What is jailbreaking? How a jailbreak is developed & how it works!
Subscribe on YouTube!
Video Transcript:
Most people with an iOS device (iPhone, iPad, or iPod Touch) have probably heard of the term jailbreaking. Maybe you’ve even jailbroken a device before. But what does jailbreaking actually mean, and what is the process behind it? Well today you’re going to find out in this jailbreaking edition episode of “What Is?”
To jailbreak means to gain the ability to install custom third-party apps on your device. It’s completely legal, but Apple does not want you to do it because they want to control the user experience. Now before we get into the jailbreak process, let’s learn how an iOS device boots up. The iOS bootup involves a series of signature checks that makes sure everything that’s being ran is approved by Apple. It happens in the following order: BootROM, BootLoader, Kernel, and iOS operating system.
The jailbreak itself involves obtaining control of the root and media partition of the device. This is where all iOS’s files are stored. And in order to be controlled, the “private/etc/fstab” must be patched. FSTab controls the permissions of the device’s root and media partition. The main problem is not getting the modified code in but getting it through certain checkpoints. Apple put in these checkpoints to verify if a file is actually legit or if it’s from a third-party. Every file is signed with a digital signature, or key, and without it the file is useless.
Signature checks are the main roadblocks in the jailbreak process. While the kernel is loading there are tons of signature checks happening to make sure every file has been approved by Apple.
The main objective for a jailbreak is to either patch the checks or bypass them. So this brings us to the two main exploit categories.
The first is the BootROM Exploit. This is done during the BootROM, and it can’t be patched by a normal update. Since this is before almost any checkpoint, the modified code is put in and this creates a gateway to bypass all the signature checks or simply disable them.
The second exploit is the Userland Exploit. This is done during or after the loading of the kernel, and it can easily be patched by Apple. Since it’s after all the checks, it puts the modified code directly into the openings and back into the kernel.
That is how jailbreaking works! If you’re not worried about voiding your Apple warranty or if you don’t even have a warranty, I would recommend trying jailbreaking out. It’s really easy!