Jailbreak
From The iPhone Wiki
This is the process by which full execute and write access is obtained on all the partitions of the iPhone. It is done by patching /private/etc/fstab to mount the System partition as read-write. This is entirely different from an unlock. Jailbreaking is the first action that must be taken before things like unofficial activation (hacktivation), and unofficial unlocking can be applied.
The original jailbreak also included modifying the AFC service (used by iTunes to access the filesystem) to give full filesystem access from root. This was later updated to create a new service (AFC2) that allows access to the full filesystem.
Modern jailbreaks also include patching the kernel to get around code signing and other restrictions.
NOTE: The legality of jailbreaking your device varies with each country/region.
Version numbers are the first to jailbreak and last is the last supported version. Last will only be listed if a newer version is out that does not support the device and iOS.
Exploits which were used in order to jailbreak 1.x
1.0.2
- Restore Mode (iBoot had a command named cp, which had access to the whole filesystem)
1.1.1
- Symlinks (an upgrade jailbreak)
- libtiff exploit (Adapted from the PSP scene, used by JailbreakMe)
1.1.2
- Mknod (an upgrade jailbreak)
1.1.3 / 1.1.4 / 1.1.5
- Soft Upgrade (an upgrade jailbreak)
- Ramdisk Hack
- Dual Boot Exploit - Works up to iOS 2.0 beta 3
- diags - Works up to iOS 2.0 beta 5
Exploits which are used in order to jailbreak 2.x
2.0 / 2.0.1 / 2.0.2 / 2.1
2.1.1
2.2
- Pwnage + Pwnage 2.0 (iPhone, iPod touch, and iPhone 3G)
2.2.1
- Pwnage + Pwnage 2.0 (iPhone, iPod touch, and iPhone 3G)
- 0x24000 Segment Overflow + ARM7 Go (from iOS 2.1.1) (iPod touch 2G)
Exploits which are used in order to jailbreak 3.x
3.0 / 3.0.1
- Pwnage + Pwnage 2.0 (iPhone, iPod touch, and iPhone 3G)
- ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow ( iPod touch 2G)
- Pwnage + iBoot Environment Variable Overflow (iPhone, iPod touch, and iPhone 3G)
- 0x24000 Segment Overflow + iBoot Environment Variable Overflow (iPod touch 2G and iPhone 3GS)
3.1 / 3.1.1
- Pwnage + Pwnage 2.0 (together for untethered jailbreak on iPhone, iPod touch, and iPhone 3G)
- usb_control_msg(0x21, 2) Exploit (tethered jailbreak on iPod touch 2G new bootrom, iPhone 3GS new bootrom, and iPod touch 3G)
- 0x24000 Segment Overflow + usb_control_msg(0x21, 2) Exploit (iPod touch 2G old bootrom and iPhone 3GS old bootrom)
3.1.2
- Pwnage + Pwnage 2.0 (together for untethered jailbreak on iPhone, iPod touch, and iPhone 3G)
- usb_control_msg(0x21, 2) Exploit (tethered jailbreak on iPod touch 2G new bootrom, iPhone 3GS new bootrom, and iPod touch 3G)
- 0x24000 Segment Overflow + usb_control_msg(0x21, 2) Exploit (iPod touch 2G old bootrom and iPhone 3GS old bootrom)
- MobileBackup Copy Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (all devices, used in Spirit)
- Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (all devices, used in Star)
3.1.3
- Pwnage + Pwnage 2.0 (together for untethered jailbreak on iPhone, iPod touch, and iPhone 3G)
- 0x24000 Segment Overflow (for iPod touch 2G and iPhone 3GS devices with older bootroms)
- + Limera1n Exploit (iPhone 3GS old bootrom, used in sn0wbreeze)
- + usb_control_msg(0xA1, 1) Exploit (iPod touch 2G old bootrom, used in sn0wbreeze)
