APTicket

APTickets are the new type of SHSH blobs, used by iOS 5.0 and newer. The client (iBSS/LLB/iBoot/SROM/BootROM) generates a random string (nonce), then iTunes and the device sends the request for blob signing and the server returns the data, just like the original SHSH protocol.

Restoring
When iTunes or the on-device firmware upgrader sends a request to Apple's servers to confirm the APTicket, instead of returning the one already stored on the server, a new one is generated. Furthermore, devices with iOS 5 depend on the APTicket being legitimate to be able to boot; the device will enter Recovery Mode if it isn't.

Downgrading
Saurik's original replay attack method of allowing downgrades for any firmware that had been backed up on his server was partially halted for iOS 5 users due to this new system; now it will back up APTickets, but it can't send it directly from his servers; Redsn0w and iFaith can stitch a stock or custom firmware to enable downgrading with APTicket, but it only works for devices vulnerable to Limera1n Exploit.

Faking APTickets is complicated because they are signed with a private key that only Apple knows and they are also partly generated from a random string (nonce).

iOS 4.3.5 and older can still be downgraded if SHSH blobs were saved.

iPad 2 users with iOS 4.3.x SHSH blobs can upload their 4.3.x iBSS via DFU and jump to iOS 5's iBEC. At this point, a signed IPSW can be used to restore to cached iOS 5 blobs. (This method is very effective on WiFi-only models. 3G models require the baseband to be installed/signed... Something like semaphore's TinyCFW can be implemented to get around this).

A vulnerability found independently by iH8sn0w and the iPhone Dev Team allowed downgrading all A5 devices running 5.x with their saved APTickets by restoring the latest firmware- verifying APTicket with the iBSS or iBoot then restoring the hacked firmware without APTicket- then when the restore ends, the requisite firmware is restored. This method theoretically works with BBTickets, but such a baseband downgrade was never out.

APTicket structure
APTicket is a piece DER encoded data. The format of the data is different for 32-bit and 64-bit devices, but these formats have something in common. Each APTicket has a header, signed DER encoded SET, which contains hashes of all signed images and some additional data, PKCS#1 signature and two certificates. The first certificate is an Apple Secure Boot Certificate and the second one is specific for each TSS server and device CPU.

Old APTicket format
Old APTickets begin with a SEQUENCE which contains a signature type. This signature type shall match one in the first certificate. Next comes a SET with ECID, chip ID, board ID, SHA1 hashes of all signed images and some boolean values indicating true. Seems like tag of each element in the SET describes it's meaning. Old APTickets end with a signature and two certificates.

IM4M APTicket format
These begin with an IA5String "IM4M" and an INTEGER which is likely a version number. SET in these APTickets contains data structures of similar format. Each structure is of constructed type with PRIVATE class and contains a SEQUENCE with IA5String and a SET. The string describes the contents of the SET. Lets call these structures tags and their strings types. Root tag has type MANB and contains all other tags. The first of the MANB tags is MANP. It stores some tags describing the device and some tags which purpose is unknown. Other MANB tags describe each signed image.