![]() Find a vulnerability in Apple's boot chain.Īssuming number 1 and 2 are not feasible for you, let's look at the third option. ![]() ![]() However, if you already saved a signature blob for that device and that ipsw in the past, and you can already jailbreak, you can "set the nonce" to the one that matches the blob you saved, and then restore (basically "play that same response back"). If you restore the same IPSW on the same device again in the future, your device will normally generate a different nonce, so the blob is also different and you can't reuse it. Only Apple has the private key used to generate the blob. ![]() If you restore on a different device, the blob is different. If you restore a different IPSW, the blob is different. The device will verify that the signature is valid when restoring, and on every boot. It returns a digital signature (aka "blob") based on the IPSW, your device ECID, and a random code ("nonce") that your device generates every time you do a restore or update. If someone could answer this I would greatly appreciate it - it is really surprisingly hard to find good information on jailbreaking / sideloading / general iOS modification!Īpple's server doesn't return "yes it's signed" or "no it's not signed". My question is, what safeguard does Apple have that prevents you from simply configuring your wifi to lie to the phone about the status of the IPSW's signing.įor instance, if today I download the IPSW for iOS 14.7.1 and then record the reply given back from Apple when installing it (while it is still signed), what is to say that a year from now I can't just configure my router to play that same response chain back for iTunes when I'm trying to load the IPSW onto the phone, making iTunes think that iOS is still signed? What the post I read said was that basically, IPSW's were only one part of the OS, and the other part (the signing) needed to be obtained from Apple when your iOS device asked for it from an Apple web server. I was doing some research online about IPSW's and why you can't load up one that is unsigned by apple. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |