Hacking and securing the iPhone, iPad and iPod Touch 2: iOS jailbreaking

Read previous: Hacking and securing the iPhone, iPad and iPod Touch: iOS features

In this part of the talk, Diana Kelley explains whether it’s legal to jailbreak the iOS and clarifies the difference between tethered and untethered jailbreak.

Essence and benefits of jailbreak

Essence and benefits of jailbreak

So what is jailbreaking? Jailbreaking is essentially breaking out, it’s becoming ‘root’, it’s the ability to super-use on your iOS. And it means that you can install applications that aren’t in the App Store.

It’s the same as if you super-use on Unix. It’s as if you were becoming an administrator if you ever used a Windows system. You set the full control of the operating system on the device. And all of the time that we are using an unbroken iOS device we are not the ‘root’, we are not the Administrator – we are users. Jailbreaking essentially gives you the ability to become the ‘root’.

It also means that you can get apps that aren’t approved, that aren’t code signed, that aren’t in the App Store. You can get them installed on there. So it is a number one reason for people to jailbreak. I also think the number one reason for a lot of people to jailbreak is to get the apps that are not in the App Store. Though I think for hackers (I mean hacking as a traditional engineering, you know from the 60s, 70s definition of it), I think their reason is just curiosity: “How do I take this apart? I cannot actually understand how to use this unless I take it apart, so let me go ahead and take this operating system apart”.

Also some people do this to unlock the SIM. So this is another thing. I think this is where this really hit the media the most. You don’t like AT&T for example. So how are you gonna be able to use it if you love the iPhone, how are you gonna be able to use it outside of AT&T? Well, you can actually get SIM unlock software. But Apple don’t really want to distribute SIM unlocking software in App Store, so where you can get it and use great device is in Cydia1. Cydia is where the alternative App Store is. And then, the last reason for jailbreaking is just for getting an increased control.

Jailbreaking - legal and safe

Jailbreaking - legal and safe

This question comes up a lot – is it legal? So if you’re gonna go ahead and jailbreak your device, and maybe somebody is coming here to find out how to jailbreak it at their home out of curiosity and jailbreak afterwards, probably you wanna know if what I am doing is against the law. Or what if you are an auditor or a security person and you wanna make a policy that your employees can’t jailbreak. Can you say we can’t do it because it’s illegal? No, you can’t, it’s perfectly legal to jailbreak your phone. And it is regarded as ‘fair use’ under the Digital Millennium Copyright Act2. It has been found to be ‘fair use’, so you are not gonna go to jail for this.

And you may have heard some stuff about jailbreaking with somebody who often gets associated with iOS. You can actually use one of his pieces of software. His name is George Hotz. He goes by the handle Geohot. And he was just in court against Sony because he likes to jailbreak stuff. So now that he has jailbroken the iOS, he has jailbroken the PSP. So Sony took him to court and they’ve settled. He is not going to jail. You may have heard his name in relation to Sony. Once again, the DMCA has protected the jailbreaking in general, it’s ‘fair use’ if you’re gonna jailbreak, specifically if you’re gonna jailbreak your iPod or your iPad.

But it’s gonna do that second bullet down there, which I am sure you’ve already read. So you spend a lot of money on your device. You get your targeted best buy, and you buy your Apple device, jailbreak it, it’s not gonna be under warranty anymore. So that’s something to consider.

It won’t break it, we don’t think. I’ve jailbroken this a number of times. Not sure I trust it to do anything on here because I keep jailbreaking and un-jailbreaking it, but it will not stop your device from working. I’ll show you how to restore, it’s completely doable. You got a phone, you’re still gonna be able to make your own phone calls. You can un-jailbreak it by going back and using your iTunes to actually do a full restore if you want to. And you can do a complete un-jailbreak, which really just takes it right back to the default, I mean complete restore, it’s not actually called un-jailbreaking. Or you can restore the things you have backed up like your photos and pictures.

iOS jailbreaking process details

iOS jailbreaking process details

So how do you do this? Well, there are some freely available tools that you can get to actually go ahead and do the jailbreaking. They are free, George Hotz’s stuff is one of them. Most of this stuff is built on other researchers’ information.

But this is an ‘arms race’. So the software I am gonna show you today is not listed in your slides, and I actually don’t have screen captures of the software, one of the pieces of the software I am gonna show you today. The reason is that it came out this week, so I didn’t have time to capture it for you guys, as you can imagine these slides were done much earlier.

Why did it come out on Monday? Because there is a complete ‘arms race’. Every time a developer figures out how to jailbreak – and it’s really a few developers that are actively in race – but every time they release a new version of the jailbreak tool, Apple releases a new version of the phoneware. And so it goes back and forth. I actually have a slide, I’ll show you, where you can see this back and forth going on really. When I actually did all these screenshots I used an older version, it was George Hotz’s LimeRain. And now you see the newer solutions, the RedSnow is being wrapped around the LimeRain break because this is just very, very fast.

Tethered versus untethered – this is another thing. Sometimes the jailbreakers would figure out how to jailbreak but they cannot get it in untethered mode, so you might hear that, you know: “Yes, they got it broken but it’s tethered”. First time I heard that I was like: “Whatever”. So tethered versus untethered goes down to whether you can reboot the device when it is attached to the PC or not. If it is an untethered jailbreak, you can go ahead and reboot it without having to be connected.

As the breaks come, sometimes it is easier to get the jailbreak for the new version of the iOS but it is tethered, and then you’ll see a few days later, oh they’ve developed one which is untethered. So you may hear a lot of chatter about it like – is it tethered or untethered.

Is it hard to jailbreak? No. It is really not, but it depends on your iOS version, how easy it is gonna be, and it also depends on whether or not you’ve got the latest version, whether you’ve tested it, whether it is working, because some of these work a little bit better than others. When I wrote this I set the jailbreak for iOS 4.2, this was accurate at the time that I wrote it. This is out of date now. So it’s all moving very fast. There were all tethered now. They were all tethered up to 4.3.2 version, and they are untethered as of Monday.



So again, depends on the iOS version. If you really got an old version you might think: “I don’t want to update my iOS, I’m fine, it’s like version 4 and it is good”. If you are back away with your iOS on your device, you’ve got one of the easiest ways to jailbreak of all, because there were a lot of holes that allow jailbreaking back in the day. So if you are 4.0.1 or earlier and you’ve got your device with you, let me show you what you have to do. Go to this website – www.jailbreakme.com from your device if you want (see image). Warning, warning – you know you’re gonna void the warranty and everything I said about.

So if you are not the kind of person that’s been updating frequently, then you can go ahead and do it easily. So that’s what you get. This is how easy it is.

Read next: Hacking and securing the iPhone, iPad and iPod Touch 3: jailbreaking tools

1Cydia is a software application for iOS that enables a user to find and install software packages (including apps, interface customizations, tweaks and system extensions) on a jailbroken iPhone, iPod Touch or iPad.

2Digital Millennium Copyright Act (DMCA) is a United States copyright law that criminalizes production and dissemination of technology, devices, or services intended to circumvent measures (commonly known as digital rights management, or DRM) that control access to copyrighted works.

Like This Article? Let Others Know!
Related Articles:

Comments are closed.

Comment via Facebook: