Apple Has Stopped iOS Downgrading

An anonymous reader noted a forum post seems to confirmApple will be fighting downgrading in iOS 5. Quoting: "This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket)."

Walled Garden

[ffejie]

You live by the wall, you die by the wall.

Officially they never enabled it anyway

[blahbooboo]

I have faith the Dev Team or someone will figure out some sort of work around. Otherwise, it has never been officially enabled anyway which is just a crazy setup. It's nonsensical to not allow people to change versions of iOS. Lots of iphone 3G people I am sure wish they could switch back to iOS v3 after finding v4 too slow. I understand security holes plugged might be part of the reason they do this, but since Apple stops supporting some of the devices (iphone 3G and iphone 1) anyway, it can't be why they don't allow downgrading...

Re:Officially they never enabled it anyway

[fuzzyfuzzyfungus]

Three reasons, I suspect:

1. In most walled gardens with cryptographically secured clients(either hardware devices or software DRM piles on general purpose PCs) downgrading is a valuable tool for attackers: unless a fundamental attack is found, most attacks are comparatively minor bugs in version N or game Y's savegame loading routine or whatever, which are then fixed in version N+1 or game Y Gold Edition. If downgrading is possible, it becomes pretty trivial for people to keep a copy of the easiest-to-exploit firmware or software version that ever received a cryptographic signature, and then downgrade to it. If downgrading isn't possible, they have to keep finding fresh exploits as old holes are closed. This is the same reason why software that connects to DRMed media sources tends to get updated a zillion times a year, and why such updates are generally made mandatory pretty quickly.

2. At least some of the updates, for Apple's flagship devices(upon which the iPod touch and wifi-only iPad are sort of hangers-on), aren't just OS update lumps, they also meddle with the embedded cellular hardware's firmware. Allowing downgrading would require dealing with v.N+1 basebands talking to v.N OSes, or involve allowing the baseband firmware to be downgraded(which is of interest to unlockers and other parties who Apple's carrier buddies don't approve of) and may involve some amount of bricking risk.

3. Apple has, at least until shitstorms forced their hand, never been much troubled at the idea that they are seen as forcing people to upgrade(remember their original response to the iPod battery life problem, until whining forced them to change it? Or the various OS 10.x releases that have dropped support for hardware configs upon which, once the version check is hacked away, it can in fact run?). This seems to be a matter both of business and of philosophy: Obviously, as a hardware maker, anything that makes people buy new hardware is profitable. Philosophically, they have never shied away from a pattern of releases of the form "Here is version N+1, it is insanely great. Everything prior to today is an obsolete archaism. On the plus side, this allows them to do interesting things with some regularity. On the minus side, this makes them quite happy to declare various features dead well before some of their customers are ready. The idea that they would dedicate engineering effort to allowing people with version N-1 or N-2 devices to run an obsolete OS runs against their priorities.

Re:Officially they never enabled it anyway

[fuzzyfuzzyfungus]

Wow. I don't get mistaken for a mac enthusiast often.

I think that your work in OS security may have induced a certain amount of myopia. My discussion purely applied to DRM systems because DRM systems are the only scenario where the 'attacker' has access to the system from day one(it's their device, or the software running on their PC); and wishes to compromise the system's security. With other classes of software, the person with personal access and the vendor are allies in wanting the system to be secure.

If you think I'm a non-technical idiot, pull your head out of the confines of one particular flavor of security work and do a little research:

It's pretty painless: Wikipedia has a list of iOS/baseband firmware versions, with handy notes about which baseband 'fixes' are there to deal with unlocking... A little googling will dig up some of the oddities involved in trying to mix versions. For virtually any DRM/walled garden system in wide consumer use(say, iDevice/PS3/xbox/Wii/PSP/DS/DSi) a quick google of 'Name downgrade' will pull up a sheet of results containing, depending on the system, a mixture of information on how to downgrade to more vulnerable firmware before running a hack or people with presently unhacked firmware on their devices hunting for downgrading information.

For the software case, one can look up various DRM-stripping tools, many of which will specify themselves as working only with certain older versions of the application that they attack, or (holding one's nose) attempt to connect to a DRMed service and be informed that you will need to upgrade to get access.

