Jailbreak FAQ: common questions & answers (read before posting!)
What is Jailbreaking?
Jailbreaking is simply a process that allows for full write access on all partitions of the iPhone. During the jailbreak process, afc2 is also installed giving full file system access.
This is beneficial in that it allows you to install apps from sources other than Apple's app store, run tweaks and utilities that will give your device added functionality, and also will allow endless customization to your device.
These processes are completely legal and should not be confused with installing pirated material. Apple has no current method to see who is jailbroken and who is not jailbroken. There is really nothing to fear by jailbreaking your device as all changes are reversible and there is no added security risk whatsoever.
What is a Jailbreak Exploit?
An exploit, or a injection point, is needed to enter code giving write access. If that exploit is present during the boot level, the exploit cannot be patched by software and thus will be able to be jailbroken for the life of the device.
If the exploit occurs after the kernel has started then it is known as a userland exploit. A userland exploit differs from a boot level exploit in that custom firmware may not be installed. The current jailbreaks (Greenpois0n, pwnagetool, limera1n) use a boot level exploit. iOS 4.1 is jailbroken using secondary userland tools to keep it untethered.
Why are some jailbreaks tethered?
During the boot process the device goes through several signature checks. If one of these checks fails, due to a jailbreak, the device will fail to boot. Tethering the device allows you to bootstrap to a boot sequence that skips the signature check altogether.
Since boot level exploits lead to failed signature checks they will have to be tethered unless they can work with certain userland tools to keep the jailbreak untethered after the initial tethering to implement the jailbreak.
Untethered - Can be rebooted without a Computer
Tethered - Must be connected to a Computer at every reboot to maintain jailbreak
What is the Baseband?
The baseband manages all functions which require an antenna. The iPhone has its own baseband processor, RAM, and firmware in NOR flash. The baseband is merely a resource for the OS.
What does Unlocking do?
Unlocking your device is a process in which the baseband is modified to accept the SIM card of any GSM carrier. It is completely different from a jailbreak, but a jailbreak is needed beforehand in order for the unlock implementation to be possible. Your ability to jailbreak has nothing to do with your baseband.
On the iPhone 3GS and the Iphone4, Baseband firmware CANNOT be downgraded, so if you are using or want to use an unlocked device, make sure that you safeguard against the upgrading of baseband firmware by check the baseband firmware of the iOS version you wish to upgrade to and making sure you have an unlock for that version. If you do not, make sure that there is a method available for maintaining your current baseband firmware through either TinyUmbrella or by using a customized firmware.
The current method for unlocking your device is by using Ultrasn0w which can be downloaded from Cydia.
Activation is a process that allows your device to access the springboard for the first time. It occurs the first time your device is connected to iTunes and receives an activation token from Apple's activation server. Further, the iPhone needs a cellular data connection after the activation in iTunes for the process to be completed.
Hactivation is a process in which this process is circumvented using a jailbroken device and completed by unlocking your phone and modifying the baseband.
Can I "Brick" my device by Jailbreaking?
The short answer is, no. While it is theoretically possible to brick your device by flashing an invalid baseband bootloader or purposefully erasing your NOR, those are extremely advanced actions that will not be undertaken by the vast majority of users, especially by accident. It is IMPOSSIBLE to brick your device simply by jailbreaking it, since DFU mode and recovery mode will always be available to recover from a bad flash or a serious iOS error.
What is DFU mode and Recovery Mode?
Both Recovery mode and DFU mode allow for the flashing of firmware to your device. DFU mode does not use iBoot and therefore is required for all boot level jailbreaks and custom firmware. These modes are failsafe modes that allow for your firmware to be reinstalled if there is a bad flash or a problem with your current firmware install. Recovery Mode shows the iTunes symbol on your screen, while DFU mode shows a blank black screen.
How to put your iPhone in recovery mode:
1. Turn the device completely off and disconnect it from cable/dock.
2. Hold down the home button.
3. While holding down the home button connect to a computer with a cable (easiest) or dock.
4. Keep holding down the home button until you see a connect-to-iTunes screen You are now in recovery mode.
To escape Recovery Mode and power the phone off simply hold down power and home buttons for ten seconds.
How to put your iPhone in DFU mode:
1. Connect your iPhone to your computer.
2. Turn iPhone off.
3. Hold power and home together for 10 seconds (exactly).
4. Release power but keep holding home until the computers beeps (observed on a PC) as a USB device is recognized.
5. A few seconds later iTunes should detect your iPhone.
6. If the Restore Logo is present on the screen, you are in Recovery Mode, not DFU.
How Can I Jailbreak my Device?
There are several methods for Jailbreaking your device. Some things to consider before you jailbreak are:
1. What model device do you have?
- Different Jailbreaks work for different devices, make sure you are using the correct method for your device.
2. What firmware are you currently on?
- Don't rush in, make sure you have a plan of what you want to do so you don't end up losing the ability to jailbreak or unlock.
3. What firmware do you want to Jailbreak?
- Is the firmware able to be jailbroken? Does it upgrade your baseband?
4. Do you want to unlock your device?
- Can you currently unlock your device? Is the new firmware you are upgrading to available to unlock? If not, are there ways to maintain your current baseband?
5. Do you need hactivation?
- Do you need hactivation? Does the jailbreak method have hactivation included?
6. What computer are you using to jailbreak (if a computer is needed)?
- Make sure the method you want to use, works for your computer as some only work for PC or Mac.
