Why You Cant Downgrade iOS 6.1.3 To 6.1.2, 6.x Using Cydia’s SHSH / APTicket

SHSH1

In the past, a downgrade has indeed been achievable by the saving of SHSH blobs, which essentially act as little signature files specific to your device. Apple's TSS servers used to merely verify these SHSH blobs before permitting firmware to be installed, and once Saurik latched onto the process, developed a very simple, useful way for jailbreakers to downgrade by launching what was basically a spoof TSS server. As he notes:

When Apple started doing this, we figured out how it worked, and the course of action was clear: to setup a man-in-the-middle attack on this server that would simply store every single SHSH that was returned for every file of every firmware version for every device owned by all of the people who cared about being able to downgrade.

In the newer versions of iOS, "complex verification system" including the APTicket threw a spanner in the works, and while Saurik himself has found one or two intriguing "tricks" related to APTickets, he also notes that they're "mainly related to either old versions of iOS or old devices." With newer devices, he continues, these APTickets are "more deeply ingrained in the bootup process," and with new iOS releases duly patching up the majority of potential holes, the downgrading stock price has taken a pretty big hit.

So at this point in time, APTickets downloaded by Cydia are "not sufficient to boot a device" due to discrepancies with how they've been extracted by Saurik on Cydia when Apple was still signing the 6.0-6.1.2 firmwares. What this unfortunately means is that downgrades via Cydia’s SHSH and APTickets are a no-go even for those on A4-based devices. But if you were smart enough to save them locally using either TinyUmbrella, Redsn0w or iFaith when Apple was still signing iOS 6.x, you are in luck and can downgrade to older version of iOS (we will have a separate post on it soon).

Concluding, he notes that for newer devices on iOS 6, APTickets are entirely useless, but those in ownership of the iPhone 3G[S], iPhone 4, and the 4th generation iPod touch should upload their TSS information to Cydia (using the soon to be released Redsn0w, or iFaith), if they wish to hold out hope of a downgrade in future.

You can read the entire post over at Saurik's blog.

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.

Cydia creator Jay Freeman, better known as Saurik, is well known for his long, insightful speeches on numerous topics relating to the jailbreak scene, and today, has taken to his official blog to give users a better insight into the limitations of SHSH blobs and APTickets. Backing up these little clusters of information offers significant downgrade potential to iPhone, iPad and iPod touch users, but what has recently become apparent to Saurik, is that they’re essentially useless to some of the more recent devices. As well as explaining and clarifying a few matters relating to APTickets and SHSH blobs, he also tries to convey, in layman’s terms, why we cannot downgrade to 6.1.2-6.0 from 6.1.3 or later using Cydia’s SHSH blobs and APTickets on older A4 devices.

He describes, in great length, the purpose of Apple’s TSS servers, which are designed not just to ensure we can only upgrade, but that only the very latest, signed software can be installed. There is a myriad of reasons why the company does this, with the most obvious one being to prevent unlocks and jailbreaks from being achieved, while also helping to maintain an updated system of security.

In the past, a downgrade has indeed been achievable by the saving of SHSH blobs, which essentially act as little signature files specific to your device. Apple’s TSS servers used to merely verify these SHSH blobs before permitting firmware to be installed, and once Saurik latched onto the process, developed a very simple, useful way for jailbreakers to downgrade by launching what was basically a spoof TSS server. As he notes:

When Apple started doing this, we figured out how it worked, and the course of action was clear: to setup a man-in-the-middle attack on this server that would simply store every single SHSH that was returned for every file of every firmware version for every device owned by all of the people who cared about being able to downgrade.

In the newer versions of iOS, "complex verification system" including the APTicket threw a spanner in the works, and while Saurik himself has found one or two intriguing "tricks" related to APTickets, he also notes that they’re "mainly related to either old versions of iOS or old devices." With newer devices, he continues, these APTickets are "more deeply ingrained in the bootup process," and with new iOS releases duly patching up the majority of potential holes, the downgrading stock price has taken a pretty big hit.

So at this point in time, APTickets downloaded by Cydia are "not sufficient to boot a device" due to discrepancies with how they’ve been extracted by Saurik on Cydia when Apple was still signing the 6.0-6.1.2 firmwares. What this unfortunately means is that downgrades via Cydia’s SHSH and APTickets are a no-go even for those on A4-based devices. But if you were smart enough to save them locally using either TinyUmbrella, Redsn0w or iFaith when Apple was still signing iOS 6.x, you are in luck and can downgrade to older version of iOS (we will have a separate post on it soon).

Concluding, he notes that for newer devices on iOS 6, APTickets are entirely useless, but those in ownership of the iPhone 3G[S], iPhone 4, and the 4th generation iPod touch should upload their TSS information to Cydia (using the soon to be released Redsn0w, or iFaith), if they wish to hold out hope of a downgrade in future.

You can read the entire post over at Saurik’s blog.

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.