Hacking and securing the iPhone, iPad and iPod Touch 3: jailbreaking tools

Read previous: Hacking and securing the iPhone, iPad and iPod Touch 2: iOS jailbreaking

Diana Kelley shows how to jailbreak using the LimeRa1n and RedSn0w solutions, talks on peculiarities of the Cydia and clarifies some other relevant technical aspects related to iOS jailbreak.

Popular jailbreaking tools

Popular jailbreaking tools

These are kind of big, well known, popular jailbreaking solutions (see image). I don’t understand the Snow. Does anybody understand why Snow? Snow, Rain? I don’t, I haven’t found out what the secret is, but if you noticed a lot of these have Snow or Rain in them, and they have kind of switched letters for numbers sometimes. So if it looks like it is not actually a word, just transpose in your head that they actually probably put a number in. So Sn0wBreeze – that’s a zero up there, LimeRa1n, and then we got GreenPois0n, Pwnage Tool, and RedSn0w; as you see, some of these might have numbers instead of some letters there. RedSnow right now wraps around LimeRain, and the Jailbreakme original flaws are actually part of LimeRain. So they are all working with each other. RedSnow is right now doing the fastest development.

So a little bit of a chart. I took this off of Wikipedia and you can see it up to April 18th. This is a quick rundown of how quickly some of this stuff is changed and why it is going so, and bottom line, again – it is just gonna keep going. It is just gonna continue to be very, very fast.

Limera1n home page

Limera1n home page

Let’s actually take a look, we’re gonna look at LimeRain – it’s at limera1n.com (see screenshot). And this one was for the 4.1 that I showed you, so’re we gonna start LimeRain. With some of this, you kind of have to dance a little bit with your Power and your Home buttons as you hold them. So if got to do the device firmware update, the DFU mode1, that’s the Power and the Home; these jailbreaks depend on that because that gives them access to do what they need to do on the device. You will see there is a little bit of dancing. And if you get it wrong, don’t worry, it is a little bit hard to keep up with.

We’re gonna start that, right now what we’ve got over here is just a regular screen because we haven’t started talking to it yet. Okay, I am tethered, so now I am gonna go and make it ‘Rain’. So hold the Home and Power and wait a bit. Now release the Power button. I often release the Home button but I got it right this time. Now it is in DFU mode, that’s brought our device firmware update mode, and it’s doing its thing, and we wait. Now, this is actually gonna fail because LimeRain hasn’t been updated for this version. So it’s the next version.

If this wasn’t the newer version of the iOS, this would be true, what you are reading now is that it doesn’t know it failed. My iPad knows it failed but this doesn’t actually know it failed. So it says here: “You are ready, turn it on, untethered, thanks to the guy who did jailbreakme, and you are good to go”. So again, if this was an older version it would be good to go, and when I first did this it actually worked. So not too hard, except for me little bit of holding the Power down.

Limera1n jailbreak steps

Limera1n jailbreak steps

So this is the Download for the site if you go to LimeRa1n.com, that’s what you would actually see. You can see the ‘make it ra1n’ option up there (see image). So you got the LimeRa1n. You got rain in the background there. Cydia is where they keep the apps that are not in the App Store. Now you can get the apps that are in Cydia, and you can go ahead and you can install Cydia as the package if you want to try it out and see what it’s got in store. And I did, I went ahead and installed it. And I came up with what you can see on the iPod right now, what I had was LimeRa1n and Cydia were now installed on the device (see image below).

Limera1n and Cydia installed on the iPod

Limera1n and Cydia installed on the iPod

That’s about all you can see. Now you can actually go forward, with the new Cydia you can download the apps that are there. Cydia installs a remote ability to connect to the machine remotely, a Shell. Something to think about. I’ll give you a little bit of warning about that and why you care about that. But as far as what you see on your actual device, you don’t see a lot. This is what you would see. It didn’t break my photos, it didn’t break how my iPod was working. It just put those two on there and enabled me to do things I couldn’t do before I was jailbroken.

Alright, let’s do something else here. Let’s talk about the new one that just came out on Monday. This is RedSnow. Now, before you run RedSnow, you need to know a couple of things. You need to know where your IPSW2 is. You also need to set the permissions on this to run in Windows XP Service Pack 3 mode as it won’t run otherwise. At least I haven’t been able to get it to run, and that’s the recommendation, and I know I can get it to run now.

