The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Jailbreak"
Guyutongxue (talk | contribs) m (→Versions: add 16.x) |
|||
(857 intermediate revisions by 49 users not shown) | |||
Line 1: | Line 1: | ||
+ | {{float toc|right}} |
||
− | This is the process by which full execute and write access is obtained on all the partitions of the iPhone. It is done by editing /etc/fstab to make things on disk0s2 executable, and make things on disk0s1 writable. This is entirely different to an [[unlock]]. Jailbreaking is the first action that must be taken before things like Activation, and usually Unlocking, can proceed. |
||
+ | The term "'''jailbreak'''" is the process by which full execute and write access is obtained on all the partitions of iOS, iPadOS, tvOS and watchOS. It used to be done by patching [[/private/etc/fstab]] to mount the System partition as 'read-write'. This is entirely different from an [[unlock]]. Jailbreaking is the first action that must be taken before things like unofficial [[activation]] (hacktivation), and unofficial [[unlock]]ing can be applied. |
||
+ | Older jailbreaks also included modifying the [[AFC]] service (used by [[iTunes]] to access the filesystem) to give full filesystem access from root. This was later updated to create a new service ([[AFC]]2) that allows access to the full filesystem. |
||
− | {{Infobox Information appliance |
||
+ | |||
− | |name = iPhone |
||
+ | Modern jailbreaks now include patching the kernel to get around code signing and other restrictions. These are called [[Kernel Patches]]. |
||
− | | image = [[Image:IPhone EDGE and 3G.png|281px]] |
||
+ | |||
− | | caption = The original iPhone (left), and the second iteration, with 3G (right). |
||
+ | '''Note''': The legality of jailbreaking your device varies with each country/region. [[wikipedia:iOS jailbreaking#Legality|Wikipedia has a summary of legality for some countries]]. |
||
− | | image-size = 200px |
||
+ | |||
− | | manufacturer = [[Apple Inc.]] |
||
+ | == Types of Jailbreaks == |
||
− | | carrier = {{Portal:Apple Inc./iPhone Carriers}} |
||
+ | When a device is booting, it loads Apple's own [[kernel]] initially, so a jailbroken device must be exploited and have the kernel patched each time it is booted up. |
||
− | | available = Original: June 29, 2007<ref name=Original_release /><br />3G: July 11, 2008<ref name="tuaw">{{cite web|url = http://www.tuaw.com/2008/06/09/iphone-3g-announced/ |title = iPhone 3G announced - The Unofficial Apple Weblog (TUAW) |accessdate = 2008-06-10 |author = Posted Jun 9th 2008 2:39PM by Robert PalmerFiled under: WWDC |coauthors = iPhone}}</ref> |
||
+ | |||
− | | screen = 480×320 [[pixel|px]], {{convert|3.5|in|mm|abbr=on}}, [[color]] [[liquid crystal display|LCD]], 3:2 [[aspect ratio (image)|aspect ratio]], capable of up to 262,144 colors. |
||
+ | An [[untethered jailbreak|'''untethered''' jailbreak]] uses exploits that are powerful enough to allow the user to turn their device off and back on at will, with the device starting up completely, and the kernel will be patched without the help of a computer – in other words, it will be jailbroken even after each reboot. |
||
− | | camera = 2.0 [[pixel#Megapixel|megapixel]] |
||
+ | |||
− | | operatingsystem = [[iPhone OS]] 2.2 (Build 5G77) |
||
+ | However, some jailbreaks are [[tethered jailbreak|'''tethered''']]. A tethered jailbreak is only able to temporarily jailbreak the device during a single boot. If the user turns the device off and then boots it back up without the help of a jailbreak tool, the device will no longer be running a patched kernel, and it may get stuck in a partially started state, such as [[Recovery Mode]]. In order for the device to start completely and with a patched kernel, it must be "re-jailbroken" with a computer (using the "boot tethered" feature of a tool) each time it is turned on. All changes to the files on the device (such as installed package files or edited system files) will persist between reboots, including changes that can only function if the device is jailbroken (such as installed package files). |
||
− | | input = 4 hardware buttons and [[Multi-touch]] [[touchscreen]] |
||
+ | |||
