> if Apple produce a signed iOS version that allows the passcode retry limit to be bypassed on a single device, then in what meaningful sense does it operate on another device?
What prevents the iOS image from being loaded onto another device?
Apple isn't magic; the code they write to verify device identity isn't going to be the first perfect, unbuggy, unexploitable code written in human history. if(device_udid == terrorist_id) {...} might seem infallible, to you, but the reality is that the device_udid is just SHA1(Wifi MAC + Bluetooth MAC + ECID + Serial). All of those are writable, some via the Baseband and some via physical access. Generating SHA1 collisions is completely feasible for ~$1,000,000 of computing time, which is chump change to nation states.
There is no infallible way for Apple to make an iOS version for one single device.
What prevents the iOS image from being loaded onto another device?
Apple isn't magic; the code they write to verify device identity isn't going to be the first perfect, unbuggy, unexploitable code written in human history. if(device_udid == terrorist_id) {...} might seem infallible, to you, but the reality is that the device_udid is just SHA1(Wifi MAC + Bluetooth MAC + ECID + Serial). All of those are writable, some via the Baseband and some via physical access. Generating SHA1 collisions is completely feasible for ~$1,000,000 of computing time, which is chump change to nation states.
There is no infallible way for Apple to make an iOS version for one single device.
Edit: And stories like http://abcnews.go.com/Technology/york-da-access-175-iphones-... make it absolutely clear that this is not stoping at a single device.