This document provides an overview of iOS jailbreaking. It explains that jailbreaking removes limitations imposed by Apple to allow root access and installation of unauthorized apps. Reasons for jailbreaking include customization, adding features, and making development easier. The document discusses the jailbreaking process, which involves exploiting checkpoints in the device startup process. It also covers jailbreak tools, repositories for unauthorized apps like Cydia, common jailbreak terms, and legal issues.
2. What is iOS Jailbreaking?
• iOS jailbreaking is the process of removing
the limitations imposed by Apple on devices
running the iOS operating system through the
use of hardware/software exploits .
• Jailbreaking allows iOS users to gain root
access to the operating system.
3. Why Jailbreak?
• One of the main reasons for jailbreaking is to
expand the feature set limited by Apple and its App
Store and get paid apps for free.
• Users install these programs for purposes including
personalization and customization of the
interface, adding desired features and fixing
annoyances,and making development work easier.
4. Processing Involved
•Jailbreak itself is getting control over the root and media
partition of your iDevice; where all the iOS’s files are
stored at.
•To do so /private/etc/fstab must be patched.
•fstab is the switch room of your iDevice,
controlling the permission of the root and media
partition. The default is ‘read-only’, allowing eyes
and no hands.
5. •The main problem is not getting the files in, but getting
them trough various checkpoints. These checkpoints were
put by Apple to verify if the file is indeed legit, or a third-
party.
•When an iDevice boots up it goes trough a “chain of
trust”. It goes on the following (specific) order:
Runs Bootrom: Also called “SecureROM” by Apple, it is the
first significant code that runs on an iDevice.
Runs Bootloader: Generally, it is responsible for loading
the main firmware.
6. Loads Kernel: Bridge between the iOS and the actual data
processing done at the hardware level.
Loads iOS: The final step to the chain, iOS starts and we
get our nice “Slide to Unlock” view.
•The jailbreaker objective is to either patch the checks or
simply bypass them.
•Thus bringing us to the two main exploit categories:
Bootrom exploit: Exploit done during the bootrom. It
can’t be patched by conventional firmware update,
and must be patched by new hardware.
7. •Since it’s before almost any checkpoint, the malicious
code is injected before everything, thus allowing a
passage way to be created to bypass all checks or simply
disable them.
•Userland exploit: Exploit done during or after the kernel
has loaded and can easily be patched by Apple with a
software update.
•Since it’s after all the checks, it injects the malicious code
directly into the openings back into the kernel. These
openings are not so easy to find, and once found can be
patched.
8. Types Of Jailbreak
•Tethered:
With a tethered jailbreak, if the device starts
back up on its own, it will no longer have a
patched kernel, and it may get stuck in a
partially started state.
•Untethered:
An untethered jailbreak has the property that if the
user turns the device off and back on, the device will
start up completely.
9. How to Jailbreak?
•redsn0w:
redsn0w is a free iOS jailbreaking tool developed by
the iPhone Dev Team, capable of executing
jailbreaks on many iOS devices.
•Absinthe or greenpoisi0n:
It is another tool created to jailbreak Apple iOS
devices, developed by Chronic Dev Team.
10. Cydia
•Developed by Jay Freeman (also called "saurik")
and his company, SaurikIT.
•Cydia is a graphical front end to Advanced
Packaging Tool (APT) and the dpkg package
management system, which means packages
available in Cydia are provided by a decentralized
system of repositories (also called sources) that
list these packages.
11. iOS ‘Signature’ Feature
•In September 2009 Cydia was improved to help
users to downgrade their device to versions of
iOS not currently allowed by Apple.
Cydia caches the digital signatures called SHSH
blobs used by Apple to verify restores of iOS.
•Cydia's storage mechanism enables users
to downgrade a device to a prior version of iOS by
means of a replay attack.
12. Installous
•Installous is an iOS application developed
by docmorelli and originally created by puy0.
• Installous allows users to download, install,
update and share cracked iOS applications in
a clean and organized fashion. It has been
installed on nearly thirteen million different
devices.
13. Jailbreak Terminologies
•Baseband:
This has everything to do with your service and signal. This is why
most unlockers have to be extremely careful when upgrading. If
the baseband changes, it can permanently keep them from
achieving an unlock.
•Blobs :
When you upgrade firmware in iTunes, you’ll see at the top when
you start a restore “Verifying restore with Apple”. SHSH blobs
basically give iTunes a fake hand to shake, which in turn, makes
iTunes think your restore has been verified.
14. •DFU mode :
Stands for device firmware update. DFU mode will talk to
iTunes but it bypasses iBoot which will then allow you to
downgrade firmware. Most jailbreaks will require DFU
mode for these reasons as opposed to recovery mode.
•SpringBoard:
The graphical user interface on iOS devices.
•Respring:
Process of restarting the springboard. Many Cydia
packages will require users to do this in order to install
and execute bottom level files.
16. Top 10 Cydia Tweaks
1.Byta Font
2.SB Settings
3.Barrel
4.Zephyr
5.Call Bar
6.Activator
7.Swipe Selection
8.Bigify+
9.Springtomize
10.Bite SMS
17. Open SSH
•The iPhone runs on a basic variant of Mac's OS X operating
system, which is Unix-based. This means that if you're so
inclined, you could jailbreak the iPhone platform and install
certain Unix apps with SSH daemon to accept remote
connections -- thus turning the iPhone into a tiny computer.
•This is a useful utility for the users in order to allow SSH
access to the device. Once the SSH gets access to the
system, you can use the SSH clients to access the main file
of your device for editing.
18. •SSH consumes more battery power and allows the
hackers to get access to your file system if you forget to
close or disable SSH. Changing root password is necessary.
19. Legal Issues
• Under the Digital Millennium Copyright Act,
jailbreaking iPhones is legal in the United States,
although Apple has announced that the practice
"can violate the warranty“.
•As of July 26, 2010, the U.S. Copyright Office has
approved exemptions to the DMCA that allow
iPhone users to jailbreak their devices legally.