− | | cpu = 620 [[megahertz|MHz]] [[ARM architecture|ARM]] 1176,<ref>[http://www.engadget.com/2007/07/01/iphone-processor-found-620mhz-arm/ iPhone processor found: 620 MHz ARM CPU] ([[2007-07-01]] {{accessdate|2008-01-06}}</ref> [[underclocking|underclocked]] to 412 MHz<ref name=autogenerated1 /><br />GPU: [[PowerVR]] MBX Lite 3D<ref>[http://www.roughlydrafted.com/2008/03/20/iphone-20-sdk-video-games-to-rival-nintendo-ds-sony-psp/ iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony PSP] {{accessdate|2008-05-05}}</ref> |
||
+ | In more recent years, two other solutions have been created - '''semi-tethered''' and '''semi-''un''tethered'''. |
||
− | | ringtone = [[iTunes Store]] via [[iTunes]], custom creation using [[GarageBand]]<ref name=GarageBand1/> or other tool |
||
+ | |||
− | | memory = 128 [[megabyte|MB]] [[Dynamic random access memory|DRAM]]<ref name=autogenerated2 /> |
||
+ | A [[semi-tethered jailbreak|'''semi-tethered''']] solution is one where the device is able to start up on its own, but it will no longer have a patched kernel, and therefore will not be able to run modified code. It will, however, still be usable for normal functions, just like stock iOS. To start with a patched kernel, the user must start the device with the help of the jailbreak tool. |
||
− | | storage = [[Flash memory]] 4, 8, or 16 [[gigabyte|GB]] |
||
+ | |||
− | | networks = [[Quad band]] [[GSM]] [[GSM frequency ranges|850 900 1800 1900]] [[General Packet Radio Service|GPRS]]/[[Enhanced Data Rates for GSM Evolution|EDGE]]<br />3G also includes: [[Tri band]] [[Universal Mobile Telecommunications System|UMTS]]/[[High-Speed Downlink Packet Access|HSDPA]] [[UMTS frequency bands|850, 1900, 2100]], [[Assisted GPS|A-GPS]]<ref name=3G_tech_specs /> |
||
+ | A [[semi-untethered jailbreak|'''semi-''un''tethered''']] jailbreak gives the ability to start the device on it's own. On first boot, the device will not be running a patched kernel. However, rather than having to run a tool from a computer to apply the kernel patches, the user is able to re-jailbreak their device with the help of an app (usually sideloaded using [[Cydia Impactor]]) running on their device. In the case of the iOS 9.2-9.3.3 jailbreak, a Safari-based exploit was available, thereby meaning a website could be used to rejailbreak. |
||
− | | connectivity = [[Dock connector]] (with [[USB]] & [[FireWire]] adapter cables,<small> FireWire for charging original only</small>)<br />[[TRS connector#Aircraft headsets|Headphone jack]]<br />[[Wi-Fi]] ([[802.11b/g]])<br />[[Bluetooth#Bluetooth 2.0|Bluetooth 2.0+EDR]] |
||
+ | |||
− | | battery = 1400 mAh [[Lithium-ion polymer battery]] <ref name=battery_specs>{{cite web|url=http://www.ipodbatteryfaq.com/ipodbatteryandpower.html|title=iPod and iPhone Battery and Power Specifications|accessdate=2008-10-03}}</ref> |
||
+ | In more detail: Each iOS device has a [[bootchain]] that tries to make sure only trusted/signed code is loaded. A device with a tethered jailbreak is able to boot up with the help of a jailbreaking tool because the tool executes exploits via USB that bypass parts of that "chain of trust", bootstrapping to a [[pwned]] (no [[Signature Check Patch|signature check]]) [[iBSS]], [[iBEC]], or [[iBoot (Bootloader)|iBoot]] to finish the boot process. |
||
− | | form = [[Bar (form)|Candybar]] [[Smartphone]] |
||
+ | |||
− | | size = '''Original:'''<br />4.5 in (115 mm) ''(h)''<br />2.4 in (61 mm) ''(w)''<br />0.46 in (11.6 mm) ''(d)''<br />'''3G:'''<br />4.5 in (115.5 mm) ''(h)''<br />2.4 in (62.1 mm) ''(w)''<br />0.48 in (12.3 mm) ''(d)'' |
||
+ | == Jailbreak Tools == |
||
− | | weight = Original: {{convert|135|g|oz|abbr=on}}<br />3G: {{convert|133|g|oz|abbr=on}} |
||
+ | Untethered or semi-untethered jailbreaks are shown with a green 'yes'. Tethered or semi-tethered jailbreaks will be stated in a yellow box. [[Beta Firmware]]s are not listed. |
||
− | | music = [[iTunes Wi-Fi Music Store]]<br />[[iPod]]<br />[[H.264/MPEG-4 AVC|H.264]] ([[YouTube]]) |
||
+ | |||
− | | related = [[iPod Touch]] |
||
+ | ===Versions=== |
||
− | | other = |
||
+ | * [[Jailbreak/1.x|1.x]] |
||
− | }} |
||
+ | * [[Jailbreak/2.x|2.x]] |
||
+ | * [[Jailbreak/3.x|3.x]] |
||
+ | * [[Jailbreak/4.x|4.x]] |
||
+ | * [[Jailbreak/5.x|5.x]] |
||
+ | * [[Jailbreak/6.x|6.x]] |
||
