Jailbreak for Dummies: How To Actually Do It

Generally speaking, the mark of a jailbroken device is the Cydia app whose natural habitat is the home screen of your device. I say generally because dev teams (groups of hackers working together) sometimes release a jailbreak tool that jailbreaks the device, but does not install Cydia. This is usually because the jailbreak is still not ready for public use, perhaps it's not stable yet and the dev teams want to give some sort of beta testing to a smaller crowd, usually those who actually knows all this stuff in-depth; or the dev teams simply want to give jailbreak developers a head start in developing jailbreak contents first. It's their choice, and we should respect that. These people put in countless hours finding and developing jailbreaks, and they give it to you for free.

A screenshot containing Cydia, as well as some feature unique to the particular device often serves as evidence of a successful jailbreak attempt. The image above is from a time not too long after the iPhone 4S was released. At that time, the iPhone 4S was the only device with Siri, so that screenshot was all the evidence needed to prove the iPhone 4S has been jailbroken. Similarly, in the picture at the beginning of this post, we see Cydia on a device with five rows of icons and a dock. Unless you've been living under a rock, that's the mark of an iPhone 5.

Of course, skeptics can say it's photoshopped or whatever and it's all lies. Fair argument, but when the jailbreak is actually released, you skeptics better not be using it. For us jailbreak fans however, these pictures gives hope that a jailbreak is round the corner.

Enough of background stories, now back to the topic.

Checking Your iOS Version

In the Settings app, go to General, then About. Once there, you should see a row labeled Version, and that's your iOS version right there.

As you can see, mine's iOS 5.1.1. The first number refers to the major iOS version (in this case iOS 5), and the numbers that follows is the smaller update/revision of that major iOS version. It's important to note your iOS version because different each version's jailbreak, if available, uses different jailbreak tools because of the different exploits/vulnerabilities used each time.

I'll show you how to jailbreak the two latest iOS versions, namely iOS 5 and 6. Note that iPad 3 refers to the ridiculously named 'new iPad', and iPad 4 is obviously the one newer than that, launched after the iPhone 5.

iOS 6

I stayed away from iOS 6 because I didn't want to lose my Google Maps, and more importantly my iOS 5.1.1 untethered jailbreak. However, if you're on this iOS, check to see if you're on the devices listed below.

• iPhone 4
• iPhone 3GS
• 4th-gen iPod touch

If you device is on the list, then congratulations, you are entitled to a free, all-expense-paid, 10 minutes journey to tethered jailbreak-land. If you're not, don't bother reading the next part.

Redsn0w is a jailbreak tool provided by the iPhone Dev-Team. This tool is often updated to support jailbreaks for newer iOS versions, and we are now at version 0.9.15b2, supporting iOS 6.

I emphasize here, this is a tethered jailbreak, meaning if your device runs out of juice or reboots, you have to connect your device to the computer and use Redsn0w to boot it. Read this if you want to know why.

Download Redsn0w for Windows here, or for Mac here.

Extract and run it. Be sure to run it in administrator mode (Windows) or ctrl+click then select open (Mac).

Click on Jailbreak, then follow the steps to put your device into DFU mode.

If you've done it right, the tool will jailbreak your device. Be patient and try to contain your excitement, don't do anything funky. When it's done, go to Extras, and Boot Tethered. Select “Autoboot this device when it connects in DFU mode”. 

Once the device reboots, you should see the Cydia icon on your home screen.

If your device powers down in the future, connect your device and run Redsn0w. Go to Extras, click on Just Boot and follow the instruction. Should be a piece of cake.

iOS 5
There's four iOS versions; iOS 5.0, 5.0.1, 5.1, and 5.1.1.
The cool thing about redsn0w is that it is only updated to support the newer jailbreaks, it's not a different tool every time. So the same redsn0w that jailbreaks iOS 6 will jailbreak iOS 5 and all previous versions, provided that the device model fulfills the requirements. For each version of iOS 5, redsn0w supports different devices. Sometimes certain device gets an untethered jailbreak while others get tethered ones, so check if your device can be jailbroken untethered or tethered in the list below.

iOS 5.0 

• Not supported
• iPad 2

• Untethered 
• iPhone 4s

• Tethered
• Everything else

 iOS 5.0.1

• Untethered 
• All devices

iOS 5.1

• Not supported
• iPhone 4s, iPad 2, iPad 3

• Tethered
• Everything else

  
iOS 5.1.1

• Untethered 
• All devices

Redsn0w download links and jailbreak instructions are the same as for iOS 6. Scroll up.

