Untethered jailbreak

From The iPhone Wiki
Jump to: navigation, search

An untethered jailbreak uses exploits that are powerful enough to allow the user to turn their device off and back on at will, with the device starting up completely, and the kernel will be patched without the help of a computer – in other words, it will be jailbroken even after each reboot.

Untethered exploits

Any iPhone, iPod touch, iPhone 3G, iPhone 3GS (running the old bootrom) or iPod touch (2nd generation) (running the old bootrom) can be jail broken untethered no matter what version it is running. These devices have bootrom exploits that are able to jailbreak untethered - namely Pwnage 2.0 and 0x24000 Segment Overflow.

Different Types

There are 2 types of untethered jailbreaks: Patched LLB-based and kernel hacks. For a patched LLB-based jailbreak, an untethered bootrom dump (such as 24kpwn or Pwnage 2.0) is required. This type of jailbreak patches the LLB so that it does not check the firmware at bootup, allowing for a pwned kernel or a custom bootlogo to be uploaded to the system.

The second type, which hacks the kernel, uploads the unpwned kernel, which the system then checks for a signature, then a kernel exploit is uploaded and the kernel is being patched and changed to run unsigned code. After the exploit, the bootlogo can be changed. A userland exploit was used before the kernel exploit in order to bypass the iBoot signature checks before the kernel exploit.

See Also