How Apple distributes new versions of iOS: hashing, nonces, encryption

iOS

Apple distributes new versions of iOS by encrypting it. Before installation, the ECID (id) of the phone plus the hash of several files have to be signed by Apple's TSS service (a hashing service with a special Apple-owned private key). The signature is called a SHSH.

Jay Freeman, aka saurik is the developer behind Cydia an open source repository for iOS devices (iPhones).

bootrom

The bootrom (correct me if I'm wrong) of the phone allows installation of new OS versions only if the phone's ECID matches the one in the SHSH, and the hash of the new installation (the hash of several files actually) matches the one in the SHSH. The problem here is that Apple's TSS only signes current versions.
The bootrom hasn't been broken yet, so this SHSH mechanism cannot be avoided. It exists since iOS v.2.0

How can we install older versions of iOS?

Well, Mr. Freeman here created a database that caches all the SHSH's for all the phones that want that service for all the files in all the versions of iOS. A huge database. Apple limited the caching TSS service of Saurik (Mr. Freeman) - by IP filtering for example - and he distributed it, by putting the extraction of the SHSHs in the Cydia itself and then Cydia uploads them to this database.

The caching is possible, because the SHSH is monolithic.

APTicket

This is the new signature algorithm. It adds a slight but very significant change - a nonce. The nonce is a piece of garbage text (i.e. "fb*&h") that is added to the request the iPhone makes to the Apple's TSS service. For every new installation/update/restore of iOS, a new nonce is created (it's unique) and sent to TSS. Thus caching becomes pointless.

Why hasn't Apple used nonce all along?

It's hard to believe that Apple doesn't know how the SHSH caching can be fixed. I (not Saurik) assume that Apple wants to allow jailbreaking because the community demands it. They just want to delay it after every initial release of new device/OS. Jailbreaking brings open source, but it also brings pirated software and music.

Why I shared this?

A very detailed explanation on how to distribute securely desktop software with the help of encryption and a very sturdy (unbreakable) ROM on the phone itself.

The full article is here: http://www.saurik.com/id/15

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.