+ | * [[Jailbreak/7.x|7.x]] |
||
+ | * [[Jailbreak/8.x|8.x]] |
||
+ | * [[Jailbreak/9.x|9.x]] |
||
+ | * [[Jailbreak/10.x|10.x]] |
||
+ | * [[Jailbreak/11.x|11.x]] |
||
+ | * [[Jailbreak/12.x|12.x]] |
||
+ | * [[Jailbreak/13.x|13.x]] |
||
+ | * [[Jailbreak/14.x|14.x]] |
||
+ | * [[Jailbreak/15.x|15.x]] |
||
+ | * [[Jailbreak/16.x|16.x]] |
||
+ | |||
+ | ==See Also== |
||
+ | * [[Failbreak]] |
||
+ | * [[Jailbreak Exploits]] |
||
+ | * [[Kernel Patches]] |
||
+ | |||
+ | [[Category:Jailbreaking]] |
Latest revision as of 10:55, 13 February 2023
The term "jailbreak" is the process by which full execute and write access is obtained on all the partitions of iOS, iPadOS, tvOS and watchOS. It used to be done by patching /private/etc/fstab to mount the System partition as 'read-write'. This is entirely different from an unlock. Jailbreaking is the first action that must be taken before things like unofficial activation (hacktivation), and unofficial unlocking can be applied.
Older jailbreaks also included modifying the AFC service (used by iTunes to access the filesystem) to give full filesystem access from root. This was later updated to create a new service (AFC2) that allows access to the full filesystem.
Modern jailbreaks now include patching the kernel to get around code signing and other restrictions. These are called Kernel Patches.
Note: The legality of jailbreaking your device varies with each country/region. Wikipedia has a summary of legality for some countries.
Types of Jailbreaks
When a device is booting, it loads Apple's own kernel initially, so a jailbroken device must be exploited and have the kernel patched each time it is booted up.
An untethered jailbreak uses exploits that are powerful enough to allow the user to turn their device off and back on at will, with the device starting up completely, and the kernel will be patched without the help of a computer – in other words, it will be jailbroken even after each reboot.
However, some jailbreaks are tethered. A tethered jailbreak is only able to temporarily jailbreak the device during a single boot. If the user turns the device off and then boots it back up without the help of a jailbreak tool, the device will no longer be running a patched kernel, and it may get stuck in a partially started state, such as Recovery Mode. In order for the device to start completely and with a patched kernel, it must be "re-jailbroken" with a computer (using the "boot tethered" feature of a tool) each time it is turned on. All changes to the files on the device (such as installed package files or edited system files) will persist between reboots, including changes that can only function if the device is jailbroken (such as installed package files).
In more recent years, two other solutions have been created - semi-tethered and semi-untethered.
A semi-tethered solution is one where the device is able to start up on its own, but it will no longer have a patched kernel, and therefore will not be able to run modified code. It will, however, still be usable for normal functions, just like stock iOS. To start with a patched kernel, the user must start the device with the help of the jailbreak tool.
A semi-untethered jailbreak gives the ability to start the device on it's own. On first boot, the device will not be running a patched kernel. However, rather than having to run a tool from a computer to apply the kernel patches, the user is able to re-jailbreak their device with the help of an app (usually sideloaded using Cydia Impactor) running on their device. In the case of the iOS 9.2-9.3.3 jailbreak, a Safari-based exploit was available, thereby meaning a website could be used to rejailbreak.
In more detail: Each iOS device has a bootchain that tries to make sure only trusted/signed code is loaded. A device with a tethered jailbreak is able to boot up with the help of a jailbreaking tool because the tool executes exploits via USB that bypass parts of that "chain of trust", bootstrapping to a pwned (no signature check) iBSS, iBEC, or iBoot to finish the boot process.
Jailbreak Tools
Untethered or semi-untethered jailbreaks are shown with a green 'yes'. Tethered or semi-tethered jailbreaks will be stated in a yellow box. Beta Firmwares are not listed.