Understanding the drama.
Apple's Iphone security mechanism, however, fails this test. Rather than even using a simple random number, they use a hardcoded challenge per device. The specific number they have chosen is the device's ECID, or "unique-chip-id", a number that all devices have so far had, although we haven't seen any previous use for it.
This means that, given an ECID, one can ask Apple's signature server to sign any firmware that they currently consider "OK" (which returns a blob that includes the critical SHSH, which is the signature hash) and then store the result forever.
In practice, there is only one critical file that we need signed: the one with the bug. ;P This is the iBSS, which is one of the modes of iBoot. Given that ECID/iBSS signature, one can load the buggy code and then continue with the jailbreak.
All you need, then, is to make iTunes use it. Luckily, most operating systems also have the ability to locally define bypasses on specific hostnames through a file called hosts. Using this, you can redirect requests to Apple's signature server Cydia or to your own server.
xx.xxx.xx.xxx gx.apple.xom "Apple's signature server that's not the right number... but I do have the right one."
Now, when iTunes thinks it is talking to Apple, it is talking to Cydia or to your own server instead. Doing this will allow iTunes to access signatures already stored by Cydia's "on file" feature.
This server will also act as a cache for any SHSH blobs it hasn't seen, acting as an intermediary to Apple's server. This effectively registers your device with the "on file" mechanism, which means you can now enjoy the protections of being able to downgrade your firmware in the future even if you aren't jailbroken.
Ps: You can create your own local itunes server.
What is an UDID number?
A UDID, or “Unique Device Identifier,” is simply a specific serial number for your iDevice. There are multiple advantages to having this device-specific serial, but it mainly serves as a way to document the existence of your device and to track it.
"I have changed my UDID to be of a different serial. For every app I download, I randomize the UDID again. It’s needed in the steps to help protect yourself."
What is an SHSH/BLOBS/HASHES?
An SHSH Blob (for Signature HaSH) is a 128-byte RSA signature used to verify the validity of firmware on newer (iPhone 3GS or iPod Touch 2G onward) Apple iOS devices.
SHSH Blobs are used in a challenge-response authentication of the firmware, where the challenge key comes in a combination of a hash of the firmware and the Exclusive Chip ID (ECID) of the device. The response from Apple is the SHSH itself, the digital signature required to validate the firmware.
Because the challenge key is static, a cached copy of the signature may be used in a replay attack to trick the signing software (iTunes) into validating an old firmware. Using this technique is necessary to restore to previous versions of the iOS on the iPhone 3GS, iPhone 4, iPod Touch 2G, iPod Touch 3G, iPod Touch 4G, and iPad. Downgrading the iOS in such a manner may be used for iOS jailbreaking, since older software may have known exploits.
Now the drama.
I might need to get a new Iphone...
New Iphone,new hashes needed as they are unique to each device.
My Blobs from 4.0 to 4.1.2 plus 4.3Beta will be lost.
