Difference between revisions of "Jailbreak"

From The iPhone Wiki
Jump to: navigation, search
(iPhone 4)
(Exploits which are used in order to jailbreak 2.0 and above)
Line 23: Line 23:
 
*[[MobileBackup Copy Exploit]] + [[Incomplete Codesign Exploit]] + [[BPF_STX Kernel Write Exploit]] (together for [[Spirit]])
 
*[[MobileBackup Copy Exploit]] + [[Incomplete Codesign Exploit]] + [[BPF_STX Kernel Write Exploit]] (together for [[Spirit]])
 
*[[Malformed CFF Vulnerability]] + [[Incomplete Codesign Exploit]] + [[IOSurface Kernel Exploit]] (together for [[Star]])
 
*[[Malformed CFF Vulnerability]] + [[Incomplete Codesign Exploit]] + [[IOSurface Kernel Exploit]] (together for [[Star]])
  +
*[[Packet Filter Kernel Exploit]] (together with [[limera1n]]'s bootrom exploit or the [[usb_control_msg(0xA1, 1) Exploit]])
   
 
===[[M68ap|iPhone]] / [[N82ap|iPhone 3G]] / [[N45ap|iPod touch]]===
 
===[[M68ap|iPhone]] / [[N82ap|iPhone 3G]] / [[N45ap|iPod touch]]===
Line 30: Line 31:
 
* [[ARM7 Go]] (used by [[tethered jailbreak]]s)
 
* [[ARM7 Go]] (used by [[tethered jailbreak]]s)
 
* [[0x24000 Segment Overflow]] (used on "MB" models for an [[untethered jailbreak]])
 
* [[0x24000 Segment Overflow]] (used on "MB" models for an [[untethered jailbreak]])
*[[usb_control_msg(0x21, 2) Exploit]] ([[tethered jailbreak|tethered]] for "MC" models)
+
*[[usb_control_msg(0x21, 2) Exploit]] ([[tethered jailbreak|tethered]] for units with the [[iBoot-240.5.1|new bootrom]])
*[[usb_control_msg(0xA1, 1) Exploit]] (used for a [[tethered jailbreak]] on "MC" models)
+
*[[usb_control_msg(0xA1, 1) Exploit]] (used for a [[tethered jailbreak]] on units with the [[iBoot-240.5.1|new bootrom]])
   
 
===[[N88ap|iPhone 3GS]]===
 
===[[N88ap|iPhone 3GS]]===
Line 37: Line 38:
 
* [[iBoot Environment Variable Overflow]]
 
* [[iBoot Environment Variable Overflow]]
 
* [[usb_control_msg(0x21, 2) Exploit]] ([[tethered jailbreak|tethered]] for newer devices)
 
* [[usb_control_msg(0x21, 2) Exploit]] ([[tethered jailbreak|tethered]] for newer devices)
  +
* [[limera1n]] ([[tethered jailbreak|tethered]] on its own, [[untethered jailbreak|untethered]] with an additional exploit)
 
===[[N90ap|iPhone 4]]===
 
* [[limera1n]] (BootRom tethered exploit for iPhone 4, 3GS; iPod Touches 3G and 4G; iPad and AppleTV 2G) + [[Comex]]`s Userland Exploit (Which makes limera1n in 4.1 Firmware untethered)
 
   
 
===[[N18ap|iPod touch 3G]]===
 
===[[N18ap|iPod touch 3G]]===
 
*[[usb_control_msg(0x21, 2) Exploit]] ([[tethered jailbreak|tethered]] only)
 
*[[usb_control_msg(0x21, 2) Exploit]] ([[tethered jailbreak|tethered]] only)
  +
* [[limera1n]] ([[tethered jailbreak|tethered]] on its own, [[untethered jailbreak|untethered]] with an additional exploit)
  +
  +
===[[N90ap|iPhone 4]]===
  +
* [[limera1n]]'s bootrom exploit ([[tethered jailbreak|tethered]] on its own, [[untethered jailbreak|untethered]] with an additional exploit)
  +
  +
===[[N81ap|iPod touch 4G]]===
  +
* [[limera1n]]'s bootrom exploit ([[tethered jailbreak|tethered]] on its own, [[untethered jailbreak|untethered]] with an additional exploit)

Revision as of 06:39, 17 January 2011

This is the process by which full execute and write access is obtained on all the partitions of the iPhone. It is done by patching /etc/fstab to mount the System partition as read-write. This is entirely different from an unlock. Jailbreaking is the first action that must be taken before things like unofficial activation (hacktivation), and unofficial unlocking can be applied.

The original jailbreak also included modifying the afc service (used by iTunes to access the filesystem) to give full filesystem access from root. This was later updated to create a new service (afc2) that allows access to the full filesystem.

Modern jailbreaks also include patching the kernel to get around code signing and other restrictions.

Exploits which were used in order to jailbreak (in chronological order)

1.0.2

  • Restore Mode (iBoot had a command named cp, which had access to the whole filesystem)

1.1.1

1.1.2

  • Mknod (an upgrade jailbreak)

1.1.3 / 1.1.4

Exploits which are used in order to jailbreak 2.0 and above

Userland (used for all devices)

iPhone / iPhone 3G / iPod touch

iPod touch 2G

iPhone 3GS

iPod touch 3G

iPhone 4

iPod touch 4G