The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Tethered jailbreak"
(explaining more, and removing sentence that doesn't make sense) |
m |
||
(6 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
+ | A '''tethered jailbreak''' is only able to temporarily jailbreak the device during a single boot. If the user turns the device off and then boots it back up without the help of a jailbreak tool, the device will no longer be running a patched kernel, and it may get stuck in a partially started state, such as [[Recovery Mode]]. In order for the device to start completely and with a patched kernel, it must be "re-jailbroken" with a computer (using the "boot tethered" feature of a tool) each time it is turned on. All changes to the files on the device (such as installed package files or edited system files) will persist between reboots. |
||
− | A device with a '''tethered jailbreak''' has to be plugged into a computer while booting up, so that a jailbreaking program (like [[redsn0w]]) can help the device boot up jailbroken. It is called a "tethered" jailbreak because your device has to be ''attached'' to a computer to boot up properly. |
||
+ | == Using a tethered jailbreak == |
||
− | == Technical detail == |
||
+ | To boot tethered, their user must plug the device into a computer and run the jailbreak tool to "boot tethered". |
||
+ | If a user attempts to boot the device without using a computer, the device will either be stuck at the Apple logo, in [[Recovery Mode]], or in a seemingly "un-jailbroken" state where [[Cydia.app|Cydia]], Mail, and Safari crash (and jailbreak-only tweaks/themes don't work) - until you boot tethered. |
||
− | When a device is booting, it loads Apple's own [[kernel]] initially, so a jailbroken device must be exploited and have the kernel patched each time it is booted up. |
||
+ | == Tethered exploits == |
||
− | An [[untethered jailbreak|'''untethered''' jailbreak]] includes powerful enough exploits that if the user turns the device off and back on, the device will start up completely, and the kernel will be patched without the help of a computer – in other words, it will be jailbroken after each reboot. |
||
+ | The [[limera1n Exploit]] and other [[bootrom]] exploits can be used to tethered jailbreak older devices on any iOS version, because bootrom exploits take advantage of code that is permanently embedded in the device's hardware, which Apple cannot update with iOS updates. Those tools do usually need minor software updates (not exploit-related) to explicitly support new iOS versions. They also use additional exploits (specific to each iOS version) to produce untethered jailbreaks when possible. |
||
+ | The initial jailbreak for the [[N72AP|iPod touch (2nd generation)]] was tethered, until the hybrid dev team released the [[0x24000 Segment Overflow]]. The codename for the tethered jailbreak was [[redsn0w Lite]]. |
||
− | But a device with a '''tethered''' jailbreak is only temporarily jailbroken during a single boot of the phone. If the device turns off and then boots back up without the help of a jailbreaking tool, the device will no longer be running a patched kernel, and it may get stuck in a partially started state. In order for it to start completely and with a patched kernel, it essentially must be "re-jailbroken" with a computer (using the "boot tethered" feature of a jailbreaking tool) each time it is turned on. All changes to the files on the device (such as installed tweaks or edited system files) will persist between reboots, including changes that can only function if the device is jailbroken (such as tweaks). |
||
+ | ==See Also== |
||
− | A device with a tethered jailbreak may be able to have a '''semi-tethered''' solution, which means that when the device starts up on its own, it will no longer have a patched kernel (so it will not be able to run modified code), but it will still be usable for normal functions. With a semi-tethered solution, the user can also choose to start the device with the help of the jailbreaking tool in order for it to start with a patched kernel (jailbroken). |
||
+ | *[[Jailbreak]] |
||
+ | *[[Jailbreak Exploits]] |
||
+ | *[[Untethered jailbreak]] |
||
+ | *[[Semi-tethered jailbreak]] |
||
+ | *[[Semi-untethered jailbreak]] |
||
+ | [[Category:Jailbreaking]] |
||
