Jailbreaking the iPhone Operating System
Jailbreaking
Brief History (Click to View)
The day the iPhone was released on June 29, of 2007 was revolutionary. But just a few weeks later, history made yet another mark with the iPhone.
The first Jailbreak was released on July 10, of 2007. The jailbreak was basic at the time, and just offered games that Apple didn't yet allow in the App Store. 'Jailbreaking' devices provides root access, which simply means, you can run any code you wish, to edit or improve Apple's software. As Apple updated their software, hackers and developers updated their methods of running their exploits. In October of 2007, a hacker known as Comex released a jailbreak that aimed at mobile safari, it enabled any user to simply browse a site, and jailbreak their device, with no computer needed. This was rather embarrassing on Apple's part, having iDevices in their own stores being jailbroken. So Apple quickly patched the exploit used, and released yet another software update. In the jailbreak community, it seems as if Apple and the Jailbreak developers are simply playing a cat and mouse game, throwing new surprises at each other as time goes on.
The first Jailbreak was released on July 10, of 2007. The jailbreak was basic at the time, and just offered games that Apple didn't yet allow in the App Store. 'Jailbreaking' devices provides root access, which simply means, you can run any code you wish, to edit or improve Apple's software. As Apple updated their software, hackers and developers updated their methods of running their exploits. In October of 2007, a hacker known as Comex released a jailbreak that aimed at mobile safari, it enabled any user to simply browse a site, and jailbreak their device, with no computer needed. This was rather embarrassing on Apple's part, having iDevices in their own stores being jailbroken. So Apple quickly patched the exploit used, and released yet another software update. In the jailbreak community, it seems as if Apple and the Jailbreak developers are simply playing a cat and mouse game, throwing new surprises at each other as time goes on.
What is 'Cydia'? (Click to View)
Now a days, when a user 'jailbreaks' their iDevice, an installer is installed.
This installer is famously known as "Cydia".
Cydia, is a 3rd party software manager, that keeps track of packages that the user has installed, along with sources. Cydia makes managing your jailbroken iDevice easy and user friendly!
This installer is famously known as "Cydia".
Cydia, is a 3rd party software manager, that keeps track of packages that the user has installed, along with sources. Cydia makes managing your jailbroken iDevice easy and user friendly!
Pros (Click to View)
Jailbreaking iDevices enables users to access every inch of their device, and its software. This being said... just about anything is possible!
Addons for apps, cheats for games, extensions, themes, and more!
Addons for apps, cheats for games, extensions, themes, and more!
Cons (Click to View)
Since jailbreaking enables users to basically remove all restraints that Apple puts on iDevice, you may be thinking.... Okay, what is the catch?
The cons are that you will lose warranty for the device, if it is broken.
However, if anything goes wrong, you can simply restore your device, and take it to an Apple store for it to be fixed! So a pretty big con, but all in all, worth the risk!
The cons are that you will lose warranty for the device, if it is broken.
However, if anything goes wrong, you can simply restore your device, and take it to an Apple store for it to be fixed! So a pretty big con, but all in all, worth the risk!
Tethered and Untethered Jailbreaks
Tethered Jailbreaks (Click to View)
A tethered jailbreak is a jailbreak, that basically disappears when a device is restarted. This means, that the device requires some form, of Re-jailbreak after every reboot. In order to apply the jailbreak after the device is turned back ON, a USB cable is needed to RE-run the jailbreak. A computer is needed for this process, that is why it is known as a Tethered jailbreak.
Why Tethered (Click to View)
You may be asking yourself, if a computer is needed to reboot the device, then why tether jailbreak your iDevice?
And the simple reason is, a tethered jailbreak only requires 1 exploit. The exploit only needs to be able to gain root access. Letting the user access anything. However, due to the bootrom of devices, root access is reset after every boot, clearing root access until jailbroken again. The most popular tethered exploit, is known as the Limera1n exploit, it is a hardware vulnerability that has been executable for nearly 3 years, letting users gain root access.
And the simple reason is, a tethered jailbreak only requires 1 exploit. The exploit only needs to be able to gain root access. Letting the user access anything. However, due to the bootrom of devices, root access is reset after every boot, clearing root access until jailbroken again. The most popular tethered exploit, is known as the Limera1n exploit, it is a hardware vulnerability that has been executable for nearly 3 years, letting users gain root access.
Untethered Jailbreaks (Click to View)
This is the recommended, and most favorable jailbreak. Unlike the tethered jailbreak, and untethered jailbreak does NOT require a computer to boot, which means after the device is turned off, access to root is not reset. An untethered jailbreak is more rare, and much harder to achieve than a tethered jailbreak. Reason being, most untethered jailbreaks, are a combination of a tethered jailbreak, along with many other exploits to patch the kernel (patching of jailbreak on boot). Nearly 6 exploits are needed to make a jailbreak untethered, making an untethered jailbreak rare, and harder to accomplish on each iOS update.
