Difference between revisions of "Nonce"

From The iPhone Wiki
Jump to: navigation, search
Line 1: Line 1:
'''Nonce''' is a signing method that randomizes Apple's cryptographic signature hash blobs ([[SHSH]] blobs) and is used with the BBTicket (baseband signing ticket) and the APTicket (firmware signing ticket).
+
'''Nonce''' is a signing method that randomizes Apple's cryptographic signature hash blobs ([[SHSH]] blobs) and is used with the BBTicket (baseband signing ticket), the APTicket (firmware signing ticket), and SEP ([[Secure Enclave]]).
   
 
==Method==
 
==Method==
The device bootloaders (baseband or firmware) generate a random number at the restore, then send them to iTunes which sends them to Apple. Then Apple sends the APTicket / BBTicket [[SHSH]] certificate with the number generated. This level is the most critical: the number within the certificate is matched to the number generated on device, and if they match iTunes will prepare the matched certificate and finally will stitch the randomized blobs to the firmware. If the blobs don't match the restore will fail and the bootloaders will reject the certificate.
+
The device bootloaders (baseband, firmware, and SEP) generate a random number at the restore, then send them to iTunes which sends them to Apple. Then Apple sends the APTicket / BBTicket [[SHSH]] certificate with the number generated. This level is the most critical: the number within the certificate is matched to the number generated on device, and if they match iTunes will prepare the matched certificate and finally will stitch the randomized blobs to the firmware. If the blobs don't match the restore will fail and the bootloaders will reject the certificate.
   
 
==Usage==
 
==Usage==
Line 15: Line 15:
 
*Devices with the [[S5L8920]], [[S5L8922]], [[S5L8930]] and [[S5L8940]] got [[SHSH]] blobs without APTicket between 3.0 - 4.3.5, and they can not be avoided (except for the [[Bootrom 359.3]] with the 0x24000 Segment Overflow)
 
*Devices with the [[S5L8920]], [[S5L8922]], [[S5L8930]] and [[S5L8940]] got [[SHSH]] blobs without APTicket between 3.0 - 4.3.5, and they can not be avoided (except for the [[Bootrom 359.3]] with the 0x24000 Segment Overflow)
 
*Devices with the [[S5L8920]], [[S5L8922]], [[S5L8930]], [[S5L8940]], [[S5L8942]], [[S5L8945]], [[S5L8950]], and [[S5L8955]] get APTicket SHSH blobs on 5.0+. The SHSH requirement can not be avoided (except for the [[Bootrom 359.3]] with 0x24000 Segment Overflow), and the APTicket requirement can only be avoided on devices vulnerable to the [[limera1n Exploit]], or if the device is on iOS 5.1.1 or lower.
 
*Devices with the [[S5L8920]], [[S5L8922]], [[S5L8930]], [[S5L8940]], [[S5L8942]], [[S5L8945]], [[S5L8950]], and [[S5L8955]] get APTicket SHSH blobs on 5.0+. The SHSH requirement can not be avoided (except for the [[Bootrom 359.3]] with 0x24000 Segment Overflow), and the APTicket requirement can only be avoided on devices vulnerable to the [[limera1n Exploit]], or if the device is on iOS 5.1.1 or lower.
*Devices with the [[S5L8960]], [[S5L8965]], [[T7000]], [[T7001]], [[S7002]], [[S8000]], [[S8001]], [[S8003]], and [[T8010]] get APTickets exclusively and they cannot be avoided.
+
*Devices with the [[S5L8960]], [[S5L8965]], [[T7000]], [[T7001]], [[S7002]], [[S8000]], [[S8001]], [[S8003]], and [[T8010]] get APTickets exclusively (with SepNonce, which also needs to match) and they cannot be avoided, but can be utilized with the prometheus method.
 
==Jailbreak difficulties==
 
==Jailbreak difficulties==
With nonce signatures, signatures can't be cached, because signatures will not match if they have been reused. In other words, the widely used replay attack is no longer possible unless the nonce the device generates matches the one on the APTicket.
+
With nonce signatures, signatures can't be cached, because signatures will not match if they have been reused. In other words, the widely used replay attack is no longer possible unless the nonce(s) (SepNonce + ApNonce on 64 bit, ApNonce only on 32 bit) the device generates matches the one on the APTicket.
   
 
==See also==
 
==See also==

Revision as of 03:11, 16 January 2017

Nonce is a signing method that randomizes Apple's cryptographic signature hash blobs (SHSH blobs) and is used with the BBTicket (baseband signing ticket), the APTicket (firmware signing ticket), and SEP (Secure Enclave).

Method

The device bootloaders (baseband, firmware, and SEP) generate a random number at the restore, then send them to iTunes which sends them to Apple. Then Apple sends the APTicket / BBTicket SHSH certificate with the number generated. This level is the most critical: the number within the certificate is matched to the number generated on device, and if they match iTunes will prepare the matched certificate and finally will stitch the randomized blobs to the firmware. If the blobs don't match the restore will fail and the bootloaders will reject the certificate.

Usage

BBTicket

APTicket

Jailbreak difficulties

With nonce signatures, signatures can't be cached, because signatures will not match if they have been reused. In other words, the widely used replay attack is no longer possible unless the nonce(s) (SepNonce + ApNonce on 64 bit, ApNonce only on 32 bit) the device generates matches the one on the APTicket.

See also