Within the specific domain of OS security I have no interest in arguing with your correctness; but you appear to have stepped into something quite different in attempting to talk about anti-customer security features, which are subject to their own peculiar dynamics... Try not to be rude when travelling.

I found...

[pinkj]

I found when I upgraded from iOS3 to iOS4 on my 1st gen iPad it caused it to work sluggishly. I was considering going back to iOS3 if possible and I'm even more afraid to go to iOS5. I got the iPad at xmas and not even 6 months in I felt I'm already behind in performance.

Re:I found...

[repetty]

Apple has this way of forcing you to upgrade your hardware by making it useless via forcing you to upgrade your software. This guarantees that you'll always be out buying the newest hardware so that you can continue to be a loyal customer to them.

Forcing you to upgrade your software? Offering features that sound good isn't exactly FORCING you to upgrade.

Actually, this is a very good point and one of the glaring problems that Apple iPhone and Apps Store has: No user-oriented software version control. (The vendor-oriented software version controls seems to work fine.)

Yes, you can upgrade wholesale but you cannot really manage your software with their version control.

Want to skip a version? Fuck you.
Want to roll back to a better, older, previously paid-for version? Fuck you.
Have to do a restore but like the older version? Fuck you.

iPhone users have little of the control that Mac OS X users are accustomed to. Really sucks and one reason I'm worried as Apple transmutes Mac OS X into a iOS clone.

Re:Desert without walls...

[tepples]

Yes, better to use Android, where there are no restrictions on downgrading.

I assume this was sarcasm. But the difference, as I understand it, is that on Android, a user doesn't need to downgrade to a jailbreakable version just to install applications outside the scope of what the central app store's curator allows. All Android-powered phones support adb install, and most support "Unknown sources". Even AT&T has been turning "Unknown sources" back on due to popular demand for Amazon Appstore.

Re:Grand until the update bricks your phone

[sglewis100]

Speaking from experience: I had a less-than-a-year-old iPhone 3g, which got semi-bricked when I installed the iOS 4 update last summer (stated as compatible, as in Vista-compatible).

At the time, I was able to downgrade back to a previous iOS release; but, being unable to call even emergency numbers for minutes (oh, if the phone didn't crash entirely) until they fixed their memory-hogging, badly written OS months later (iOS 4.2), would be a very bad thing.

If you had a less than a year old iPhone 3G, then you had a warranty. I can't imagine what you had to worry about. Oh, wait, I just saw the thing about being unable to call emergency numbers for MINUTES. This is good advice, and should be in the disclaimer in iTunes. Never start an iOS upgrade in the middle of a house robbery, or other event that might require you calling 911, unless you have another phone handy.

Re:Desert without walls...

There are levels of "pwning" a phone.

A HTC phone that is rooted, re-rommed (Cyanogen, etc), and S/OFF-ed is all yours completely. You can do what you want with it. There are sites that actually let you build your own custom ROM, including/excluding stuff as you see fit.

I'd probably say the levels are:

1: ADB access.
2: Ability to sideload.
3: Temporary root (until reboot).
4: Permanent root.
5: Carrier unlock.
6: Custom ROMs doable via kexec(), but kernel signed. This is how all Motorola phone but the Droid get custom ROMs.
7: Custom ROMs that do not need to do the kexec() gymnastics. New Android version? Go for it. Custom Linux kernel? Rock it.
8: Fastboot unlocked.

iPhones are different. At most, you can get to level 4 (which is roughly equivalent [1].) Having a completely customized IPSW is almost impossible to do, and there is no such thing as custom ROMs for the iPhone. You might be able to use Winterboard or other relatively minor modifications, but rebuilding the OS from the ground up isn't going to happen.

You can rule your phone completely with Android. You can customize an iPhone, but the device is still pretty much tightly controlled by Apple.

[1]: A true jailbreak takes a lot more work on an iPhone than a "#" sign on Android. A jailbreak requires a load of essentially the whole userlevel UNIX land (basic commands, Mobile Substrate, etc.) This is why the Dev Team is conservative on releases, because it is a very exacting process and one move can either force a DFU restore or if messing around with BB, a true bricking.