Semi-Tethered (Click to View)
When the first iOS 5 jailbreak was released, it was a tethered jailbreak. The tethered jailbreak had been the only option for months, and for hardcore jailbreak enthusiasts, was a pain! Well luckily, BigBoss (Great developer) had released a packaged called "SemiTether". This gave tethered users the option to have a Semi-tethered, and Semi-untethered jailbreak. It enabled the tethered users to boot their iDevice, but costed the user a few things. When the device is booted on its own, with the help of Semi, a few options are limited!
Pros
-Can boot up device
-Can use Phone and SMS
-Can use all stock applications
Cons ( Semi comes with a cost)
-ALL jailbroken apps will NOT work
-Mail app will not work in Semi state
-Device will take longer to boot
-Small mobile substrate problems may occur
(Respring loop; until boot tether device with Redsnow)
Pros
-Can boot up device
-Can use Phone and SMS
-Can use all stock applications
Cons ( Semi comes with a cost)
-ALL jailbroken apps will NOT work
-Mail app will not work in Semi state
-Device will take longer to boot
-Small mobile substrate problems may occur
(Respring loop; until boot tether device with Redsnow)
The Importance of SHSHs, and Saving Them
Basic Understanding (Click to View)
Apple is one of those companies, that if they don't want you to do something, then it will be nearly impossible to end up doing it. And downgrading your iDevice's firmware, is one of those things!
When an iDevice is restored, updated, or backed up on iTunes. It is logged, and sent to Apple, they like to know about their technology.
When a new firmware is released, Apple signs the firmware (giving it permission to be put onto your iDevice). When this process happens, your device logs this signed code from Apple, and stores it. This logged code, is called an SHSH. SHSHs are saved logs from Apple, that give your device permission to update to a certain firmware. When a new firmware comes out, Apple no longer signs previous firmwares. This means, that when a new firmware comes out, your options for previous SHSHs are burned.
When an iDevice is restored, updated, or backed up on iTunes. It is logged, and sent to Apple, they like to know about their technology.
When a new firmware is released, Apple signs the firmware (giving it permission to be put onto your iDevice). When this process happens, your device logs this signed code from Apple, and stores it. This logged code, is called an SHSH. SHSHs are saved logs from Apple, that give your device permission to update to a certain firmware. When a new firmware comes out, Apple no longer signs previous firmwares. This means, that when a new firmware comes out, your options for previous SHSHs are burned.
Reason to Save Them (Click to View)
When a jailbreak is released, Apple considers the jailbreak a security vulnerability. They take pride in being a secure OS, so they patch the jailbreak not long after release. And then, release a new firmware update.
This new firmware update, patched the jailbreak exploit, leaving this firmware unjailbreakable. This is when SHSHs come into play!
When a firmware has an untethered jailbreak available, it is recommended that you update to that firmware, jailbreak, and save the SHSHs. Reason being, if Apple releases a patched firmware, you will have the option to downgrade back to the jailbreakable firmware. This means SHSHs are VERY important!
This new firmware update, patched the jailbreak exploit, leaving this firmware unjailbreakable. This is when SHSHs come into play!
When a firmware has an untethered jailbreak available, it is recommended that you update to that firmware, jailbreak, and save the SHSHs. Reason being, if Apple releases a patched firmware, you will have the option to downgrade back to the jailbreakable firmware. This means SHSHs are VERY important!
How to Save Them (Click to View)
If you have not already realized, SHSHs can determine if you will have a jailbreak or not. Which is a very big deal to iOS enthusiasts ! Saying this, you need to save those SHSHs as soon as you can!
How do you do this? Well there are many options actually.
The first, is starting up Cydia. Going to the Home tab, and looking at the top of the page. Cydia is handy, and will occasionally grab your SHSHs automatically, which is nice of them. Check Cydia, it will say which SHSHs you have saved for your device, if it did not save them, do not worry. There are many other ways!
How do you do this? Well there are many options actually.
The first, is starting up Cydia. Going to the Home tab, and looking at the top of the page. Cydia is handy, and will occasionally grab your SHSHs automatically, which is nice of them. Check Cydia, it will say which SHSHs you have saved for your device, if it did not save them, do not worry. There are many other ways!
Saving with Tiny Umbrella (Click to View)
Another way to save your SHSHs includes using a program called "Tiny Umbrella". Note: Internet is needed for this process!
Start the program up, it will make libraries needed, then start the program. If a bubble comes up saying, Cydia has set SHSHs, that is fine, click "OK". Now plug your iDevice in, let computer recognize it and load up. Then on the left of the menu, it will show your iDevice. Click your device, then click "Save SHSH", this will grab any available SHSH's on your device. It was that easy!
Start the program up, it will make libraries needed, then start the program. If a bubble comes up saying, Cydia has set SHSHs, that is fine, click "OK". Now plug your iDevice in, let computer recognize it and load up. Then on the left of the menu, it will show your iDevice. Click your device, then click "Save SHSH", this will grab any available SHSH's on your device. It was that easy!
Saving with iFaith/Downgrading with iFaith (Click to View)
A program very similar to Tiny Umbrella, is called "iFaith". iFaith is pretty basic, and very user friendly! Start the program, a read warning will come up, saying if you paid for the program, then get your money back. Click okay, because you got it for free. You will see a menu with 4 options, the first being "Build *signed* IPSW w/ blobs" we will talk about this option later on!
The option under that is "Show available SHSH Caches on Server", this just shows which SHSHs Cydia has on file for your Device. The next option is "Dump SHSH Blobs", this is how we will save your SHSHs!
So click this option, it will tell you what this option will do, along with listing device and firmware compatibility! Assuming you match the standards, click "Proceed". Now credits, look at these names, thank the developers for their work, they work hard! Now click "let's go!". It will ask if you are dumping an Apple TV 2nd gen, this one is up to you! Click appropriate answer! Now you will be asked to put your Device into DFU mode, along with a tutorial. This is safe, and just part of the process. Follow the on screen prompts, and your SHSHs will be saved before you know it! Save your SHSHs in a safe place, saving them in multiple places is good! (The rest of this tutorial is only if you have saved SHSHs and wish to downgrade) Now that you have your iFaith SHSHs saved, is when the "Build *signed* IPSW w/ blobs" option comes in! Click it! Click "Browse for SHSH blobs cache" find them, select them! The program will load for a bit, then you can either have the program download the stock IPSW (firmware) file for you, or if you already have it downloaded, you can select which applies for you! Follow the process and it will make a *signed* firmware for you to downgrade your device with. Use the PWNed DFU mode option of iFaith to prep your device. Then go into iTunes, and hold down the shift button (for windows)/ Alt\Option key (for mac), and click restore for your device. Browse for the Signed IPSW you made earlier, and you will successfully downgrade! Congratulations!
Note: The most current version of iTunes is needed for this process!
The option under that is "Show available SHSH Caches on Server", this just shows which SHSHs Cydia has on file for your Device. The next option is "Dump SHSH Blobs", this is how we will save your SHSHs!
So click this option, it will tell you what this option will do, along with listing device and firmware compatibility! Assuming you match the standards, click "Proceed". Now credits, look at these names, thank the developers for their work, they work hard! Now click "let's go!". It will ask if you are dumping an Apple TV 2nd gen, this one is up to you! Click appropriate answer! Now you will be asked to put your Device into DFU mode, along with a tutorial. This is safe, and just part of the process. Follow the on screen prompts, and your SHSHs will be saved before you know it! Save your SHSHs in a safe place, saving them in multiple places is good! (The rest of this tutorial is only if you have saved SHSHs and wish to downgrade) Now that you have your iFaith SHSHs saved, is when the "Build *signed* IPSW w/ blobs" option comes in! Click it! Click "Browse for SHSH blobs cache" find them, select them! The program will load for a bit, then you can either have the program download the stock IPSW (firmware) file for you, or if you already have it downloaded, you can select which applies for you! Follow the process and it will make a *signed* firmware for you to downgrade your device with. Use the PWNed DFU mode option of iFaith to prep your device. Then go into iTunes, and hold down the shift button (for windows)/ Alt\Option key (for mac), and click restore for your device. Browse for the Signed IPSW you made earlier, and you will successfully downgrade! Congratulations!
Note: The most current version of iTunes is needed for this process!
FAQ
What is an IPSW? (Click to View)
An IPSW is a software file for the iOS.
IPSWs are often referred to as a firmware file.
IPSWs are often referred to as a firmware file.
Where can I get IPSW files? (Click to View)
There are numerous sites that host these files, but I prefer Felix Bruns. The host all of Apple's Mobile firmware files! Another good website to find IPSW files is iDownload Blog. They host many tools as well!
Can I share SHSHs? (Click to View)
An SHSH is basically a package of codes.
The codes are a combination of IDs, which are unique to each device.
This means, that you can NOT share SHSHs, since they are unique for each device.
The codes are a combination of IDs, which are unique to each device.
This means, that you can NOT share SHSHs, since they are unique for each device.