I should remind you guys that if you have an old-bootrom 3GS, the criteria listed above for being able to jailbreak doesn't apply to you. Your device will be jailbroken untethered by redsn0w. Find out why and how to check your bootrom here.

That's it. In the next post I'll show you how to convert tethered jailbreaks to semi-tethered.

Update:

I just jaibroken iOS 6 myself and it seems like without semitether, the iPhone boots but without jailbreak content. It seems like redsn0w now jailbreaks with some sort of semitether protection, but this is just my guess.

Anyway, if you are on iOS 5 or your iOS 6 device cannot boot without plugging into the computer, semitether can be downloaded through Cydia.

In Cydia, go to Manage > Sources > Edit > Add, and add this repo http://thebigboss.org/semitether. 

Search for SemiTether and install the package. Be sure to check on the semitether app installed on your springboard every now and then to ensure you are protected.

Why (Some of) the iPhone 3GS Can Forever Be Jailbroken Untethered

Building on the previous Jailbreak for Dummies post, I thought I'd share this story with you guys, maybe it might help newbies understand jailbreaks better. This story revolves around a bootrom exploit/vulnerability that is known as 0x24000 Segment Overflow a.k.a. 24kPwn, that was first discovered on the iPod Touch 2G.

Perhaps it's best explaining what a bootrom is before we begin, and I'll try and do this without breaking your brains:

The bootrom is essentially some codes that runs at startup, and it's job is to check on the status of the boot image. The boot image is the entire iOS that is to be 'booted'. Actually a boot image consist of more than just the iOS, but no need for the extra confusion. So before booting the iOS, the bootrom checks it to make sure it's not corrupted and it's an iOS version authorized by Apple.  

Now back to the story.

Hackers @pod2g and @MuscleNerd discovered a hole in the bootrom, and this hole is referred to as 24kPwn. Using this hole, a dedicated group of hackers bypassed the checks and made it possible for unauthorized firmware to be loaded, blessing us all with a beautiful untethered jailbreak.

What makes bootrom exploits cool is that it can only be fixed by a hardware revision. In other words can't be fixed by any form of software update. So if your device's bootrom has an exploitable vulnerability, it's there forever on that device. Just like an underground passageway into a castle. No matter who the king is, or how many guards you have, the passageway is there unless you reconstruct the castle.

So just like that the iPod Touch 2G became a device that can forever be jailbroken. However, by releasing this jailbreak, Apple is now aware of the existence of this hole and can then work on patching it.

Now what happened was the bootrom used on the 3GS dates back a couple of month before the release of 24kPwn. Apple had no idea of it beforehand and could not fix it in time. So when sale of the 3GS began, there was cheers of joy as hackers and jailbreakers realize that the exploit lives on!

Seven months after the release of the exploit, Apple updated the bootrom of new iPhone(s) 3GS and... R.I.P 24kPwn. This resulted in two types of iPhone 3GS (no, I'm not talking about black vs. white 3GS): the old-bootrom and the new-bootrom. Until today, right up till the latest version of iOS, iOS 6, the old-bootrom iPhone 3GS is forever untethered.

Beautiful story isn't it? Now if you're the owner of an iPhone 3GS, let me show you how to quickly check if your device is using the old or new bootrom.


Checking if your 3GS has the old or new bootrom

On your device, open your Settings app. If you're struggling to find it, leave a comment and I'll do what I can. Hint: It's in the picture above.

Look for General, then About.

