iOS 4.0 Types of exploits

Discussion in 'iOS Jailbreak & Cydia' started by palz, Aug 26, 2010.

  1. palz

    palz Member

    Joined:
    Mar 11, 2010
    Messages:
    207
    Likes Received:
    0
    Device:
    4G iPod touch
    Hello all. This tutorial will explain the difference between jailbreak exploit methods. They are:

    Userland Exploits
    • These exploits provide filesystem access only.
    • A userland exploit is one found in the system itself. It uses a hole to get root, modify fstab and patch the kernel.
    • Examples: Spirit, JailbreakMe, and JailbreakMe 2.0 "star"
    • This kind of exploit cannot be tethered because nothing can cause a recovery mode loop.
    • These can be patched by Apple.
    iBoot Exploits
    • These exploits provide filesystem and iBoot access.
    • An iBoot exploit is found in the iDevice's third bootloader, called iBoot (securerom and LLB are 1st and 2nd). It uses a hole in iBoot (like the old cp iboot command or the overflow in purplera1n) to turn off codesign, and runs a program that does all the evil.
    • Examples: blackra1n, purplera1n, iBooty
    • This kind of exploit can be semi-tethered if the device has a new bootrom; the bootrom checks the LLB which checks the iBoot (which is modified), and results in a recovery screen, and you'd have to re-exploit it to get out.
    • These can be patched by Apple.
    Bootrom Exploits
    • These exploits provide filesystem, iBoot, and NOR access (custom boot logos).
    • A bootrom exploit is found in the iDevice's first bootloader, the SecureROM. It uses a hole to disable signature checks, which can be used to load patched NOR firmware, from something like PwnageTool.
    • Examples: redsn0w, sn0wbreeze, pwnagetool, and quickpwn
    • This kind of exploit can be fully-tethered, only if its an LLB exploit (like 24kPwn) that has been blocked (like the ipt2g 2.1 days), requiring you to manually send an exploit to kick out of DFU. If its a DFU exploit (pwnage), it is not.
    • These cannot be patched by Apple.
    What does tethered mean (technically)?
    • It means something is failing the sig check, causing the device to hang in DFU mode (redsn0w lite, for 2.0 JB on ipt2g), or recovery mode (blackra1n, iBooty, for ipt2.5g, ipt3g, and new-bootrom 3G {not iPhone 4 or iPad because there are no tethered exploits for them)
      [*]Semi-tethered means the iBoot is loaded instead of the system, and needs to be exploited.
      [*]Fully-tethered means the LLB sigcheck failed, causing it to kick into DFU. It needs an exploit to get out.


    What does tethered mean (noob definition)?
    • It means you have to use an external tool to assist the device's booting, like blackra1n, rslite or iBooty.
    • Semi-tethered means the device goes to the iTunes logo at boot, and needs a small help to boot.
    • Fully-tethered means the device goes to DFU mode at boot, and needs a large exploit (like arm7-go) to boot.

    Thanks for reading!
  2. Dreaded

    Dreaded New Member

    Joined:
    Jul 9, 2010
    Messages:
    269
    Likes Received:
    0
    Device:
    2G iPod touch
    I believe this guide already talks about exploits, but yours covers them in greater detail. Good guide.
  3. Lux2GS

    Lux2GS Well-Known Member

    Joined:
    Jul 1, 2010
    Messages:
    3,678
    Likes Received:
    138
    Device:
    iPhone 4S (Black)
    Hey nice guide. Should be stickied.
    Make sure you add more examples:
  4. ThatGEEKFreak

    ThatGEEKFreak Active Member

    Joined:
    Dec 20, 2007
    Messages:
    1,324
    Likes Received:
    10
    Device:
    iPad 3
    Helpful, thanks man.
  5. Tkf1

    Tkf1 Community Development Staff Member

    Joined:
    Oct 12, 2009
    Messages:
    17,397
    Likes Received:
    2,488
    Device:
    iPad mini
    Nice guide.
  6. NightRocker

    NightRocker Active Member

    Joined:
    Jul 6, 2010
    Messages:
    3,020
    Likes Received:
    1
    Device:
    Nexus 4
    hey dude did you say jailbreakme twice?? its the same thing right?
    and btw im not such a jailbreaker but i have my idevice jailbroken with jailbreakme. can i still have all of the features the bootrom exploits have?
  7. Lux2GS

    Lux2GS Well-Known Member

    Joined:
    Jul 1, 2010
    Messages:
    3,678
    Likes Received:
    138
    Device:
    iPhone 4S (Black)
    No! Star (What you used) is a Userland Exploit, you can't just make it a Bootrom Exploit.
  8. Tkf1

    Tkf1 Community Development Staff Member

    Joined:
    Oct 12, 2009
    Messages:
    17,397
    Likes Received:
    2,488
    Device:
    iPad mini
    Jailbreakme was introduced in 1.x days.
  9. ThatGEEKFreak

    ThatGEEKFreak Active Member

    Joined:
    Dec 20, 2007
    Messages:
    1,324
    Likes Received:
    10
    Device:
    iPad 3
    That seems like so long ago lol but I was there for it.
  10. NightRocker

    NightRocker Active Member

    Joined:
    Jul 6, 2010
    Messages:
    3,020
    Likes Received:
    1
    Device:
    Nexus 4
    no what i meant was can i jailbreak my ipod touch mc model to redsnow? (or some other type of bootrom exploit) and "duh!" i know i cant just make it into a bootrom exploit u misunderstood me and when i said im not such a jailbreaker i meant that i dont have alot of experience. i never said i dont know stuff about it because i kinda know a lot

Share This Page