Things have started to change since Apple has released its iOS 5 Beta 2. As the time is passing by Apple is getting smarter. Apple is getting much Smarter with the APT tickets.
Today in a Tweet by MuscleNerd said that:
Uh oh…the days of restoring with saved SHSH blobs are nearing an end đ Apple is getting much smarter with the APTicket
Now what is ATP Ticket?
APTicket, which is uniquely generated at each and every restore (in other words, it doesnât depend merely on your ECID and firmware versionâŚit changes every time you restore, based partly on a random number).
According to the Dev Team Blog:
It looks like Apple is about to aggressively combat the âreplay attacksâ that has until now allowed users to use iTunes to restore to previous firmware versions using saved SHSH blobs.
Those of you who have been jailbreaking for a while have probably heard us periodically warn you to âsave your blobsâ for each firmware using either Cydia or TinyUmbrella (or even the âcopy from /tmp during restoreâ method for advanced users). Â Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it. Â Thatâs all about to change.
Starting with the iOS5 beta, the role of the âAPTicketâ is changing â itâs being used much like the âBBTicketâ has always been used.  The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesnât depend merely on your ECID and firmware versionâŚit changes every time you restore, based partly on a random number).  This APTicket authentication will happen at every boot, not just at restore time.  Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.
This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket).  geohotâs limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible.  Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but youâll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters here..itâs the boot sequence on the device starting with the LLB.
Although itâs always been just âa matter of timeâ before Apple started doing this (theyâve always done this with the BBTicket), itâs still a significant move on Appleâs part (and it also dovetails with certain technical requirements of their upcoming OTA âdeltaâ updates).
Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them.  Weâre just letting you know what Apple has already done in their exisiting beta releases â theyâve stepped up their game!
To summarize the whole story the game will be soon in Apples court for iOS 5 restoration and so on. But if you have saved the SHSH for previous Firmwares, So then you can Downgrade back to iOS 4.x.x. iOS 5 is not released officially, so it is very early to say any thing at the stage of Beta 2. Lets wait for the GM of iOS 5 and then see what Apple comes up with.
If this thing is implemented, so only restores on iOS 5 will be affected. Lets hope All goes well and if Apple implements this in near Future, So the Dev Team might get through it. Lets hope for the best.
Do tell us what you think about this?