Once you're there, scroll down and look for a line named Model. If that begins with MC, then what you have is new-bootrom 3GS. If it begins with MB, then congratulations, you have an old-bootrom 3GS and can forever enjoy being jailbroken. Now take your phone to iPhone 5 owners and rub it in their face; "I've got all this customization from jailbreaks, and you've got what? One extra row of icons? Ha ha".

If you have a 3GS, give this a shot. You have a 50% chance of having either a new or old bootrom 3GS. There's nothing to lose anyway. 

Innovations on the Samsung Galaxy Note 2

Taking a break from writing the Jailbreak for Dummies series, I thought I'd share my thought on the Galaxy Note 2, which in my opinion is a pretty great piece of tech. Before we begin, I would like to Note (note! get it? ha ha) that this is not a review, or a promotional write up. Just what I think is so cool about it.

Me and my dad, we're gadget freaks. We're not taking sides on the Apple vs. Samsung battle, we simply value great design, innovations, and features. He's owned the first Galaxy Note the day it launched here in Malaysia, and he bought the Note 2 the day it started selling here too. I guess being a tech freak is much easier when you're making your own money, compared to when you're a student trying to make your expenses not exceed your allowance. So me being me, I grabbed his phone the moment he put it down and checked out everything about it.

Before we begin, here's a roundup of all the features in promotional video for the Note 2 by Samsung.

Remember when the iPad 2 was launched with the Smart Cover? I don't know bout you, but I was like "OMG, that's genius! This thing can make your iPad stand, protect the screen, and turn the screen off automatically when you close it?" *BOOM, mindblown.* That's how I feel about the Note 2 as well. Here's why:

Multi Window
This is THE feature that caught me. Introduced first on the Galaxy Note 10.1, I thought Samsung's multitasking implementation was genius. Opening two apps side by side, doing two things at once. Skyping while viewing your Facebook  news feed. Browsing the web, and taking notes at the same time. No more switching back and forth between apps. I loved it. This was true multitasking.

I did notice at 3:03 in the video, Samsung skipped over how exactly SMS is written in multi window mode. I mean, if you split the screen in half and attempt to write your SMS using the bottom half, wouldn't the keyboard pop up and cover that exact bottom location? How did Samsung solve that problem?

They made the keyboard movable, and smaller in size. Here's my guess why:

Movable keyboard: well, um, I would guess it's so that you can move it out of your way?
Smaller keyboard: more space to see your content, also much easier to type with your thumb.

That's pretty smart. Well anyway, I would just open the Messages app in the top half instead, but that's just me.

Also, I should note that it does not work with all apps, so yeah, you can't play Fruit Ninja and Angry Birds at the same time. However, Facebook and Twitter works, so that's good enough for me. Hopefully in the future more and more apps work with this, but for now, this is definitely a good start.

Design
I know tons of people complain about the big size. With the first Galaxy Note, I agree that the size makes it awkward to hold at first, but you get used to it. This time round Samsung has slimmed down the width and increased the height. Having experienced it and compared the two side by side, the Note 2 is definitely better to hold.

It's large size makes it not the right device for everyone, but I know of many people who owned the Galaxy Note series and refused to buy anything smaller since. Ever upgraded to a large flat screen TV and suddenly tried replacing it with one half it's size? I guess that's how it is. Truth is, yes it's hard to hold and keep and make calls and bla bla bla, but having a huge, full wide screen display to view contents outweighs the cons (for some of us, at least). Anyway, an iPad is much larger and I don't hear users complain that it's too big.

The Galaxy Note series is a compromise between smartphones and tablets, and in my opinion they've done it right.

S Pen
The last thing I want to talk about is the huge improvements of the S Pen's functionality. Instead of just an ordinary pen with a button you can hold down to take a screenshot, Samsung made sure the S Pen is now an integral part of the Note 2 experience.

With Air View, hovering your pen over your picture folders brings up a pop up window that shows the contents. Similarly, hovering over a video pop up a video that plays it in real time. Move the pen away and the preview stops. Air View also works in messages and emails, hovering over it pops up a window containing the full message.

Popup Note is a convenient feature that pops up a notepad when you pull out the S Pen during a call. That way, you can quickly jot down directions, phone numbers, or even doodle away if it's your mum on the phone lecturing you about not eating your veggies.

