Tethered and Untethered Jailbreaks: All about Bypassing iOS Validation Process

Written By Sam on 13 November 2010
Advertisements

The iPhone is a versatile device from Apple with a host of inbuilt applications. The device is available across the world but normally comes with a carrier lock, except for countries like Hong Kong where the government has issued specific directions to companies to desist from locking subscribers to a particular network. In the US, for instance, it is available exclusively through AT&T in the US. This ends up limiting a user to what he can with the iPhone. For any add-ons he would have to subscribe and pay for additional applications. He has no choice of switching cell phone carriers.

Developers who believe that one should be able to have complete control over the device they have paid for, and began working on workarounds to these limitations, enabling the iPhone to run third party apps (‘jailbreak’) and even ‘unlock’ it to work with other cell phone operators. Today, the jailbreaking community is thriving with newer jailbreaking tools being released at regular intervals. While jailbreaking can void the Apple warranty and comes with a risk that could render a device useless, if not done with care, those wanting absolute control over their devices feel the risk is worth taking.

Jailbreaking

If you know what a jailbreak is, it is likely that you have come across the terms ‘tethered’ and ‘untethered’ jailbreak. Tethered jailbreaks require the user to load the jailbreak software onto the device each time it is restarted, which can become tedious, if the software crashes. Untethered jailbreaks, on the other hand, do not require this and achieve the jailbreak by adding small bits of code to that which is run when the device starts. Of the two, an untethered jailbreak is usually the preferred way for most people. We already have a hint why.

Whenever the iPhone boots up, i.e, whenever you switch it on, the operating system(iOS) will check automatically for hidden keys from Apple to validate the installed software and if the app does not meet the validation check it will not work. Jailbreaking is done using software tools such as Redsn0w and PwnageTool. What these tools do is use a hidden flaw or loophole in the boot up sequence of Apple’s iOS. This operating system is constructed in layers and is specific to the processor chip. iBoot sequence is at the bottom of the layer of startup sequence and is governed by the iBoot code which initiates the boot sequence. There is a validation check here which verifies if the software programs installed in the device are genuine Apple/Apple-approved programs or not. Even throughout the entire iOS such signature checks are built in that makes sure that only Apple-approved or validated programs can run on the iPhone. Using a jailbreak software, a loophole in this signature checking process is exploited. A code is inserted here by the jailbreaking software which will permit third party software solutions to bypass the validation process and sequence of iOS, even at the iBoot stage itself.

One of the earlier jailbreaking tools was 24KPWN used with iOS version 3. This injected modified code into iBoot which bypassed the signature validation check, thereafter permitting usage of 3rd party apps. Apple then improved its iOS and the iBoot sequence was patched up, rendering previous methods of jailbreaks useless.

Tethered jailbreaks

Subsequent to this, hackers came up with tools to bypass the security check of iBoot sequence but this could only be done if the iPhone was docked to a computer system and actually in communication while booting up. When an iPhone is actually connected to the PC and requires such a connection to boot up and bypass the security checks, it is referred to as a tethered jailbreak. Tethered literally means tied. The iPhone is tied to the PC in which the jailbreak software is loaded. One such tool is GeoHot’s Limera1n. There are also other tethered jailbreaks from Purplera1n, blackra1n, Quickpwn and Sn0wbreeze which can break into and over-ride security checks in later versions of iOS. The tool in the PC is in communication with the iPhone during its boot up and overrides the iBoot security checks in tethered jailbreaks.

The drawback to tethered jailbreaks is that the iPhone needs to be connected to the running PC whenever it is rebooted from standby or a cold boot is done. If the battery is low and you have to switch it off, without a PC it cannot be rebooted properly. This limits the practicality of having a tethered jailbreak for an iPhone. Workarounds were developed with dongles(iDongle) available to which the iPhone could be docked, allowing it to boot and work properly without the need for a PC. The iDongles worked only with iOS 3.1, 3.1.1, 3.1.2.

Untethered Jailbreak

To overcome the limitations of a tethered jailbreaks software developers came up with hacks (redshow, greenpoison etc.) which enable the iPhones to be connected to the PC only once. The software carried out the jailbreak sequence once and on a permanent basis. Thereafter, the device can be used, rebooted any number of times, without having to be tied into a PC. This is aimed at freeing up users of the iPhone tremendously.

Today, tethered jailbreaks are no longer in use and the situation will continue until Apple comes up with revised iOS that may need the cycle to be repeated all over again!

Leave your response!