Difference between revisions of "APTicket"

From The iPhone Wiki
Jump to: navigation, search
(stub apticket article (TODO: more info on the new protocol))
 
(Restoring: grammar fix)
Line 2: Line 2:
   
 
==Restoring==
 
==Restoring==
When iTunes or the on-device firmware upgrader sends a request to Apple's servers to confirm the APTicket, a new one is generated, rather than the one already stored on the server. Furthermore, devices with iOS 5 depend on the APTicket being legitimate to be able to boot; the device will enter [[Recovery Mode]] if it isn't.
+
When iTunes or the on-device firmware upgrader sends a request to Apple's servers to confirm the APTicket, instead of returning the one already stored on the server, a new one is generated. Furthermore, devices with iOS 5 depend on the APTicket being legitimate to be able to boot; the device will enter [[Recovery Mode]] if it isn't.
 
==Downgrading==
 
==Downgrading==
 
Saurik's original replay attack method of allowing downgrades for any firmware that had been backed up on his server was partially halted for iOS 5 users due to this new system; now it will back up APTickets but can't allow restoring yet.
 
Saurik's original replay attack method of allowing downgrades for any firmware that had been backed up on his server was partially halted for iOS 5 users due to this new system; now it will back up APTickets but can't allow restoring yet.

Revision as of 09:42, 10 February 2012

APTickets are the new type of SHSH blobs, used by iOS 5.0 and newer. These seem to use an OAuth-style approach, where the server generates a random string (nonce), then iTunes or the device sends the request for blob signing and the server returns the data, just like the original SHSH protocol.

Restoring

When iTunes or the on-device firmware upgrader sends a request to Apple's servers to confirm the APTicket, instead of returning the one already stored on the server, a new one is generated. Furthermore, devices with iOS 5 depend on the APTicket being legitimate to be able to boot; the device will enter Recovery Mode if it isn't.

Downgrading

Saurik's original replay attack method of allowing downgrades for any firmware that had been backed up on his server was partially halted for iOS 5 users due to this new system; now it will back up APTickets but can't allow restoring yet. Faking APTickets is complicated because they are signed with a private key that only Apple knows, and they are also partly generated from a random string. iOS 4.3.5 and older can still be downgraded if SHSH blobs were saved.

References

See Also

Apple-logo.png This article is a "stub", an incomplete page. Please add more content to this article and remove this tag.