- usb_control_msg(0xA1, 1) Exploit+ Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (iPod touch 2G new bootrom, used in sn0wbreeze)
- Limera1n Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (iPod touch 3G and iPhone 3GS new bootrom, used in sn0wbreeze)
- MobileBackup Copy Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (all devices, used in Spirit)
- Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (all devices, used in Star)
3.2
- MobileBackup Copy Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (all devices, used in Spirit)
- Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (iPad, used in Star)
- Limera1n Exploit + Incomplete Codesign Exploit + BPF_STX Kernel Write Exploit (iPad used in sn0wbreeze 2.9.x)
3.2.1
- Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (iPad, used in Star)
- Limera1n Exploit + Incomplete Codesign Exploit + IOSurface Kernel Exploit (iPad, used in sn0wbreeze 2.9.x)
3.2.2
Exploits which are used in order to jailbreak 4.x
4.0 / 4.0.1
- Pwnage + Pwnage 2.0 (iPhone 3G)
- 0x24000 Segment Overflow (iPod touch 2G and iPhone 3GS devices with older bootroms)
- Malformed CFF Vulnerability + Incomplete Codesign Exploit + IOSurface Kernel Exploit (all devices, used in Star)
- Limera1n Exploit + Packet Filter Kernel Exploit (iPhone 3GS New bootrom, iPod touch 3G, iPhone 4 GSM model)
4.0.2
- Pwnage + Pwnage 2.0 (iPhone 3G)
- ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow (iPod touch 2G)
- 0x24000 Segment Overflow (iPhone 3GS)
- limera1n's bootrom exploit + Packet Filter Kernel Exploit (iPhone 3GS new bootrom, iPod touch 3G, iPhone 4 GSM model, and iPod touch 4G)
4.1
- Pwnage + Pwnage 2.0 (together to jailbreak the iPhone 3G)
- ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow (together for untethered jailbreak on iPod touch 2G old bootrom)
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
- limera1n's bootrom exploit + Packet Filter Kernel Exploit (together for untethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPhone 4 GSM model, iPod touch 4G, and Apple TV 2G))
- usb_control_msg(0xA1, 1) Exploit + Packet Filter Kernel Exploit (together for untethered jailbreak on iPod touch 2G)
4.2.1
- Pwnage + Pwnage 2.0 (together to jailbreak the iPhone 3G)
- ARM7 Go (from iOS 2.1.1) + 0x24000 Segment Overflow (together for untethered jailbreak on iPod touch 2G old bootrom)
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
- limera1n's bootrom exploit + HFS Legacy Volume Name Stack Buffer Overflow (together for untethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPad, iPhone 4 GSM model, iPod touch 4G, and Apple TV 2G)
- usb_control_msg(0xA1, 1) Exploit + HFS Legacy Volume Name Stack Buffer Overflow (together for untethered jailbreak on iPod touch 2G)
4.2.6 / 4.2.7 / 4.2.8
- limera1n's bootrom exploit + HFS Legacy Volume Name Stack Buffer Overflow (together for untethered jailbreak on iPhone 4 CDMA model)
- T1 Font Integer Overflow (used for Saffron)
4.2.9 / 4.2.10
- limera1n's bootrom exploit (Tethered jailbreak on iPhone 4 CDMA model)
4.3
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
- limera1n's bootrom exploit (tethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPad, iPhone 4 GSM model, iPod touch 4G, and Apple TV 2G)
- T1 Font Integer Overflow (used for Saffron)
4.3.1 / 4.3.2 / 4.3.3
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS old bootrom)
- limera1n's bootrom exploit + ndrv_setspec() Integer Overflow (together for untethered jailbreak on iPhone 3GS new bootrom, iPod touch 3G, iPad, iPhone 4 GSM model, and iPod touch 4G)
- T1 Font Integer Overflow (used for Saffron)
4.3.4 / 4.3.5
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
- limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4 GSM model, and iPod touch 4G)
Exploits which are used in order to jailbreak 5.x
5.0
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
- limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4, and iPod touch 4G)
- Racoon String Format Overflow Exploit (used both for payload injection and untether)+HFS Heap Overflow- iPhone 4S only
5.0.1
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
- limera1n's bootrom exploit + Racoon String Format Overflow Exploit+HFS Heap Overflow on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4, and iPod touch 4G)
- Racoon String Format Overflow Exploit (used both for payload injection and untether)+HFS Heap Overflow - iPad 2 and iPhone 4S with Absinthe
5.1
- limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4, and iPod touch 4G)
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
5.1.1
- limera1n Exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
- limera1n Exploit + Rocky Racoon (together for untethered jailbreak on iPhone 3GS with new bootrom, iPhone 4, iPod touch 3G, and iPod touch 4G)
Exploits which are used in order to jailbreak 6.x
6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2
- limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPhone 4, and iPod touch 4G)
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
- Symbolic Link Vulnerability
- Timezone Vulnerability
- Shebang Trick
- AMFID code signing evasion
- launchd.conf untether
- IOUSBDeviceFamily Vulnerability
- ARM Exception Vector Info Leak
- dynamic memmove() locating
- vm_map_copy_t corruption for arbitrary memory disclosure
- kernel memory write via ROP gadget
Jailbreak Tools
Apple TV 2G
| Jailbreak Tool | Works with firmware... | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4.1/4.0 | 4.2/4.1 | 4.2.1/4.1.1 | 4.3/4.2 | 4.3/4.2.1 | 4.3/4.2.2 | 4.3 | 4.4/5.0 | 4.4.1/5.0 | 4.4.2/5.0 | 4.4.3/5.0.1 | 4.4.4/5.0.1 | 5.0/5.1 | 5.0.1/5.1.1 | 5.0.2/5.1.1 | 5.1/6.0 | 5.1.1/6.0.1 | 5.2/6.1 | 5.2.1/6.1.3 | |
| evasi0n | No | 1.0 | No | ||||||||||||||||
| greenpois0n | no package management GUI | No | RC6-RC6.1 | No | |||||||||||||||
| limera1n | no package management GUI | No | |||||||||||||||||
| PwnageTool | no package management GUI | Restore from a custom firmware with unofficial bundle1 | 4.2 | No | 4.3-4.3.3.1 | 4.3-4.3.3.12 | No | 5.1.1 (no package management GUI) | No | ||||||||||
| redsn0w | No | 0.9.6rc16 | No | 0.9.15b11 | 0.9.15b33 | ||||||||||||||
| Seas0nPass (Mac) | No | 0.6.71 - 0.7.1 | 0.7.21 | 0.7.31 - 0.7.5 | 0.7.6.??? - 0.7.7.??? | 0.7.8.??? | 0.7.9.???1 | 0.7.9.2101 | 0.7.9.2301 | 0.7.9.2701 | 0.7.9.2901 - 0.8.0.320 | 0.8.3.4701 | 0.8.4.5181 - 0.8.5.555 | 0.8.6.565 | No | 0.8.9.655 | No | ||
| Seas0nPass (Windows) | No | 0.3.7.???? | 0.3.13.???? | 0.3.29.???? - 0.3.45.4035 | 0.3.37.????1 | 0.3.42.33351 | 0.3.44.????1 | 0.3.45.40351 - 0.8.3.5592 | 0.8.3.55921 | 0.8.4.63061 - 0.8.5.6546 | 0.8.6.7558 | No | 0.8.9.11241 | No | |||||
| sn0wbreeze | no package management GUI | No | 2.5-2.7.1 | No | 2.9.8 | No | |||||||||||||