The other thing is that you do have to know where your backup file is. Has anybody ever gone to look at their backup file? I’ll show you where it is. It won’t find it automatically if you are trying to do this. So here is RedSnow running. It says: “Hi, I am RedSn0w, I like spelling things with a zero instead of an O”. And then it goes: “Do you wanna go ahead and install?” And it does actually warn you right here that it needs the IPSW. Alright, I’ve already told it where it was, so that you guys wouldn’t have to sit here and watch me fuss around trying to figure out where it is.

But let me show you where it is. So it’s in the Users, you go into your computer, you go into Users. If anybody has gone in there and poked around you might say: “You know, I’ve never seen the app data”. Anybody ever tried looking in your User directory? It’s hidden. So in order to use this you’re gonna have to unhide these folders as well. So you unhide them, then you can find them and then you can point RedSnow at that particular file. I have a copy just in case, testing it earlier today to make sure it should run for you guys.

Now, let’s go ahead and process. So it’s getting ready to jailbreak this. It’s gonna ask me whether I want to install Cydia as well. And again, what is Cydia? Cydia is the apps that you can get that aren’t in the App Store, so most people wanna say ‘OK’ and click Next. Now it is saying what I need to do. It says: “Your device needs to be off and plugged in”. So let’s go ahead and turn this off. So it’s off. Now we need to hold down the Power button and then hold down the Home. You have to be fast if you are a jailbreaker. Alright, so now it is waiting. You see LimeRain is coming up, it is wrapping around LimeRain and exploits. So now it’s gonna go ahead and reboot.

I’ve got on here that it is downloading the jailbreak. And we’ve got a message up here saying what it is doing as well. Now let’s go ahead and reboot. There is a whole lot of stuff going on the screen, and right now it has been jailbroken. This actually is now gonna take a while to finish. So I am going to let it go off and do its thing. Again, I am gonna have Cydia. So that’s what are you doing. The core of this is that you are able to go ahead and be Root on the iOS.

Cydia – features, themes and products that aren’t in the App Store

Cydia – features, themes and products that aren’t in the App Store

What does Cydia look like? Here is the Cydia if you go to Cydia from your device (see image). Here is what you can see. You can see, you know, they have WiFi tethering for your device. They got a store with different products. People do actually develop for fee applications that they sell on Cydia. So you got information about what you can get, like you can get cool themes and things like that.

Several more things. Again, you can still have your songs over there and you can send them back and forth. And you can update the iOS but then you probably will have to jailbreak it again. And it is a good question if it matters which jailbreaking software you use. You know what usually matters, like ease of use and, again, whether it works on your particular version of the iOS. Those would be the main ones. That’s really the big differentiator. But they do essentially the same; and then – tethered/untethered. I mean, at this point RedSnow is all that, and they are really keeping that tool up and it’s good with 4.3.2, which is a newer version of the iOS. So it’s more about getting the tool that works at the time.

I don’t know if Apple is watching you and if they are keeping a record of whether you’ve jailbroken or not. They know when you reset, I am gonna show you guys the reset, so they do know when you go ahead and reset, but I don’t know if they also at this time get a little notice, you know, there is some meta data that says it was jailbroken.

You can reset for a lot of reasons. And just the reset will not tell them anything. You can just put in an app that doesn’t get along with your version of the iOS, and the best way to solve it is just go and reset. But remember it’s not illegal, it’s just gonna break your warranty.

As to exploits that can jailbreak your phone without your knowledge, to my own knowledge there are no such exploits because you need to do that DFU. So you actively have to participate in the jailbreak. However, by jailbreaking your phone you are opening yourself up to specific attacks. So that’s the really key thing. Right now I don’t think anybody can jailbreak your phone without your knowledge, but if you jailbreak you can get exploited. But if you don’t have it password protected and somebody steals your phone, he can jailbreak your phone. If you can’t unlock it – you can’t jailbreak.

With the jailbreak you can get SIM unlocked and you can break your phone and use another provider, but not a radio network, it’s not compatible. But I would strongly recommend not jailbreaking your phone for any reason and specifically just to get to another provider. But that is one use case, and as to the radio portion of it you need to also be compatible because we all have different, you know we have GSM, we have 3G, 4G, so you have to think about that too.

Read next: Hacking and securing the iPhone, iPad and iPod Touch 4: iOS malware and vulnerabilities

1DFU (Device Firmware Update) mode is a state that you can put your iPhone into, where it can interface with iTunes but does not load the iOS or boot loader.

2IPSW (short for iPhone Software) is a file extension denoting firmware for the iPhone, often the Apple Device Software Update file.

Like This Article? Let Others Know!
Related Articles:

Comments are closed.

Comment via Facebook: