What is iOS Jailbreaking?• iOS jailbreaking is the process of removing the limitations imposed by Apple on devices running the iOS operating system through the use of hardware/software exploits .• Jailbreaking allows iOS users to gain root access to the operating system.
Why Jailbreak?• One of the main reasons for jailbreaking is to expand the feature set limited by Apple and its App Store and get paid apps for free.• Users install these programs for purposes including personalization and customization of the interface, adding desired features and fixing annoyances,and making development work easier.
Processing Involved•Jailbreak itself is getting control over the root and mediapartition of your iDevice; where all the iOS’s files arestored at.•To do so /private/etc/fstab must be patched.•fstab is the switch room of your iDevice,controlling the permission of the root and mediapartition. The default is ‘read-only’, allowing eyesand no hands.
•The main problem is not getting the files in, but gettingthem trough various checkpoints. These checkpoints wereput by Apple to verify if the file is indeed legit, or a third-party.•When an iDevice boots up it goes trough a “chain oftrust”. It goes on the following (specific) order:Runs Bootrom: Also called “SecureROM” by Apple, it is thefirst significant code that runs on an iDevice.Runs Bootloader: Generally, it is responsible for loadingthe main firmware.
Loads Kernel: Bridge between the iOS and the actual dataprocessing done at the hardware level.Loads iOS: The final step to the chain, iOS starts and weget our nice “Slide to Unlock” view.•The jailbreaker objective is to either patch the checks orsimply bypass them.•Thus bringing us to the two main exploit categories:Bootrom exploit: Exploit done during the bootrom. Itcan’t be patched by conventional firmware update,and must be patched by new hardware.
•Since it’s before almost any checkpoint, the maliciouscode is injected before everything, thus allowing apassage way to be created to bypass all checks or simplydisable them.•Userland exploit: Exploit done during or after the kernelhas loaded and can easily be patched by Apple with asoftware update.•Since it’s after all the checks, it injects the malicious codedirectly into the openings back into the kernel. Theseopenings are not so easy to find, and once found can bepatched.
Types Of Jailbreak•Tethered:With a tethered jailbreak, if the device startsback up on its own, it will no longer have apatched kernel, and it may get stuck in apartially started state.•Untethered:An untethered jailbreak has the property that if theuser turns the device off and back on, the device willstart up completely.
How to Jailbreak?•redsn0w:redsn0w is a free iOS jailbreaking tool developed bythe iPhone Dev Team, capable of executingjailbreaks on many iOS devices.•Absinthe or greenpoisi0n:It is another tool created to jailbreak Apple iOSdevices, developed by Chronic Dev Team.
Cydia•Developed by Jay Freeman (also called "saurik") and his company, SaurikIT.•Cydia is a graphical front end to AdvancedPackaging Tool (APT) and the dpkg packagemanagement system, which means packagesavailable in Cydia are provided by a decentralizedsystem of repositories (also called sources) thatlist these packages.
iOS ‘Signature’ Feature•In September 2009 Cydia was improved to helpusers to downgrade their device to versions ofiOS not currently allowed by Apple.Cydia caches the digital signatures called SHSHblobs used by Apple to verify restores of iOS.•Cydias storage mechanism enables usersto downgrade a device to a prior version of iOS bymeans of a replay attack.
Installous•Installous is an iOS application developedby docmorelli and originally created by puy0.• Installous allows users to download, install,update and share cracked iOS applications ina clean and organized fashion. It has beeninstalled on nearly thirteen million differentdevices.
Jailbreak Terminologies•Baseband:This has everything to do with your service and signal. This is whymost unlockers have to be extremely careful when upgrading. Ifthe baseband changes, it can permanently keep them fromachieving an unlock.•Blobs :When you upgrade firmware in iTunes, you’ll see at the top whenyou start a restore “Verifying restore with Apple”. SHSH blobsbasically give iTunes a fake hand to shake, which in turn, makesiTunes think your restore has been verified.
•DFU mode :Stands for device firmware update. DFU mode will talk toiTunes but it bypasses iBoot which will then allow you todowngrade firmware. Most jailbreaks will require DFUmode for these reasons as opposed to recovery mode.•SpringBoard:The graphical user interface on iOS devices.•Respring:Process of restarting the springboard. Many Cydiapackages will require users to do this in order to installand execute bottom level files.
Top 10 Cydia Tweaks1.Byta Font2.SB Settings3.Barrel4.Zephyr5.Call Bar6.Activator7.Swipe Selection8.Bigify+9.Springtomize10.Bite SMS
Open SSH•The iPhone runs on a basic variant of Macs OS X operatingsystem, which is Unix-based. This means that if youre soinclined, you could jailbreak the iPhone platform and installcertain Unix apps with SSH daemon to accept remoteconnections -- thus turning the iPhone into a tiny computer.•This is a useful utility for the users in order to allow SSHaccess to the device. Once the SSH gets access to thesystem, you can use the SSH clients to access the main fileof your device for editing.
•SSH consumes more battery power and allows thehackers to get access to your file system if you forget toclose or disable SSH. Changing root password is necessary.
Legal Issues• Under the Digital Millennium Copyright Act,jailbreaking iPhones is legal in the United States,although Apple has announced that the practice"can violate the warranty“.•As of July 26, 2010, the U.S. Copyright Office hasapproved exemptions to the DMCA that allowiPhone users to jailbreak their devices legally.