1 Tethered jailbreak.
2 User needs to manually add PwnageTool firmware bundle into application.
3 Point at 6.0 IPSW. Also Tethered jailbreak.
Apple TV 3G
| Jailbreak Tool | Works with firmware... | ||||||
|---|---|---|---|---|---|---|---|
| 5.0/5.1 | 5.0.1/5.1 | 5.0.2/5.1.1 | 5.1/6.0 | 5.1.1/6.0.1 | 5.2/6.1 | 5.2.1/6.1.3 | |
| Absinthe | No | ||||||
| evasi0n | No | ||||||
| redsn0w | No | ||||||
| Seas0npass | No | ||||||
| Sn0wbreeze | No | ||||||
Apple TV 3G Rev A
| Jailbreak Tool | Works with firmware... | ||
|---|---|---|---|
| 5.2/6.1 | 5.2.1/6.1.3 | ||
| Absinthe | No | ||
| evasi0n | No | ||
| redsn0w | No | ||
| Seas0npass | No | ||
| Sn0wbreeze | No | ||
iPad
| Jailbreak Tool | Works with firmware... | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 3.2 | 3.2.1 | 3.2.2 | 4.2.1 | 4.3 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 5.0 | 5.0.1 | 5.1 | 5.1.1 | |
| Absinthe | No | 2.0-2.0.4 | No | 2.0-2.0.4 | ||||||||||
| greenpois0n | No | RC4 | RC5-RC6.1 | No | ||||||||||
| limera1n | No | Yes | No | |||||||||||
| PwnageTool | No | 4.1-4.1.3 | 4.2 | No | 4.3 | 4.3.2 | 4.3.3-4.3.3.1 | 4.3.31 3 | 4.3.3???1 3 | 4.3.31 3 | 5.0.1 | No | 5.1.1 | |
| redsn0w | No | 0.9.6b22-0.9.11b4 | 0.9.6b41 2-0.9.11b4 | 0.9.6rc91-0.9.11b41 | 0.9.6rc9-0.9.11b4 | 0.9.6rc14-0.9.11b4 | 0.9.6rc16-0.9.11b4 | 0.9.8b3-0.9.11b41 | 0.9.8b7-0.9.11b41 | 0.9.9b3-0.9.11b41 | 0.9.10b4-0.9.11b4 | 0.9.10b61-0.9.11b41 | 0.9.12b1 | |
| Saffron | No | Yes | No | |||||||||||
| sn0wbreeze | No | 2.1-2.9.3 | 2.2-2.9.3 | 2.3b41-2.9.31 | 2.5-2.9.3 | 2.6-2.9.3 | 2.7-2.9.3 | No | 2.8b81-2.9.31 | 2.8b111-2.9.3 | 2.9.21-2.9.31 | 2.9.7 | ||
| Spirit | Yes | No | ||||||||||||
| Star | Yes | No | ||||||||||||
1 Tethered jailbreak
2 An earlier version of Cydia is installed.
3 Requires an unofficial PwnageTool bundle.
iPad 2
| Jailbreak Tool | Works with firmware... | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4.3 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 5.0 | 5.0.1 | 5.1 | 5.1.1 | 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| Absinthe | No | 0.2-0.4 | No | 2.01-2.0.4 | No | ||||||||||
| evasi0n | No | 1.0 | 1.4 | No | |||||||||||
| redsn0w | No | 0.9.10b7-0.9.11b4 | No | 0.9.12b1 | No | ||||||||||
| Saffron | No | Yes | No | ||||||||||||
1 Not compatible with iPad 2 (Wi-Fi) Rev A
iPad 3
| Jailbreak Tool | Works with firmware... | ||||||
|---|---|---|---|---|---|---|---|
| 5.1 | 5.1.1 | 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| Absinthe | No | 2.0-2.0.4 | No | ||||
| evasi0n | No | 1.0 | 1.4 | No | |||
| redsn0w | No | 0.9.12b1 | No | ||||
iPad 4
| Jailbreak Tool | Works with firmware... | ||||
|---|---|---|---|---|---|
| 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| evasi0n | 1.0 | 1.4 | No | ||
iPad mini 1G
| Jailbreak Tool | Works with firmware... | |||||
|---|---|---|---|---|---|---|
| 6.0 | 6.0.1 | 6.0.2 | 6.1 | 6.1.2 | 6.1.3 | |
| evasi0n | 1.0 | 1.4 | No | |||
iPhone
