Those of you that have been jailbreaking for a while probably know that you can save your SHSH’s using either Cydia, TinyUmbrella, or the more newly released iFaith. Using these SHSH blobs, you can restore to previous firmware versions even after Apple has stopped signing that firmware.
To authenticate firmware restores, Apple uses APTickets. MuscleNerd, head of the iPhone Dev-Team, has reported that the role of APTicket has started to change in the new iOS 5 betas to act more like BBTicket, which handles the baseband. In iOS 5, Apple has designed the APTicket to be randomly generated after each restore. There is evidence in the iOS 5 betas that certain stages of the boot sequence, specifically the LLB and iBoot stages, have been changed to validate the authenticity of APTicket at every boot, and not just during the restore. Since only Apple has the keys to generate the pseudo random APTickets, the saved SHSH blobs would not be of any use.
Since this feature is only appearing in iOS 5, you will still be able to restore to pre-iOS 5 firmware versions if you have your SHSH blobs saved for them. To do so you would need an earlier version of iTunes since it is very likely that Apple will add checks to verify that the APTicket is valid.
This new way of authenticating restores will not effect GeoHot’s tethered limera1n exploit since his exploit occurs before this stage in the firmware restore process.
None of this has been enforced in the iOS 5 betas, but it is very likely that Apple will start enforcing it starting with the release of the iOS 5 GM. There may be a way to circumvent this in the future, but we are not yet sure if this is will be possible.
