Looking Ahead...

As many of you have noticed, the new shsh files contain a new key named APTicket. I still need to do a more thorough investigation of this key but my gut tells me that it is an indication that Apple intends to try to stop us from bypassing their TSS server for local restores.



My guess is that in future versions of iTunes, Apple will probably handle the TSS request/response and later this year implement the code to process the response in the actual bootrom of the device. Here's what I mean:

1. The newer iTunes versions will send a certificate request in the TSS request by adding a new key to the TSS request.


2. Their TSS server will create a new certificate with an effective date attached to it. (Making it invalid if used after that date)


3. Until the new bootrom rolls out, iTunes will handle the decrypting of the response blobs using the nifty new signed certificate response ala APTicket.


4. Once Apple ships new devices with the bootrom capable of validating the new APTicket (or whatever they call it in the future) they can add logic to check the bootrom of the device and conditionally process the response from the TSS server(for old bootroms) or allow the device to process it(for new bootroms).

Looking at the above, it's a fairly bullet-proof means of stopping local restores. Since the APTicket will be signed and likely shsh'ed I wouldnt be surprised if they load APTicket or something like unto it BEFORE the LLB is loaded. This way they can not only control what VERSION of the firmware you install, they can also control WHEN you can install it by a means with far longer and sharper teeth.



If they implement the above, the only means of restoring will be via jailbroken device.





Fun times ahead for sure...