Jailbreaking iPhones: Going, Going, Gone?

| Ted Landau's User Friendly View

It’s time for my latest update on the status of jailbreaking iPhones. In a previous column, posted before iPhone OS 3.0 was released, I explained why I was reluctantly ready to give up on jailbreaking. The situation is now worse. Much worse. Barring some unlikely breakthrough, all iPhone users may be forced to give up on jailbreaking — and rather soon. Many iPhone users already find themselves in this boat.

Jailbreaking, for those unfamiliar with the term, is a way of bypassing Apple’s restrictions on iPhone access. More specifically, jailbreaking (1) gives you access to the iPhone’s Mac OS X system software and (2) allows you to install apps independently from the App Store.

Apple and jailbreak hackers have been playing a cat-and-mouse game ever since the iPhone was first released. Hackers would uncover some “flaw” in the iPhone firmware and exploit it so as to jailbreak the device. With the next update to the iPhone OS, Apple attempted to block the exploit. If the block was successful (and it usually was), hackers worked to find a new exploit (which they typically did within a few days of the OS’s release).

Still, with each new iPhone OS release, Apple has upped the ante to stay in the game. At one time (what I now nostalgically refer to as “the golden age of jailbreaking”), jailbreaking an iPhone was as easy as launching QuickPwn and following its simple prompts. In a few minutes, the job was done. This is surely what led to as many as 10% of iPhone users jailbreaking their phones (according to some reports I read). 

This golden age is over. Probably for good. Apple has won the battle. The jailbreak mouse may not be officially dead yet, but it has been fatally injured.

Before you start writing to tell me how you can still jailbreak your iPhone, allow me to continue…

The crux of the problem lies with the iPhone 3GS. With earlier models, jailbreaking is still feasible. But that’s small comfort. Within the next two or three years, the vast majority of iPhone users will be using an iPhone 3GS or newer model. Unless hackers figure out a way to solve the 3GS dilemma, jailbreaking is effectively over. Here’s the full story:

• If you purchased an iPhone 3GS running iPhone OS 3.0, you had a chance to jailbreak it before iPhone OS 3.1 was released. This was a fairly standard jailbreak. If you did this, congratulations. As long as you don’t upgrade to iPhone OS 3.1 or need to restore your iPhone for any reason, you should be fine. Of course, this means you don’t get the benefits of the new features in iPhone OS 3.1. But that may be okay for now. You may view the trade-off as worth it. But at some point, perhaps when iPhone OS 4.0 comes out, the benefits of updating will outweigh the benefits of jailbreaking. Then it will be game over.

• Okay. I exaggerated a bit. If you purchased an iPhone 3GS prior to the release of iPhone OS 3.1, there is a way both to update to iPhone OS 3.1 and jailbreak the device. However, it requires that you previously obtained your iPhone’s iBEC (also called ECID) and iBSS data. You can find a tutorial for doing this at iclarified.com. This task is not for the non-geeky feint of heart: among other things, it requires interrupting a restore/recovery of your iPhone to perform an esoteric UNIX command in Terminal. But it can be done.

• Or at least it could be done. If you haven’t already obtained the needed data, it’s now too late to do so. As I understand it (and, as always in these matters, my understanding may be faulty), the method in the cited tutorial won’t work anymore. Why? As stated in an article by Jay Freeman (saurik): “Apple decided to strike hard with the new iPhone 3G[S]. Apple decided that every restore of the device would be verified as being valid and safe by Apple itself. Not only does this allow Apple to keep custom firmwares from getting loaded onto the device, but it also allows them to recall existing firmwares by keeping people from restoring to them in the future. To do this, they simply would refuse to ever sign, for example, iPhone OS 3.0 again.”

In other words, the technique won’t work if you’re running iPhone OS 3.1. Period. And if you’re running iPhone OS 3.0, it also won’t work now because — after the release of iPhone OS 3.1 — Apple stopped signing off on the 3.0 OS. The required restore step now fails.

Even if you had the foresight to obtain the needed data beforehand, you still apparently will have to wait awhile before you can jailbreak. The relevant software tools have not yet been updated to work with an iPhone 3GS (at least that’s the latest word from the iPhone Dev-Team folks).

• The bad news keeps coming. If you buy an iPhone 3GS today, it comes with iPhone OS 3.1 pre-installed. This means the door is already shut for any solution that requires that you do something before updating to 3.1. The situation will, of course, be the same for all future iPhone purchases.

