Difference between revisions of "Jailbreak"

From The iPhone Wiki
Jump to: navigation, search
m (Exploits which was used in order to jailbreak (in chronological order))
Line 16: Line 16:
 
=== 1.1.4 ===
 
=== 1.1.4 ===
 
* [[Ramdisk Hack]]
 
* [[Ramdisk Hack]]
  +
  +
==Exploits which are used in order to jailbreak 2.0 and above==
  +
===iPhone / iPhone 3G / iPod Touch===
  +
* [[Pwnage]] and [[Pwnage 2.0]] (together)
  +
===iPod Touch 2G===
  +
* [[ARM7 Go]] (used by tethered jailbreaks)
  +
* [[24kpwn]]
  +
===iPhone 3GS===
  +
All jailbreaks are using the [[24kpwn]] exploit, but you need an iBoot exploit as well because of [[ECID]].
  +
====3.0====
  +
* [[iBoot Environment Variable Overflow]]

Revision as of 16:38, 18 July 2009

This is the process by which full execute and write access is obtained on all the partitions of the iPhone. It is done by patching /etc/fstab to mount the System partition as read-write. This is entirely different to an unlock. Jailbreaking is the first action that must be taken before things like non-official activation, and non-official unlocking, can proceed.

The original jailbreak also included modifying the afc service (service used by iTunes to access the filesystem) to give full filesystem access from root. This was later updated to creating a new service (afc2) that allows access to the full filesystem.

Modern jailbreaks also include patching the OS kernel to get around code-signing and other restrictions.


Exploits which were used in order to jailbreak (in chronological order)

1.0.2

  • Restore Mode (iBoot had a command named cp, which had access to the whole filesystem)

1.1.1

1.1.2 / 1.1.3

  • Mknod (an update jailbreak)

1.1.4

Exploits which are used in order to jailbreak 2.0 and above

iPhone / iPhone 3G / iPod Touch

iPod Touch 2G

iPhone 3GS

All jailbreaks are using the 24kpwn exploit, but you need an iBoot exploit as well because of ECID.

3.0