The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Jailbreak"
(→Exploits which were used in order to jailbreak (in chronological order)) |
(→Exploits which are used in order to jailbreak 2.0 and above) |
||
Line 25: | Line 25: | ||
* [[24kpwn]] |
* [[24kpwn]] |
||
===iPhone 3GS=== |
===iPhone 3GS=== |
||
− | All jailbreaks are using the [[24kpwn]] exploit |
+ | All jailbreaks are using the [[24kpwn]] exploit (to make it untethered), but an iBoot exploit is necessary as well because of the new [[ECID]] tag. |
− | ====3.0==== |
||
* [[iBoot Environment Variable Overflow]] |
* [[iBoot Environment Variable Overflow]] |
Revision as of 19:23, 18 July 2009
This is the process by which full execute and write access is obtained on all the partitions of the iPhone. It is done by patching /etc/fstab to mount the System partition as read-write. This is entirely different to an unlock. Jailbreaking is the first action that must be taken before things like non-official activation, and non-official unlocking, can proceed.
The original jailbreak also included modifying the afc service (service used by iTunes to access the filesystem) to give full filesystem access from root. This was later updated to creating a new service (afc2) that allows access to the full filesystem.
Modern jailbreaks also include patching the OS kernel to get around code-signing and other restrictions.
Contents
Exploits which were used in order to jailbreak (in chronological order)
1.0.2
- Restore Mode (iBoot had a command named cp, which had access to the whole filesystem)
1.1.1
- Symlinks (an upgrade jailbreak)
- libtiff exploit (Adapted from the PSP scene, used by Jailbreakme)
1.1.2
- Mknod (an upgrade jailbreak)
1.1.3 / 1.1.4
- Soft Upgrade (an upgrade jailbreak)
- Ramdisk Hack
Exploits which are used in order to jailbreak 2.0 and above
iPhone / iPhone 3G / iPod Touch
- Pwnage and Pwnage 2.0 (together)
iPod Touch 2G
iPhone 3GS
All jailbreaks are using the 24kpwn exploit (to make it untethered), but an iBoot exploit is necessary as well because of the new ECID tag.