− | In more detail: Each iOS device has a [[bootchain]] that tries to make sure only trusted/signed code is loaded. A device with a tethered jailbreak is able to boot up with the help of a jailbreaking tool because the tool executes exploits via USB that bypass parts of that "chain of trust", bootstrapping to a [[pwned]] (no [[Signature Check Patch|signature check]]) [[iBSS]], [[iBEC]], or [[iBoot (Bootloader)|iBoot]] to finish the boot process. |
||
− | |||
− | == Using a tethered (or semi-tethered) jailbreak == |
||
− | |||
− | To boot tethered, you need to plug your device into a computer, open the software that you used to jailbreak it, and find its tethered boot option. For [[redsn0w]]: click "Extras" and then click "Just boot". |
||
− | |||
− | If you don't boot tethered when you boot up the device, the device will either be (A) stuck at the Apple logo or (B) boot up into a seemingly "un-jailbroken" state where Cydia, Mail, and Safari crash (and jailbreak-only tweaks/themes don't work) - until you plug the device into a computer, open your tethered boot program (for example redsn0w), and follow its instructions. The situation in (B) is often called a '''semi-tethered jailbreak'''. |
||
− | |||
− | Tethered jailbreaks behave semi-tethered by default. If you install Mobile Substrate tweaks, your device will still be semi-tethered. But if you install Notification Center plugins that don't depend on WeeLoader, your device will no longer be semi-tethered – unless you also install the [http://thebigboss.org/semitethered-jailbreak BigBoss semitether package]. |
||
− | |||
− | == Tethered jailbreaking tools == |
||
− | |||
− | [[redsn0w]] and [[sn0wbreeze]] are permanently able to use [[limera1n Exploit|limera1n]] and other [[bootrom]] exploits to jailbreak older devices tethered on any iOS version (including iPhone 3GS, iPhone 4, iPod touch 3rd generation, iPod touch 4th generation, iPad 1, and Apple TV 2G), because bootrom exploits take advantage of code that is permanently embedded in the device's hardware, which Apple cannot update with iOS updates. Those tools do usually need minor software updates (not exploit-related) to explicitly support new iOS versions. They also use additional exploits (specific to each iOS version) to produce untethered jailbreaks when possible. |
||
− | |||
− | The initial jailbreak for the [[N72ap|iPod touch 2G]] was tethered, until the hybrid dev team released the [[0x24000 Segment Overflow]]. The codename for the tethered jailbreak was [[redsn0w Lite]]. |
Latest revision as of 09:26, 26 March 2017
A tethered jailbreak is only able to temporarily jailbreak the device during a single boot. If the user turns the device off and then boots it back up without the help of a jailbreak tool, the device will no longer be running a patched kernel, and it may get stuck in a partially started state, such as Recovery Mode. In order for the device to start completely and with a patched kernel, it must be "re-jailbroken" with a computer (using the "boot tethered" feature of a tool) each time it is turned on. All changes to the files on the device (such as installed package files or edited system files) will persist between reboots.
Using a tethered jailbreak
To boot tethered, their user must plug the device into a computer and run the jailbreak tool to "boot tethered".
If a user attempts to boot the device without using a computer, the device will either be stuck at the Apple logo, in Recovery Mode, or in a seemingly "un-jailbroken" state where Cydia, Mail, and Safari crash (and jailbreak-only tweaks/themes don't work) - until you boot tethered.
Tethered exploits
The limera1n Exploit and other bootrom exploits can be used to tethered jailbreak older devices on any iOS version, because bootrom exploits take advantage of code that is permanently embedded in the device's hardware, which Apple cannot update with iOS updates. Those tools do usually need minor software updates (not exploit-related) to explicitly support new iOS versions. They also use additional exploits (specific to each iOS version) to produce untethered jailbreaks when possible.
The initial jailbreak for the iPod touch (2nd generation) was tethered, until the hybrid dev team released the 0x24000 Segment Overflow. The codename for the tethered jailbreak was redsn0w Lite.