Looking Ahead...

As many of you have noticed, the new shsh files contain a new key named APTicket. I still need to do a more thorough investigation of this key but my gut tells me that it is an indication that Apple intends to try to stop us from bypassing their TSS server for local restores.

My guess is that in future versions of iTunes, Apple will probably handle the TSS request/response and later this year implement the code to process the response in the actual bootrom of the device. Here's what I mean:

1. The newer iTunes versions will send a certificate request in the TSS request by adding a new key to the TSS request.
2. Their TSS server will create a new certificate with an effective date attached to it. (Making it invalid if used after that date)
3. Until the new bootrom rolls out, iTunes will handle the decrypting of the response blobs using the nifty new signed certificate response ala APTicket.
4. Once Apple ships new devices with the bootrom capable of validating the new APTicket (or whatever they call it in the future) they can add logic to check the bootrom of the device and conditionally process the response from the TSS server(for old bootroms) or allow the device to process it(for new bootroms).

Looking at the above, it's a fairly bullet-proof means of stopping local restores. Since the APTicket will be signed and likely shsh'ed I wouldnt be surprised if they load APTicket or something like unto it BEFORE the LLB is loaded. This way they can not only control what VERSION of the firmware you install, they can also control WHEN you can install it by a means with far longer and sharper teeth.

If they implement the above, the only means of restoring will be via jailbroken device.


Fun times ahead for sure...

iPhone 3GS, iPod Touch 2G/3G 3.1.3 Support

I've updated Umbrella / TinyTSS to now support 3.1.3. If you haven't downloaded v221 yet please do so as there were a couple of cosmetic bugs that I've fixed as well as a potential issue with iPod Touch 3g/2g support for 3.1.3.

As always stay away from official updates if you value your jailbreak and/or unlock.

Download

fw-umbrella-semaphore-221.zip md5: 6960e53fa85f3f6343589c921694bd68
fw-umbrella-semaphore-221.zip sha1: ebea6b514f193581b7c4bd2172481301c2c2014a
umbrella.exe md5:  03d9c7efdc6de141d5cb43bbd4dc6f7e
umbrella.exe sha1:  537aaae02e7c479bb9ed059ced834cc3f4b03bcc
tinytss.exe md5:  5d71e1b1bbd621f428d405ba803af274
tinytss.exe sha1:  866ad898b101500b42502afcb5cf167e60126eb5
umbrella64.exe md5: 59fc7ea5b38b2f84113dfe4359b1a6ef
umbrella64.exe sha1: 31761f2d9eeeda76eade5aea9e1ecb9da24980f9
tinytss64.exe md5: 3a76d3c51fc0bf3bea1193068246c9c2
tinytss64.exe sha1: f1e8ed05d02c6a0654b4ec859904c0beda5e1586
Umbrella.dmg md5: c83dfdbe45efde8036382c087d833864
Umbrella.dmg sha1: 57b5390aa3bb7dc527a2f08924e4b646b15612cf

Stupid Bugs...

I made a significant error in 217 & 218. Don't worry. I didn't do anything that would compromise your shsh files. All that was happening was I was parsing the xml in TinyTSS incorrectly. This was causing a rather egregious error (nasty stacktrace).

I've fixed it and confirmed it for iPhone 3G, 3GS, iPod Touch 2G and 3G. I appreciate all of your help detecting this bug.

Download below or using the link to the right.

*UPDATE - I've fixed the issue on Windows 7 (et al)

Sorry for the inconvenience.

Incidentally Apple has introduced a new field APTicket with a data tag. As of now it is not used in the restore process (but since I have not updated to 3.1.3 nor iTunes 9.0.3 I don't know as-yet what it is used for... so buyer beware.

Umbrella & TinyTSS 220

fw-umbrella-semaphore-220.zip md5: 59c7afe07c23ecbff596eed531b098b8
fw-umbrella-semaphore-220.zip sha1: ce4f485edd8c30dbd28041cb06cc20b094a01139

umbrella.exe md5:  601d958a151487bdfd80aa82d1211128
umbrella.exe sha1:  3becd13e47f05d7eb6e41401f13da6b029b07bbb
tinytss.exe md5:  e9eeee3076334d0b00d3f186291fcfa2
tinytss.exe sha1:  6dac362f2a9ff0b51f2dde63387da43f808f7c2f
umbrella64.exe md5: 3320655f7ee2876bc0061c5a4e86166d
umbrella64.exe sha1: 35f9dec07af080e81c5e2baa902d4e70fd99f6b4
tinytss64.exe md5: 6acb96c94cd5ff02651e8cad682e993c
tinytss64.exe sha1: efa529d5aeaadbfaba1bd875f14d4be7bda1c59f
Umbrella.dmg md5: 3796408855a4718b311b4639307d4cb3
Umbrella.dmg sha1: ce69929766b7cc836d6746813e0a7569367c5d74

*UPDATE - Speedy_AZ from DevTeam's community put together what I believe is a great tutorial. You can find it here:

Downgrading Tutorial - Mentions Umbrella & TinyTSS

iPhone OS 3.1.2 Locked

We all knew it was coming. Now it's here. Apple has stopped signing 3.1.2 shsh requests. 3.1.2 is the best that iPhone users, in particular, will have it for quite a while.


NO ONE will be able to get your 3.1.2 shsh files now. Not Cydia. Not Saurik himself. Not Rock Your Phone. No one. (Outside of Apple that is :) ). Umbrella won't be able to get your 3.1.2 shsh files any longer either.

Brace yourselves for the weeping and wailing and gnashing of teeth of those that 'accidentally' update to 3.1.3...

iPhone OS 3.1.3 Released

They've released iPhone/iPod Touch 3.1.3 and so far are still signing 3.1.2 (as of 2/2/10). This doesn't mean that tomorrow (2/3/10) they'll continue signing 3.1.2 shsh requests. We're getting close to another drought. We've been surviving in 'years of plenty' and the 'years of want' are coming.

Ok all biblical analogies aside. 3.1.3 firmware offers zero substantial value. All it does is close the holes that enabled 3.1.2 to be jailbroken. Please, warn your friends, neighbors anyone that will listen. Have them save their shsh on Cydia or if they have even a remote amount of technical savvy, download the firmware umbrella and save their own shsh files locally.

3.1.2's days are numbered... This is probably the best we'll have it for a very long time. (My guess is late summer if any 4.0 potential exploits survive...) 

Incidentally, I'll have Umbrella/TinyTSS updated for 3.1.3 signatures soon. I'm in no hurry as 3.1.3 is worthless...

*DO NOT UPDATE TO 3.1.3 IF YOU HAVE ANY DESIRES OR NEAR-FUTURE DESIRES TO JAILBREAK*

(Even if you have your shsh saved, I still wouldn't mess with it...)

*UPDATE: If I'm not mistaken, 3.1.3 also has the added bonus of updating your baseband to 05.12.01.

This is HUGELY bad for folks relying on having an unlocked iPhone. This means that even if you have your shsh saved on Cydia or locally, there is nothing you can do to get your baseband back to an unlockable version if you update to 3.1.3 out of curiosity.