• According to Jay Freeman’s article, there is a potential escape hatch here. Even with an iPhone 3GS running 3.1, and even without having previously acquired the ECID data, you may be able to jailbreak your iPhone — by accessing its signature data from a Cydia server. Even better, if this works, your iPhone becomes “registered” at the server and you should be okay to use the server going forward. In theory, this preserves your ability to update a jailbroken iPhone to new OS versions and still retain the jailbreak capability — unless Apple finds a way to defeat this latest exploit.

However, yet again, the procedure for doing all this is far from simple. Even if you do it correctly, you’ll wind up having to deal with error messages, such as  “An unknown error occured (1015).” Only a tiny segment of the iPhone population will likely attempt this. And even if you do make the attempt, it may fail. As Jay Freeman notes: “If you encounter ‘unknown error (3002),’ you probably do not have your ECID SHSH’s for 3.0 ‘on file’ with Cydia. Unfortunately, as Apple is no longer allowing users to sign the 3.0 firmware, it is no longer possible to register your device with Cydia.” In other words, you’re out of luck.

While there may ultimately be a solution that gets around all of these obstacles, in a way that the average iPhone user finds acceptable, I am not holding my breath.

Bottom line. If you own an iPhone 3GS, your options for jailbreaking your iPhone range from slim to none, and slim is on its way out of town.

Note: Apple’s new signing restriction has negative implications even for users who never intend to jailbreak their iPhones. For example, suppose you are still running iPhone OS 3.0 and need to restore your iPhone 3GS. For whatever reason (perhaps to deal with some app compatibility problem), you don’t want to update to OS 3.1 yet. With other iPhone models, you can accomplish this goal by holding down the Option key when clicking the Restore button. An Open dialog appears, allowing you to select the 3.0 firmware file stored on your Mac. This keeps you at 3.0, rather than the default of updating to 3.1. While I cannot yet confirm this with certainty (if I’m wrong here, let me know!), this should no longer work with a 3GS because Apple will not sign off on keeping the OS at 3.0, even for this legitimate purpose. The Option dialogue will appear and a selection is allowed, but the Restore attempt fails.

Note: Apparently, the iPod touch models released this month share the same signature mechanism as in the iPhone 3GS. There was a form of kernel signature check with the prior iPod Touch (2G) models — but it was easier to circumvent than what is used in the the current devices.

Comments

scott

this is a joke - we bought the phones, we own the phones, we should be able to customize the phones.  i understand apple (or att or whoever) not wanting us to carrier unlock, but why can’t i jailbreak and use winterboard to theme it?  i find the stock iphone boring looking and like the custom icon, backgrounds, etc.  there are many out there like me and i don’t think the jailbreak community will be going away anytime soon.

computerbandgeek

The whole iPhone project has turned into a world of hurt and monopolistic evils on apple’s part. At first I was really excited about the iPhone because Apple was making strides to put the power of a cell phone in the hands of the consumer (No AT&T logo on the front, no “disabled” features, no annoying flashy animations/ads for more services offered by at$t, etc.)

...and then mms was disabled
...and then the 2G was not “worthy” of mms
...and then google voice was “too confusing” for us “stupid apple users”
...and then the 3GS was “too good” to be downgraded when legit consumers needed to downgrade.

I used to be excited about the fact that the iPhone was turning people to the Mac platform (which, btw, is not plagued by any of the “evils” of the iPhone platform), but consumer sentiment about Apple being an evil monopoly cannot be described as anything but “Rampant” at this point.

deasys

Oh yes. Apple is so evil.

Before Apple introduced the iPhone…

usagenazi

Ted!

It’s not for the faint of heart. Not feint.

Ted Landau

It?s not for the faint of heart. Not feint.

Actually, I checked on this before posting. Several sources said BOTH forms were acceptable.

WSMan

Feint of heart is absolutely incorrect.  The usage of “faint” in “faint of heart” is an adjective meaning “weak” or “lacking strength or vigor” (as in a faint signal, a faint sound). The word “feint” is a verb (or noun) related to fencing, referring to a mock blow or fake move a player uses to get the other player off his guard.  So, “feint of heart” is wrong.  Just look in a basic dictionary.  This is basic SAT English (no offense).  Great article though and I hadn’t even noticed the misspelling until persnickety Mr. Usagenazi pointed it out.  Don’t be so uptight, usagenazi.

rwahrens

Damn, I get so tired of this “Apple is evil” crap.

Folks, if YOU can jailbreak your phone and put whatever you want on it, so can the malware owners.  You are using an open exploit to perform the jailbreak, and Apple is rightly trying to close exploits to keep malware off the phone.

