Difference between revisions of "Jailbreak"

From The iPhone Wiki
Jump to: navigation, search
(iPod Touch 2G)
(iPod Touch 2G)
Line 21: Line 21:
 
* [[Pwnage]] and [[Pwnage 2.0]] (together)
 
* [[Pwnage]] and [[Pwnage 2.0]] (together)
 
===iPod Touch 2G===
 
===iPod Touch 2G===
* [[ARM7 Go]] (used by tethered jailbreaks but also in the untethered jailbreak to flash the required oversized LLB, thus allowing exploitation of the [[24Kpwn]] vulnerability)
+
* [[ARM7 Go]] (used by tethered jailbreaks but also in the untethered jailbreak to flash the required oversized LLB, thus allowing exploitation of the [[24kpwn|24Kpwn]] vulnerability)
* [[24kpwn|24kpwn]]
+
* [[24kpwn]]
   
 
===iPhone 3GS===
 
===iPhone 3GS===

Revision as of 19:57, 26 July 2009

This is the process by which full execute and write access is obtained on all the partitions of the iPhone. It is done by patching /etc/fstab to mount the System partition as read-write. This is entirely different from an unlock. Jailbreaking is the first action that must be taken before things like unofficial activation (hacktivation), and unofficial unlocking can be applied.

The original jailbreak also included modifying the afc service (used by iTunes to access the filesystem) to give full filesystem access from root. This was later updated to create a new service (afc2) that allows access to the full filesystem.

Modern jailbreaks also include patching the kernel to get around code signing and other restrictions.

Exploits which were used in order to jailbreak (in chronological order)

1.0.2

  • Restore Mode (iBoot had a command named cp, which had access to the whole filesystem)

1.1.1

1.1.2

  • Mknod (an upgrade jailbreak)

1.1.3 / 1.1.4

Exploits which are used in order to jailbreak 2.0 and above

iPhone / iPhone 3G / iPod Touch

iPod Touch 2G

  • ARM7 Go (used by tethered jailbreaks but also in the untethered jailbreak to flash the required oversized LLB, thus allowing exploitation of the 24Kpwn vulnerability)
  • 24kpwn

iPhone 3GS