| Jailbreak Tool | Works with firmware... | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1.0.0 | 1.0.1 | 1.0.2 | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.4 | 2.0 | 2.0.1 | 2.0.2 | 2.1 | 2.2 | 2.2.1 | 3.0 | 3.0.1 | 3.1 | 3.1.2 | 3.1.3 | |
| AppSnapp | No | Yes | No | |||||||||||||||
| AppTapp Installer | Yes | No | ||||||||||||||||
| blackra1n | No | Yes | No | |||||||||||||||
| iBrickr | 0.5-0.91 | 0.6-0.91 | No | |||||||||||||||
| iLiberty / iLiberty+ | No | Yes | No | |||||||||||||||
| OktoPrep | No | Update from jailbroken 1.1.1 | No | |||||||||||||||
| purplera1n | No | Yes | No | |||||||||||||||
| PwnageTool | No | 1.1.4 | 2.0/2.0.3 | 2.0.1/2.0.3 | 2.0.2/2.0.3 | 2.1 | 2.2 | 2.2.5 | 3.0 | No | 3.1/3.1.3 | 3.1.4 | 3.1.5 | |||||
| QuickPwn | No | Yes | No | |||||||||||||||
| redsn0w | No | 0.9.3 | 0.9.4 | |||||||||||||||
| Soft Upgrade | No | Update from jailbroken 1.1.2 | No | |||||||||||||||
| Star | No | Yes | ||||||||||||||||
| ZiPhone | No | Yes | No | |||||||||||||||
iPhone 3G
| Jailbreak Tool | Works with firmware... | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2.0 | 2.0.1 | 2.0.2 | 2.1 | 2.2 | 2.2.1 | 3.0 | 3.0.1 | 3.1 | 3.1.2 | 3.1.3 | 4.0 | 4.0.1 | 4.0.2 | 4.1 | 4.2.1 | |
| blackra1n | No | Yes | No | |||||||||||||
| limera1n | No | Yes | No | |||||||||||||
| PwnageTool | 2.0-2.0.1 | 2.0.1-2.0.3 | 2.0.2-2.0.3 | 2.1 | 2.2 | 2.2.5 | 3.0 | No | 3.1-3.1.3 | 3.1.4 | 3.1.5 | 4.0-4.01 | No | 4.1-4.1.3 | 4.2 | |
| redsn0w | No | 0.8 | 0.9.2-0.9.3 | 0.9.2-0.9.3 | 0.9.4 | 0.9.5b3-0.9.6b3 | 0.9.6b1-0.9.6rc19 | |||||||||
| sn0wbreeze | No | 1.0-2.0.2 | 1.5-2.0.2 | 1.6-2.0.2 | No | 2.1 | 2.2-2.2.1 | |||||||||
| Spirit | No | Yes | No | |||||||||||||
| Star | No | Yes | No | |||||||||||||
iPhone 3GS
| Jailbreak Tool | Works with firmware... | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 3.0 | 3.0.1 | 3.1 | 3.1.2 | 3.1.3 | 4.0 | 4.0.1 | 4.0.2 | 4.1 | 4.2.1 | 4.3 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 5.0 | 5.0.1 | 5.1 | 5.1.1 | 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | ||||
| Absinthe | No | 2.0-2.0.4 | No | |||||||||||||||||||||||||
| blackra1n | No | Tethered1 | No | |||||||||||||||||||||||||
| evasi0n | No | 1.0 | 1.4 | No | ||||||||||||||||||||||||
| limera1n | No | Yes | No | |||||||||||||||||||||||||
| greenpois0n | No | RC4 | RC5-RC6.1 | No | ||||||||||||||||||||||||
| purplera1n | Yes | No | ||||||||||||||||||||||||||
| PwnageTool | No | Yes2 | 3.1.42 | Yes2 | Yes2 3 | 4.1-4.1.3 | 4.2 | 4.21 3 | 4.3 | 4.3.2 | 4.3.3-4.3.3.1 | No | 5.0.1 | No | 5.1.1 | No | ||||||||||||
| redsn0w | 0.8 | 0.9.21 or 0.9.31 | No | 0.9.6b2-0.9.10b8b | 0.9.6b41 | 0.9.6rc91 | 0.9.6rc91 | 0.9.6rc131 | 0.9.6rc16 | 0.9.8b31 | 0.9.8b71 | 0.9.9b31 | 0.9.9b91 | 0.9.10b61 | 0.9.12b1 | 0.9.15b11 | 0.9.15b14 | |||||||||||
| Saffron | No | Yes | No | |||||||||||||||||||||||||
| sn0wbreeze | No | 2.0.21 2-2.9.3 | 2.1-2.9.3 | 2.2-2.9.3 | 2.3b41-2.9.3 | 2.5-2.9.3 | 2.6-2.9.3 | 2.7-2.9.3 | No | 2.8b81-2.9.31 | 2.8b111-2.9.3 | 2.9.21-2.9.31 | 2.9.7 | 2.9.8 | 2.9.10 | No | ||||||||||||