Steve noted the reasons for keeping the iPhone closed from the very beginning, and protecting it from malware, i.e., security, was the #1 reason.

Windows has been criticized by the Mac community for years for not designing Windows as a secure system from the bottom up.

In designing the iPhone, Steve is putting his money where his mouth is.  Good for Apple, I say.

VaughnSC

What WSMan said: ‘Feint’ and ‘Faint’ are not interchangeable, ‘several (unnamed) sources’ notwithstanding.

Paul Dorman

rwahrens, considering that jailbreaking is a process that the user has to initiate, it is not a vector for malware, other than that the user could afterwards potentially install some malware.

After all, you can put anything you want on your Mac, should Steve lock those down, too?

Ted Landau

Feint? and ?Faint? are not interchangeable,

Okay. I concede the point. I don’t want the discussion of this article to get sidelined by my choice of spelling for one word. smile

FWIW, I actually thought about the spelling and went with the apparent wrong choice anyway. Oh well.

rwahrens

wahrens, considering that jailbreaking is a process that the user has to initiate, it is not a vector for malware, other than that the user could afterwards potentially install some malware.

And the point is that a malware agent could ALSO initiate that process, as it is an exploitable vulnerability, and if it could do so without your knowledge, your iPhone is then infected!  Hmm, I wonder how much damage to your wallet and credit could be done by an app designed to call (without your knowledge or permission) a 900 number?  ...especially if it could first cull your credit card number from your phone?

And stop trying to sideline the discussion about the iPhone with false warnings about macs.  That platform is not the one under discussion.  Red herring for sure!

deasys

you can put anything you want on your Mac, should Steve lock those down, too?

You can’t modify Mac OS X, Paul.

Correct me if I’m wrong, but I believe that the jailbreaking/unlocking process involves modification of the iPhone’s operating software.

computerbandgeek

And the point is that a malware agent could ALSO initiate that process, as it is an exploitable vulnerability, and if it could do so without your knowledge, your iPhone is then infected!

That is a lie, the only way to jailbreak involves manually resetting the phone in various ways many times, as well as plugging it into and unplugging it into the computer several times. There is no way in hell it can happen “accidentally” without the user knowing/taking action.

You can?t modify Mac OS X, Paul.

Correct me if I?m wrong, but I believe that the jailbreaking/unlocking process involves modification of the iPhone?s operating software.

Let’s do an activity. Go to the Finder, choose “Macintosh HD” in the sidebar, choose the “System” folder, and start editing any file you so choose. That is called “modifying the OS” last time I checked…

deasys

Let?s do an activity. Go to the Finder, choose ?Macintosh HD? in the sidebar, choose the ?System? folder, and start editing any file you so choose.

Hmm…editing binary objects. Tell you what, computerbandgeek—you go first.

Sheesh…silly.

rwahrens

That is a lie, the only way to jailbreak

I wasn’t referring to jailbreaking as it is practiced per the article, but how that exploit could be used to simply install a piece of malware on the phone.

At some point, I am sure that some good malware writer will figure it out - or would, if Apple didn’t keep raising the bar by closing the vulnerabilities.

Personally, I am glad Apple is doing just that, and we should thank the developers that keep finding and publicizing the exploit who help Apple figure out just where those vulnerabilities are!

Frankly, by your comment about thinking you can edit system files in OS X, I think you need to go back to school.

Paul Dorman

rwahrnes, perhaps you’re not aware, but the underlying OS of Mac OS X is “Darwin,” which is Apple’s open source version of FreeBSD.  So, yes, you can in fact modify your operating system.  Perhaps you should go back to school. smile

I wasn?t referring to jailbreaking as it is practiced per the article, but how that exploit could be used to simply install a piece of malware on the phone.

Oh, well, see, we were talking about the process everyone else refers to as “jailbreaking.”

If you have to manually initiate a procedure and reflash your iPhone from iTunes, it isn’t a potential malware exploit vector… unless maybe one of those clever Russian hackers has come with a virus that takes your phone out of your pocket, plugs it into your computer, and reflashes it.

computerbandgeek

Hmm?editing binary objects. Tell you what, computerbandgeek?you go first.

Sheesh?silly.

Don’t mind if I do! It’s incredibly useful for doing things like running the 64-bit SL Kernel on a Macbook that has been artificially restricted from a great feature.

deasys

Editing the com.apple.Boot.plist xml file isn’t modifying the operating system, computerbandgeek. You know that.

computerbandgeek

No, I’m talking about Boot.efi wink

Log-in to comment