Submitted by Bob Bhatnagar on
Good news for owners of the iPhone 4S and iPad 2 looking to downgrade from iOS 5.1. iH8sn0w announced the discovery of a loophole that makes it possible to downgrade any A5 device to iOS 5.0.1. Not only this, but the developer has successfully restored an iPad 2 to iOS 5.0.1 using the procedure.
Found a loophole in Apple's apticket system. Restored my iPad 2 to 5.0.1 from 5.1. Works on all A5 devices. :)
— iH8sn0w (@iH8sn0w) March 25, 2012
Downgrading an iPhone, from iOS 5 to 4.3.3 for example, requires saved SHSH blobs since Apple stops signing older firmware when an update is released. It's likely that the loophole iH8sn0w has found will also require saved SHSH blobs to work.
Hopefully the loophole will be released to the general public, allowing iPhone 4S and iPad 2 owners to downgrade to iOS 5.0.1 in preparation for jailbreaking. Currently these iOS devices with the A5 processor can't be jailbroken tethered or untethered on iOS 5.1. There have been multiple warnings from the jailbreak community to avoid updating to 5.1 with stock Apple firmware if your device is jailbroken, or you plan to jailbreak anytime in the future.
iPhone Dev-Team explains how Apple made downgrading to older firmware more difficult starting with the release of iOS 5:
The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.No word yet on when the loophole discovered by iH8sn0w might be released to the public.