There are many other improvements, but these two are what I think is the most useful to me as an average user.

Popup Play
Popup Play is not a feature exclusive to the Note 2, it is introduced on the Galaxy S3, and is also available on the Galaxy Note 10.1. I mention it here because I think it's useful, and to me it shows clever use of the powerful quad-core processor inside. 

What it does is when watching a video, you can popup a window not unlike the AirView windows, which continues playing your video while you are free to do other things, maybe checking your Twitter feed. The window can be moved around to wherever you want it to be. On the Note 2 (and Note 10.1), this window can be re-sized using the pinching gestures we're all accustomed to. 


So that's some of the cool stuff that I thought was very clever of Samsung to implement. If you want to know more all the other features of the Note 2, check out Samsung's site. Some people dismiss these features as being gimmicks. Well, they have their opinion, I have mine. As gimmicky as it may seem, once you get accustomed to using these features, you'll wish your non-Note devices has them. The amount of creativity, innovation, and quality of the features implemented certainly speaks volume of Samsung's improvement in the mobile electronics industry, and solidify the Korean company's position as a worthy competitor of Apple.

Jailbreak for Dummies: Types of Jailbreak

What?! There's different types of jailbreaks?

Yes. Jailbreaks ultimately gives you root access and Cydia, but each jailbreak is different. 

A little backstory...
Since the day iPhones walked the earth, jailbreaks have been attempted. Apple doesn't like this, and tried to make jailbreaking illegal, but court rulings allowed jailbreaking. Previously all devices are allowed to be jailbroken, but the latest court ruling decided that tablets (iPads) cannot be jailbroken anymore. It's a good thing I don't own one then. 

Using the analogy of fencing up the iOS in the previous post, each time a hacker use the holes he found in the fence to enter iOS and release a public jailbreak, Apple patches the holes. The holes here are 'security vulnerabilities', weak spots in the fence that can be exploited to do more than just jailbreaking, if the hacker has ill-intentions. Therefore it's important that Apple patches these holes quickly, usually in the next iOS update.

As a result, each new jailbreak generally uses different holes in the fence, and each update patches the holes that Apple knows about. This is basically a cat and mouse game that goes on and on.

Untethered Jailbreaks
I'll start my description by explaining the 'magic' (again, see the previous post) that hackers do. Think of spies in the movies. They infiltrate some organization, place some tech gadgets around, and suddenly they can monitor and control everything, shutting doors and turning on self destruct to kill the hero of the film, which incidentally is very likely to not die. When hackers enter through the holes in the fence, insert place some codes/scripts/tech-stuff (let's refer to them as magic spells) into iOS. Once done, every time the device reboots, their spell makes iOS boot without the usual restrictions allowing jailbreak content. Untethered jailbreaks are essentially powerful spells that are left inside the fence, working it's magic as long as it's untouched, even if the hacker does not enter anymore.

Tethered Jailbreaks
Tethered jailbreaks are a little more confusing. Sometimes hackers enter through the fence, but the area contains dangerous explosive that will detonate if the magic levels in the air gets too high. Therefore, to prevent devices from blowing up (just kidding, iPhones don't explode, everyone knows that it's Siri who dies) the spells they cast cannot be as powerful, leaving half the spell sitting inside the fence, while the other half has to be brought in from the outside each time the spell is required. Therefore every time the device reboots, without the external spell, devices with tethered jailbreaks cannot boot, stuck forever at the Apple logo screen till the phone dies.

To boot successfully, the user needs to plug the device into their computer. Using programs provided by the hacker, the other half of the spell is inserted through the fence and BOOM, the spell is in full power and the device boots successfully into its jailbroken state.

Semi-tethered Jailbreaks
Semi tethered jailbreaks are fairly new, beginning only in iOS 5. When there is only a tethered jailbreak available to the public, people are fairly apprehensive. What happens if their device requires a reboot, or runs out of juice during a trip where a computer is not accessible? Installed through Cydia as a package/tweak, semi-tether protects the user from the downside of tethered jailbreaks. When the device reboots without a computer, semi-tether allows the device to boot into a usable state, just without all the jailbreak contents. Basically you can call, text, and all the basic original iDevice functions. Just no Cydia or any jailbreak tweaks and themes. How this is done is beyond my little brain, but may God bless the person who came up with this. Read more about semi-tethered jailbreak here.


Summary
Untethered jailbreaks are the best, because the device functions fully like a normal device, plus jailbreak contents. 

Tethered jailbreaks requires the device to be attached to the computer every time the device reboots, otherwise the device will be stuck at the Apple logo startup screen; at least until it is tethered to a computer and rebooted again.

Semi-tethered jailbreaks are originally tethered jailbreaks, which the device user then goes into Cydia and install the semi-tether package/tweak. Semi-tether protects the user from the disadvantages of tethered jailbreak, while waiting for a full untethered jailbreak to be released.

Jailbreak for Dummies: What Is It?

I thought it'd be nice that my first post discusses the main reason why I started this blog: to tell the people what a jailbreak really is, and how simple and safe it is. I'll try and explain this in a simple, everyone-can-understand manner.

First things first, what's a jailbreak?

Well, when Apple made iOS for iPhone, iPad and iPod Touch (that's like Windows Vista/7 for your desktop or laptop), they made sure the security was tight. Imagine your desktop computer. You could install virtually anything on it: Google Chrome, Photoshop, even cracked games that are supposed to cost hundreds of bucks. Now the problem with that is every now and then your antivirus (if you have one) pops up and tells you that the software is unsafe, contains a virus bla bla bla. Apple decided that this cannot be the case for their beloved iDevices, and therefore imposed strict restrictions. Think of your desktop. Imagine that you can only install Microsoft approved software. That's what Apple did. Only apps they approve can be installed, and all apps can only come from the AppStore. Music can only be synced through iTunes. All you can change is the wallpapers of the lockscreen and homescreen. That makes the iOS environment much safer, users install apps without worrying about virus or personal information being stolen.

How all the security features implemented work will not be discussed, but basically Apple has built an imaginary fence around the iOS, and only they have the keys to enter. Now hackers look for holes or weak spots in this fence, and use this hole to enter and work some magic. Sort of like the cat next door that never fails to poop in your garden every morning even though you fenced up your house with spikes and all the repellents possible. There's always somewhere you missed. The 'magic' is that they make the device boot into a jailbroken state, turning off Apple's restrictions to gain 'root' access to iOS and an app called Cydia.

Root Access
Root access basically means you can access the filesystem and modify files. Think of user accounts on your university/office computer. Normal users can run the usual programs, but restricted in certain ways. Maybe you can't install or download stuff, or certain websites/softwares are blocked. When the IT guy comes along, he logs in with his account and he can do everything. Gaining root access basically is getting the login and password of the IT guy. So imagine using a non-jailbroken iPhone. How boring is that? :p

Cydia
Cydia is essentially the AppStore for jailbreak contents. There, you'll find tweaks and themes. 

Tweaks: Stuff that changes the way your phone works, such as double pressing the '@' button to  automatically insert your email address.

Themes: Anything that changes the appearance of the interface, see lockscreen of the iPhone above.

Cydia is the first non-AppStore app that is installed on your phone upon jailbreaking. The way Cydia work is slightly different. Imagine Cydia as a shopping center, say MidValley Megamall. Within it there's shops like MNG, Forever 21 and G2000. These shops are the equivalent to 'repo's in Cydia. Like clothes suppliers, developers produce all these tweaks and themes and sells them through these stores. For example, the BigBoss repo comes together when Cydia is installed. Others can be added at the user's will.

In conclusion..
The point of commercial jailbreaks is to install Cydia so users can install non-Appstore content. To do so requires root access.


Some notes
1. Not all holes in the fence are usable.
2. I've made hacking and jailbreak sound easy for the sake of simplicity. In real life it's not.
3. This article is based on my understanding of jailbreaks, and is meant to be only an introductory explanation. I do my best to explain it in a way that even a 10 year old can understand.

DZM5YGPR7FXY