firmwareumbrella has noticed something in the latest iPhone firmware. The shsh file has a new key named APITicket. It hints that with this key, Apple can stop us from bypassing their TSS server for local restores like restoring the jailbroken firmware.

So a guess is that in future version of iTunes, the TSS request/response will be handled by the original bootrom of the device. This can stop users from restoring the jailbroken firmware.

Firmwareumbrella explains:

“The newer iTunes versions will send a certificate request in the TSS request by adding a new key to the TSS request. Their TSS server will create a new certificate with an effective date attached to it. (Making it invalid if used after that date). Until the new bootrom rolls out, iTunes will handle the decrypting of the response blobs using the nifty new signed certificate response ala APTicket. Once Apple ships new devices with the bootrom capable of validating the new APTicket (or whatever they call it in the future) they can add logic to check the bootrom of the device and conditionally process the response from the TSS server(for old bootroms) or allow the device to process it(for new bootroms).”

GeoHotz’ response to firmwareumbrella’s blog post is:

Let’s see if hackers are smarter than Apple.

[via ihackintosh, source firmwareumbrella. Image by Kenneth Hynek]