| Spirit | No | Yes | No | |||||||||||||||||||||||||
| Star | No | No | Yes | No | ||||||||||||||||||||||||
1 Tethered jailbreak on devices with the new bootrom.
2 Only applicable for devices with the old bootrom.
3 Requires an unofficial firmware bundle.
iPhone 4 (GSM model)
| Jailbreak Tool | Works with firmware... | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4.0 | 4.0.1 | 4.0.2 | 4.1 | 4.2.1 | 4.3 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 5.0 | 5.0.1 | 5.1 | 5.1.1 (9B206) | 5.1.1 (9B208) | 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| Absinthe | No | 2.0 | 2.0.2 | No | |||||||||||||||||
| evasi0n | No | 1.0 | 1.4 | No | |||||||||||||||||
| greenpois0n | No | RC4 | RC5-RC6.1 | No | |||||||||||||||||
| limera1n | Yes | No | |||||||||||||||||||
| PwnageTool | No | 4.1-4.1.3 | 4.2 | 4.21 3 | 4.3 | 4.3.2 | 4.3.3-4.3.3.1 | 4.3.31 3 | 5.0.1 | No | 5.1.1 | No | |||||||||
| redsn0w | No | 0.9.6b2-0.9.6rc16 | 0.9.6b41-0.9.6rc16 or 0.9.7b61 2 |
0.9.6rc91-0.9.6rc161 | 0.9.6rc91-0.9.6rc16 | 0.9.6rc131-0.9.6rc16 | 0.9.6rc16 | 0.9.8b31 | 0.9.8b71 | 0.9.9b31 | 0.9.10b6 | 0.9.10b61 | 0.9.12b1-0.9.14b2 | 0.9.15b11 | 0.9.15b14 | ||||||
| Saffron | No | Yes | No | ||||||||||||||||||
| sn0wbreeze | No | 2.1 | 2.2 | 2.3b41 | 2.5 | 2.6-2.6.1 | 2.7-2.7.1 | No | 2.8b81 | 2.9.1 | No | 2.9.6 | 2.9.8 | 2.9.10 | No | ||||||
| Star | Yes | No | |||||||||||||||||||
1 Tethered jailbreak.
2 If SHSHs were saved for iOS 4.2b3 and if you have a developer access to its IPSW, Jailbreak Monte can be used.
3 Requires an unofficial firmware bundle.
iPhone 4 (GSM Rev A model)
| Jailbreak Tool | Works with firmware... | ||||
|---|---|---|---|---|---|
| 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| evasi0n | 1.0 | 1.4 | No | ||
| redsn0w | 0.9.15b3 | ||||
| sn0wbreeze | 2.9.8 | 2.9.10 | No | ||
Must point redsn0w at the 6.0 IPSW. Tethered.
iPhone 4 (CDMA model)
| Jailbreak Tool | Works with firmware... | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4.2.5 | 4.2.6 | 4.2.7 | 4.2.8 | 4.2.9 | 4.2.10 | 5.0 | 5.0.1 | 5.1 | 5.1.1 | 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| Absinthe | No | 2.0 | No | 2.0 | No | ||||||||||
| evasi0n | No | 1.0 | 1.4 | No | |||||||||||
| greenpois0n | No | RC5 b4-RC6.1 | No | ||||||||||||
| PwnageTool | No | 4.2 | No | 4.22 | No | 5.0.1 | No | ||||||||
| redsn0w | No | 0.9.6rc9-0.9.10b8b | 0.9.8b2-0.9.10b8b | 0.9.6rc18-0.9.10b8b | 0.9.8b31-0.9.10b8b1 | 0.9.8b71-0.9.10b8b1 | 0.9.9b31-0.9.10b8b1 | 0.9.9b91-0.9.10b8b | 0.9.10b61-0.9.10b8b1 | 0.9.12b1 | 0.9.14b11 | 0.9.15b33 | |||
| Saffron | No | Yes | No | ||||||||||||
| sn0wbreeze | No | 2.2-2.9.3 | 2.6-2.9.3 | 2.7-2.9.3 | No | 2.8b91-2.9.31 | 2.8b111-2.9.3 | 2.9.21-2.9.31 | 2.9.7 | 2.9.8 | 2.9.10 | No | |||
