The process of brushing the computer is like this: you download a firmware in ipsw format from the Internet, open iTunes, connect your mobile phone, and the firmware can be brushed in. In fact, in the process of brushing, the data flows like this:

Ipsw file->; iTunes-& gt； Cpu of iOS device->; Flash memory /eMMC for iOS devices

One of the key points is that only CPU can write firmware into Flash/eMMC, so whether you can successfully refresh depends on whether CPU agrees or not. If the CPU doesn't agree, you can't brush it in.

(Why can't I write Flash/eMMC directly without CPU? This is because iOS devices are completely encrypted, that is, writing in Flash/eMMC must be encrypted first. This encryption key is written inside the CPU, and only the CPU knows it. And the key of each device is different.

Therefore, if you don't have the key, you can't write the correct data to Flash/eMMC, even if you take it off and brush it in. )

So how does the CPU decide whether to brush the machine? The firmware signature from the Apple server needs to be verified. If the firmware signature is correct, you can brush in the firmware. So iTunes must ask the Apple server for the signature of this firmware and provide it to the CPU. Apple server decides whether to provide signature or not according to the authenticity and version number of this firmware. So the Apple server has the right to decide whether you can brush the firmware.

You can imagine the following scenario:

ITunes: I want to brush in this firmware.

CPU: Then you have to provide the signature of this firmware.

ITunes asks Apple's verification server for the signature of this firmware.

ITunes: This is the signature of this firmware.

CPU: This signature is true! This bag can be brushed in.

If the firmware is out of date, the following will happen:

ITunes: I want to brush in this firmware.

CPU: Then you have to provide the signature of this firmware.

ITunes asks Apple's verification server for the signature of this firmware.

Apple Authentication Server: This firmware has expired, so I can't provide you with a signature.

Digital signature uses asymmetric encryption technology, which is unforgeable. So you can't forge your own signature)

Although a digital signature cannot be forged, it can be saved and replayed. A few years ago, you can use SHSH to brush in old firmware, which is the principle. You can imagine the following scenario:

ITunes: I want to brush in this firmware.

CPU: Then you have to provide the signature of this firmware.

ITunes took out an old signature that had been collected for many years.

ITunes: This is the signature of this firmware.

CPU: This signature is true! This bag can be brushed in.

(In fact, a fake verification server will be built to provide iTunes with old signatures collected for many years. )

This replay attack is easy to avoid, so now SHSH is useless. You can imagine the following scenario:

ITunes: I want to brush in this firmware.

CPU: Then you have to provide the signature of this firmware, which contains the random number fasdjhpgia；;

In the old signature in the collection, the random number is not fasdjhpgia, but another one, so it cannot be used.