jailbreak for 3.1 is released you can bet 3.1 will stop being signed within hours, and 3.1.1 (or whatevefr FW) will be released for the 3G[S]

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •