Difference between revisions of "Untethered jailbreak"

From The iPhone Wiki
Jump to: navigation, search
m
Line 2: Line 2:
   
 
== Untethered exploits ==
 
== Untethered exploits ==
Any [[M68AP|iPhone]], [[N45AP|iPod touch]], [[N82AP|iPhone 3G]], [[N88AP|iPhone 3GS]] (running the [[Bootrom 359.3|old bootrom]]) or [[N72AP|iPod touch 2G]] (running the [[Bootrom 240.4|old bootrom]]) can be jail broken untethered no matter what version it is running. These devices have bootrom exploits that are able to jailbreak untethered - namely [[Pwnage 2.0]] and [[0x24000 Segment Overflow]].
+
Any [[M68AP|iPhone]], [[N45AP|iPod touch]], [[N82AP|iPhone 3G]], [[N88AP|iPhone 3GS]] (running the [[Bootrom 359.3|old bootrom]]) or [[N72AP|iPod touch (2nd generation)]] (running the [[Bootrom 240.4|old bootrom]]) can be jail broken untethered no matter what version it is running. These devices have bootrom exploits that are able to jailbreak untethered - namely [[Pwnage 2.0]] and [[0x24000 Segment Overflow]].
   
 
==Different Types==
 
==Different Types==

Revision as of 12:27, 23 March 2017

An untethered jailbreak uses exploits that are powerful enough to allow the user to turn their device off and back on at will, with the device starting up completely, and the kernel will be patched without the help of a computer – in other words, it will be jailbroken even after each reboot.

Untethered exploits

Any iPhone, iPod touch, iPhone 3G, iPhone 3GS (running the old bootrom) or iPod touch (2nd generation) (running the old bootrom) can be jail broken untethered no matter what version it is running. These devices have bootrom exploits that are able to jailbreak untethered - namely Pwnage 2.0 and 0x24000 Segment Overflow.

Different Types

There are 2 types of untethered jailbreaks: Patched LLB-based and kernel hacks. For a patched LLB-based jailbreak, an untethered bootrom dump (such as 24kpwn or Pwnage 2.0) is required. This type of jailbreak patches the LLB so that it does not check the firmware at bootup, allowing for a pwned kernel or a custom bootlogo to be uploaded to the system.

The second type, which hacks the kernel, uploads the unpwned kernel, which the system then checks for a signature, then a kernel exploit is uploaded and the kernel is being patched and changed to run unsigned code. After the exploit, the bootlogo can be changed. A userland exploit was used before the kernel exploit in order to bypass the iBoot signature checks before the kernel exploit.

See Also