ios jailbreaking
DESCRIPTION
From common man's requirement to a hacker's.... This is all you need to know about what is jailbreaking... Thanx alot..TRANSCRIPT
iOS Jailbreaking
We Control our iDevice
What is iOS Jailbreaking?
• iOS jailbreaking is the process of removing the limitations imposed by Apple on devices running the iOS operating system through the use of hardware/software exploits .
• Jailbreaking allows iOS users to gain root access to the operating system.
Why Jailbreak?• One of the main reasons for jailbreaking is to expand the feature set limited by Apple and its App Store and get paid apps for free.
• Users install these programs for purposes including personalization and customization of the interface, adding desired features and fixing annoyances,and making development work easier.
Processing Involved •Jailbreak itself is getting control over the root and media partition of your iDevice; where all the iOS’s files are stored at.
•To do so /private/etc/fstab must be patched.
•fstab is the switch room of your iDevice, controlling the permission of the root and media partition. The default is ‘read-only’, allowing eyes and no hands.
•The main problem is not getting the files in, but getting them trough various checkpoints. These checkpoints were put by Apple to verify if the file is indeed legit, or a third-party.
•When an iDevice boots up it goes trough a “chain of trust”. It goes on the following (specific) order:
Runs Bootrom: Also called “SecureROM” by Apple, it is the first significant code that runs on an iDevice.
Runs Bootloader: Generally, it is responsible for loading the main firmware.
Loads Kernel: Bridge between the iOS and the actual data processing done at the hardware level.
Loads iOS: The final step to the chain, iOS starts and we get our nice “Slide to Unlock” view.
•The jailbreaker objective is to either patch the checks or simply bypass them.
•Thus bringing us to the two main exploit categories:
Bootrom exploit: Exploit done during the bootrom. It can’t be patched by conventional firmware update, and must be patched by new hardware.
•Since it’s before almost any checkpoint, the malicious code is injected before everything, thus allowing a passage way to be created to bypass all checks or simply disable them.
•Userland exploit: Exploit done during or after the kernel has loaded and can easily be patched by Apple with a software update.
•Since it’s after all the checks, it injects the malicious code directly into the openings back into the kernel. These openings are not so easy to find, and once found can be patched.
Types Of Jailbreak
•Untethered:An untethered jailbreak has the property that if the user turns the device off and back on, the device will start up completely.
•Tethered:With a tethered jailbreak, if the device starts back up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state.
How to Jailbreak?•redsn0w:redsn0w is a free iOS jailbreaking tool developed by the iPhone Dev Team, capable of executing jailbreaks on many iOS devices.
•Absinthe or greenpoisi0n:It is another tool created to jailbreak Apple iOS devices, developed by Chronic Dev Team.
Cydia•Developed by Jay Freeman (also called "saurik") and his company, SaurikIT.
•Cydia is a graphical front end to Advanced Packaging Tool (APT) and the dpkg package management system, which means packages available in Cydia are provided by a decentralized system of repositories (also called sources) that list these packages.
iOS ‘Signature’ Feature•In September 2009 Cydia was improved to help users to downgrade their device to versions of iOS not currently allowed by Apple. Cydia caches the digital signatures called SHSH blobs used by Apple to verify restores of iOS.
•Cydia's storage mechanism enables users to downgrade a device to a prior version of iOS by means of a replay attack.
Installous
•Installous is an iOS application developed by docmorelli and originally created by puy0.
• Installous allows users to download, install, update and share cracked iOS applications in a clean and organized fashion. It has been installed on nearly thirteen million different devices.
Jailbreak Terminologies•Baseband:This has everything to do with your service and signal. This is why most unlockers have to be extremely careful when upgrading. If the baseband changes, it can permanently keep them from achieving an unlock.
•Blobs :When you upgrade firmware in iTunes, you’ll see at the top when you start a restore “Verifying restore with Apple”. SHSH blobs basically give iTunes a fake hand to shake, which in turn, makes iTunes think your restore has been verified.
•DFU mode : Stands for device firmware update. DFU mode will talk to iTunes but it bypasses iBoot which will then allow you to downgrade firmware. Most jailbreaks will require DFU mode for these reasons as opposed to recovery mode.
•SpringBoard:The graphical user interface on iOS devices.
•Respring: Process of restarting the springboard. Many Cydia packages will require users to do this in order to install and execute bottom level files.
Top 10 Cydia Sources1. http://cydia.hackulo.us/2. http://repo.hackyouriphone.org/3. http://repo.insanelyi.com/4. http://apt.modmyi.com/5. http://cydia.xsellize.com/6. http://apt.thebigboss.org/repofiles/cydia/7. http://repo666ultrasn0w.com/8. http://ihacksrepo.com/9. http://sinfuliphonerepo.com/10.http://biteyourapple.net/
Top 10 Cydia Tweaks1.Byta Font2.SB Settings3.Barrel4.Zephyr5.Call Bar6.Activator7.Swipe Selection8.Bigify+9.Springtomize10.Bite SMS
Open SSH•The iPhone runs on a basic variant of Mac's OS X operating system, which is Unix-based. This means that if you're so inclined, you could jailbreak the iPhone platform and install certain Unix apps with SSH daemon to accept remote connections -- thus turning the iPhone into a tiny computer.
•This is a useful utility for the users in order to allow SSH access to the device. Once the SSH gets access to the system, you can use the SSH clients to access the main file of your device for editing.
•SSH consumes more battery power and allows the hackers to get access to your file system if you forget to close or disable SSH. Changing root password is necessary.
Legal Issues• Under the Digital Millennium Copyright Act, jailbreaking iPhones is legal in the United States, although Apple has announced that the practice "can violate the warranty“.
•As of July 26, 2010, the U.S. Copyright Office has approved exemptions to the DMCA that allow iPhone users to jailbreak their devices legally.
R.I.P.