1 Tethered jailbreak.
2 Requires unofficial bundle.
3 Requires pointing redsn0w at 6.0 IPSW. Also tethered.
iPhone 4S
| Jailbreak Tool | Works with firmware... | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| 5.0 | 5.0.1 (9A405) | 5.0.1 (9A406) | 5.1 | 5.1.1 | 6.0 | 6.0.1 | 6.1 | 6.1.1 | 6.1.2 | 6.1.3 | |
| Absinthe | 0.1.2-1 | No | 2.0 | No | |||||||
| evasi0n | No | 1.0 | 1.3 | 1.4 | No | ||||||
| redsn0w | No | 0.9.10b7 | 0.9.11b2 | No | 0.9.12b1 | No | |||||
iPhone 5
| Jailbreak Tool | Works with firmware... | ||||||
|---|---|---|---|---|---|---|---|
| 6.0 | 6.0.1 | 6.0.2 | 6.1 | 6.1.2 | 6.1.3 | 6.1.4 | |
| evasi0n | 1.0 | 1.4 | No | ||||
iPod touch
| Jailbreak Tool | Works with firmware... | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1.1 | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.4 | 1.1.5 | 2.0 | 2.0.1 | 2.0.2 | 2.1 | 2.2 | 2.2.1 | 3.0 | 3.1 | 3.1.2 | 3.1.3 | |
| AppSnapp | No | Yes | No | |||||||||||||
| blackra1n | No | Yes | No | |||||||||||||
| iLiberty / iLiberty+ | No | Yes | No | |||||||||||||
| OktoPrep | No | Update from jailbroken 1.1.1 | No | |||||||||||||
| purplera1n | No | Yes | No | |||||||||||||
| PwnageTool | No | 1.1.4 | No | 2.0/2.0.3 | 2.0.1/2.0.3 | 2.0.2/2.0.3 | 2.1 | 2.2 | 2.2.5 | 3.0 | 3.1/3.1.3 | 3.1.4 | 3.1.5 | |||
| QuickPwn | No | Yes | No | |||||||||||||
| redsn0w | No | 0.9.3 | 0.9.4 | |||||||||||||
| Soft Upgrade | No | Update from jailbroken 1.1.2 | No | |||||||||||||
| Star | No | Yes | ||||||||||||||
| ZiPhone | No | Yes | No | |||||||||||||
iPod touch 2G
This table needs improvement. (Particularly, information for redsn0w and anything notable for 2.x.)
| Jailbreak Tool | Works with firmware... | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2.1.1 | 2.2 | 2.2.1 | 3.0 | 3.1.1 | 3.1.2 | 3.1.3 | 4.0 | 4.0.2 | 4.1 | 4.2.1 | |||||||||||
| blackra1n | No | Tethered3 | No | ||||||||||||||||||
| greenpois0n | No | RC4 | RC5/RC6.1 | ||||||||||||||||||
| purplera1n | No | Yes1 | No | ||||||||||||||||||
| PwnageTool | No | 3.1.32 | 3.1.41 | 3.1.51 | 4.01/4.011 | No | |||||||||||||||
| redsn0w | Tethered1 | No | 0.9.21/0.9.31 | 0.9.41 | 0.9.5b3/0.9.6b31 | 0.9.6b13/0.9.11b4 | 0.9.6b41/0.9.11b4 | ||||||||||||||
| sn0wbreeze | No | Public Beta-2.9.5 | 1.5-2.9.5 | 1.6-2.9.5 | No | 2.1-2.9.5 | 2.2-2.9.5 | ||||||||||||||
| Spirit | No | Yes | No | ||||||||||||||||||
| Star | No | Yes | No | ||||||||||||||||||
1 Only applicable for devices with the old bootrom.
2 Only applicable for devices with the old bootrom. Requires the device to have signature checks disabled (pwned).
3 Tethered jailbreak on devices with the new bootrom.
iPod touch 3G
| Jailbreak Tool | Works with firmware... | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 3.1.1 | 3.1.2 | 3.1.3 | 4.0 | 4.0.2 | 4.1 | 4.2.1 | 4.3 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 5.0 | 5.0.1 | 5.1 | 5.1.1 | |
| Absinthe | No | 0.1.2-1 through 0.4 | No | 2.0-2.0.4 | |||||||||||||
| blackra1n | Yes1 | No | |||||||||||||||
| greenpois0n | No | RC4 | RC5-RC6.1 | No | |||||||||||||
| limera1n | No | Yes | No | ||||||||||||||
| PwnageTool | No | 4.1-4.1.3 | 4.2 | No | 4.3 | 4.3.2 | 4.3.3-4.3.3.1 | No | 5.0.1 | No | |||||||
| redsn0w | 0.9.31 | No | 0.9.6b2-0.9.10b8b | 0.9.6b41
-0.9.10b8b |
0.9.6rc91
-0.9.10b8b1 |
0.9.6rc91
-0.9.10b8b |
0.9.6rc131
-0.9.10b8b |
0.9.6rc16-0.9.10b8b | 0.9.8b31
-0.9.10b8b1 |
0.9.8b71
-0.9.10b8b1 |
0.9.9b31
-0.9.10b8b1 |
0.9.9b91
-0.9.10b8b |
0.9.10b61
-0.9.10b8b1 |
0.9.12b1 | |||
| Saffron | No | Yes | No | Yes | No | ||||||||||||
| sn0wbreeze | No | 2.0.21-2.9.3 | 2.1-2.9.3 | 2.2-2.9.3 | 2.3b41-2.9.3 | 2.5-2.9.3 | 2.6-2.9.3 | 2.7-2.9.3 | No | 2.8b81-2.9.3 | 2.8b111-2.9.3 | 2.9.21-2.9.31 | 2.9.7 | ||||
| Spirit | No | Yes | No | ||||||||||||||
| Star | No | Yes | No | ||||||||||||||
iPod touch 4G
| Jailbreak Tool | Works with firmware... | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4.1 / 4.1 | 4.2.1 | 4.3 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 5.0 | 5.0.1 | 5.1 | 5.1.1 | 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| Absinthe | No | 2.0-2.0.1 | No | 2.0-2.0.1 | No | ||||||||||||
| evasi0n | No | 1.0 | 1.4 | No | |||||||||||||
| limera1n | Yes | No | |||||||||||||||
| greenpois0n | RC4 | RC5/RC6.1 | No | ||||||||||||||
| PwnageTool | 4.1-4.1.3 | 4.2 | No | 4.3 | 4.3.2 | 4.3.3-4.3.3.1 | 4.3.31 3 | No | 5.0.1 | No | |||||||
| redsn0w | 0.9.6b2-0.9.10b8b | 0.9.6b41-0.9.10b8b1 or 0.9.7b61 2 | 0.9.6rc91-0.9.10b8b1 | 0.9.6rc9-0.9.10b8b | 0.9.6rc13-0.9.10b8b | 0.9.6rc15-0.9.10b8b | 0.9.8b31-0.9.10b8b1 | 0.9.8b71-0.9.10b8b1 | 0.9.9b31-0.9.10b8b1 | 0.9.10b1-0.9.10b8b | 0.9.10b61-0.9.10b8b1 | 0.9.12b1 | 0.9.15b11 | 0.9.15b14 | |||
| Saffron | No | Yes | No | ||||||||||||||
| sn0wbreeze | 2.1-2.9.3 | 2.2-2.9.3 | 2.3b41-2.9.31 | 2.5-2.9.3 | 2.6-2.9.3 | 2.7-2.9.3 | No | 2.8b81-2.9.31 | 2.8b111-2.9.3 | 2.9.21-2.9.31 | 2.9.7 | 2.9.8 | 2.9.10 | No | |||
1 Tethered jailbreak.
2 If SHSHs were saved for iOS 4.2b3 and if you have a developer access to its IPSW, Jailbreak Monte can be used.
3 Requires an unofficial PwnageTool bundle.
4 Point at 6.0 IPSW. Tethered.
iPod touch 5G
| Jailbreak Tool | Works with firmware... | ||||
|---|---|---|---|---|---|
| 6.0 | 6.0.1 | 6.1 | 6.1.2 | 6.1.3 | |
| evasi0n | 1.0 | 1.4 | No | ||