Pwnagetool: Creates Custom Firmware, Apple TV 2G, iPad 1G, iPhone 3G, iPhone 3GS, iPhone 4, iPod touch 3G, iPod touch 4G, Mac, All iOS up to 4.1, Hactivation
Redsn0w: iOS 4.0-4.1 on every device that supports that firmware (except iPod touch 2G MC), Mac, Windows, Hactivation
Why isn't the jailbreak working?
There are several factors that could lead to a jailbreak not working. Especially if you are trying to implement a boot level jailbreak the method must be done in DFU mode, and your USB connection might be problematic. Try jailbreaking from a fresh restore and before syncing (Make sure your phone is properly activated first). Also you may want to try doing it on a different computer.
Is Jailbreaking Reversible?
Jailbreaking is 100% reversible. It's as simple as reflashing your device with Apple firmware through updating or restoring on iTunes. All traces of your jailbreak will be removed and your device will seem brand new. Apple will not be able to tell that your device was ever jailbroken. Your device can be re-jailbroken afterwards as well. If something does go wrong, and you get an error, put your phone in recovery mode and restore it using iTunes.
Do I have to re-jailbreak each time I upgrade iOS firmware?
Sadly, yes, you must redo your entire jailbreak whenever you update your iOS firmware. Think of jailbreaking as additional layer upon the top of your iOS firmware. To change the iOS firmware underneath, the top layer must always be re-applied.
The best method for this is to:
1. Backup your device on iTunes.
2. Go into Cydia and Write down or take screen shots of all your installed packages.
*You may use a aptbackup utility for this, although I choose to do it manually.
3. Copying Your theme folder if you have customized your themes via SSH
4. Restore to a fresh iOS version using Shift (Option) + Restore on iTunes
5. Allow your device to fully activate
6. Restore settings from backup (optional, can be done after jailbreak as well)
7. Jailbreak your device
8. Sync your device
9. Open Cydia and download all your packages again
10. Copy back any saved files via SSH
What are SHSH blobs?
SHSH blob or ECID SHSH is basically a unique signature which is checked against Apple servers whenever you decide to restore the firmware on iPhone, iPad and iPod touch. Once a new firmware is released, Apple stops signing the older firmware, hence making it impossible to restore back to the older firmware from iTunes. So, YOU MUST SAVE YOUR SHSH WHILE APPLE IS CURRENTLY SIGNING THEM.
Now to “why is it important to save your SHSH blobs”: The creator of Cydia has setup a new server which basically mimics Apple’s verification server and can save your older signature (SHSH blob) so that you can downgrade or restore back to the older firmware. This is important because if you don’t have your SHSH blob saved, and accidently update to new firmware, you’ll lose your jailbreak and furthermore, you won't be able to downgrade back to older firmware to re-jailbreak your device.
Now while Cydia will probably once again start letting you save your SHSH blobs on the server automatically by using the “Make my life easier” button, a utility has been released which allows for both saving blobs on the server and locally and also for restoring older firmware via iTunes. You can also use TinyUmbrella to save your SHSH without being Jailbroken and for the currently signed firmware even if your iDevice is using a different firmware. You can download it here: TinyUmbrella Look for version you need on right hand column. TinyUmbrella uses Cydia's Server and so once it's saved with one method, it is recognized by the other.
Instructions for saving your SHSH:
1. Download and run TinyUmbrella and make sure your iDevice is detected.
2. Check “Advanced Options.”
3. Under “Device / Version,” select the firmware version you want to Save (You can only restore to versions that have SHSH saved).
4. Click on “Save my SHSH.”
5. Repeat to save other firmware hashes if you wish.
6. Now, click on “Display SHSHs.” It should listed all hashes you have saved on your computer for all your iDevices.
Instructions for restoring:
(Make sure you have saved your SHSH blob locally using method above. If not, repeat the method above for the firmware you wish to restore to.)
1. Backup iDevice in iTunes and then close iTunes.
2. Open TinyUmbrella and make sure you don't get any errors on startup or else you will need to make sure that port 80 is open and that your host file is not set to Read-Only.
3. Click on Start “TSS server,”
4. Download firmware you wish to restore to from here:
5. Open iTunes and use the Shift/Option + Restore method to choose the firmware file you wish to restore to (Upgrade button cannot be used)
6. After your firmware is restored you might get a 1004 error. Not to worry, simply click “Kick Device out of Recovery” if you get it.
7. Restore Settings from Backup in iTunes and sync.
What is Cydia?
Cydia is an open source application installer created by Saurik that uses the Debian APT system for package management. For all intensive purposes it is basically the Jailbreak version of the Appstore.
It lists thousands of themes, tweaks, apps, and utilities that you can use on your device. It is included with all iPhone Dev Team jailbreaks, and is found in every mainstream jailbreak tool. Cydia uses a decentralized package listing system and thus takes longer to load than say the AppStore or Rock which used centralized databases.
What is SSH and is it a security risk?
There are two methods to access your device's file system. You can use a USB connection along with a program like iPhone Browser that uses afc2 to access your files securely. You can also install OpenSSH via Cydia which will allow you to use SSH over Wifi using a program like WinSCP. SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. This channel is secure, but since all devices come with the same password (Alpine), it is a good idea to change your password using Mobile Terminal if you plan to use SSH.
What is Winterboard?
WinterBoard acts as a file replacement extension for iPhone OS based on Mobile Substrate, both of which are developed by Saurik. It is often used for themeing GUI elements, such as app icons and sounds.
It works by injecting replacement files dynamically but without actually replacing the files, though it appears to the iPhone that the files have been replaced. Should MobileSubstrate crash, the files will no longer appear to be the changed ones but rather the original files. Its benefit is that all changes are easily reversible and no permanent changes are made. It also allows for quick and easy changes to your device.