In the process of using iOS devices, sometimes we need to perform some tasks such as installing applications that are not available on the App Store or root access to the file system. However, with the specific security mechanisms of the iOS operating system, we can not perform those tasks. At this point, jailbreaking an iOS device is a common and effective solution to be able to perform the above tasks. So, what is jailbreak, let’s find out about it in this article.
I. Overview
1. Concepts
The main purpose of jailbreaking an iOS device is to turn off the protection mechanism (specifically the code signing mechanism. This allows users to run any program not signed by Apple on an iOS device.
2. The mechanism of jailbreak
Unlike Android, where different versions may have almost the same mechanism in rooting, jailbreaking is done according to each version. The reason for this is because on Android, custom ROM or installing su binary files is that you can have root access, but on iOS this is not very feasible. Running a custom ROM is quite difficult since the secure boot mechanism will restrict this and make the OS installed on it can only be the downgrade of the current version (if it is still signed by Apple). It is not possible to install a su binary file signed by Apple before jailbreaking. To be able to jailbreak, the team must do a lot more complicated work, namely they have to find security holes, use these security holes to be able to conduct jailbreak.
And of course, we are not a researcher, so the easiest way for us to jailbreak our device is to use the built-in tools that the research teams have developed. There are many tools for jailbreaking from many different organizations, the most popular of which are checkra1n, Chimera or unc0ver. We will talk more about these tools later in the article.
3. Benefits of jailbreaking
Basically, the jailbreak will allow users to customize the interface, install 3rd party applications not provided by Apple through the App Store. Some key benefits of jailbreak include:
- Root access to the file system.
- Install and execute programs and applications without sign-by-Apple .
- Debugging and dynamic analysis of an app
- Access to Objective-C or Swift runtime. (iOS apps use these 2 languages as the primary language)
4. Things to keep in mind when deciding to jailbreak
- The jailbreak of new versions will be more and more difficult because Apple is constantly improving the security of its products.
- Downgrade the operating system is very limited because Apple will stop signing the firmware after a certain time.
- Upgrading the operating system will require jailbreaking again. However, this is not always possible.
- Should change the default password of the root account after jailbreak (default is
alpine). - Before installing any software, make sure it is not harmful to your device because these 3rd party software is completely uncensored by Apple.
5. Classification of jailbreak
There are 4 types of jailbreak used:
- Tethered jailbreaks : This is the type of jailbreak that the device will lose jailbreak after reboot. Rebooting the device always requires a connection to the computer device.
- Semi-tethered jailbreaks : With this type of jailbreak, the device will still lose jailbreak after reboot. However, it can automatically start and use non-jailbreak mode without connecting to the computer.
- Semi-untethered jailbreaks : This is a type of jailbreak that allows the device to boot automatically. However, disabling the Code Signing mechanism will not be applied automatically, but users will need to access an application or a website.
- Untethered jailbreaks : This is the most common type when users only need to jailbreak once and do not need to do anything else even when rebooting the device.
6. Tools for jailbreak
Jailbreaking is a very complex and difficult job. However, thanks to the jailbreak team for providing us with the tools to make jailbreaking easy and straightforward. These tools can be found on the team homepage. However, we can access Can I Jailbreak where there will be the latest updates for jailbreak tools of many organizations such as checkra1n, unc0ver, Chimera, …
II. Proceed to Semi-tethered jailbreak with checkra1n 0.10.1 beta
Currently on the Can I Jailbreak page, the latest version of checkra1n is the 0.10.1 checkra1n beta that supports versions from iOS 12.3 to 13.4.1.
First, download the software at the download page. Here I proceed to download the version for macOS. Currently, this version only supports macOS and Linux.
After downloading, run the installation file and launch the application. Then go to Settings> Security and Privacy and select Open Anyway to allow running checkra1n on macOS. The interface of iOS will look like this:
It is possible to start, but to ensure there are no errors and know if there is an error during jailbreak, you should go to option and turn on Safe mode and verbose.
Return to the original screen and select start. There will be a few instructions from the release team. Select next to continue.
The device will enter recovery mode and you will see the instructions of checkra1n to jailbreak.
Select start and follow the instructions. The rest let checkra1n worry.
After successful jailbreak, on the device there will be more applications as Cydia and checkra1n.
So the jailbreak process is complete.
Note: The above jailbreak is conducted in the form of semi-tethered jailbreak. If the device restarts, it will use non-jailbreak mode. You must jailbreak the device again following the steps above after reboot.