Jailbreaking iPhones: Going, Going, Gone?

It’s time for my latest update on the status of jailbreaking iPhones. In a previous column, posted before iPhone OS 3.0 was released, I explained why I was reluctantly ready to give up on jailbreaking. The situation is now worse. Much worse. Barring some unlikely breakthrough, all iPhone users may be forced to give up on jailbreaking — and rather soon. Many iPhone users already find themselves in this boat.

Jailbreaking, for those unfamiliar with the term, is a way of bypassing Apple’s restrictions on iPhone access. More specifically, jailbreaking (1) gives you access to the iPhone’s Mac OS X system software and (2) allows you to install apps independently from the App Store.

Apple and jailbreak hackers have been playing a cat-and-mouse game ever since the iPhone was first released. Hackers would uncover some “flaw” in the iPhone firmware and exploit it so as to jailbreak the device. With the next update to the iPhone OS, Apple attempted to block the exploit. If the block was successful (and it usually was), hackers worked to find a new exploit (which they typically did within a few days of the OS’s release).

Still, with each new iPhone OS release, Apple has upped the ante to stay in the game. At one time (what I now nostalgically refer to as “the golden age of jailbreaking”), jailbreaking an iPhone was as easy as launching QuickPwn and following its simple prompts. In a few minutes, the job was done. This is surely what led to as many as 10% of iPhone users jailbreaking their phones (according to some reports I read). 

This golden age is over. Probably for good. Apple has won the battle. The jailbreak mouse may not be officially dead yet, but it has been fatally injured.

Before you start writing to tell me how you can still jailbreak your iPhone, allow me to continue…

The crux of the problem lies with the iPhone 3GS. With earlier models, jailbreaking is still feasible. But that’s small comfort. Within the next two or three years, the vast majority of iPhone users will be using an iPhone 3GS or newer model. Unless hackers figure out a way to solve the 3GS dilemma, jailbreaking is effectively over. Here’s the full story:

• If you purchased an iPhone 3GS running iPhone OS 3.0, you had a chance to jailbreak it before iPhone OS 3.1 was released. This was a fairly standard jailbreak. If you did this, congratulations. As long as you don’t upgrade to iPhone OS 3.1 or need to restore your iPhone for any reason, you should be fine. Of course, this means you don’t get the benefits of the new features in iPhone OS 3.1. But that may be okay for now. You may view the trade-off as worth it. But at some point, perhaps when iPhone OS 4.0 comes out, the benefits of updating will outweigh the benefits of jailbreaking. Then it will be game over.

• Okay. I exaggerated a bit. If you purchased an iPhone 3GS prior to the release of iPhone OS 3.1, there is a way both to update to iPhone OS 3.1 and jailbreak the device. However, it requires that you previously obtained your iPhone’s iBEC (also called ECID) and iBSS data. You can find a tutorial for doing this at iclarified.com. This task is not for the non-geeky feint of heart: among other things, it requires interrupting a restore/recovery of your iPhone to perform an esoteric UNIX command in Terminal. But it can be done.

• Or at least it could be done. If you haven’t already obtained the needed data, it’s now too late to do so. As I understand it (and, as always in these matters, my understanding may be faulty), the method in the cited tutorial won’t work anymore. Why? As stated in an article by Jay Freeman (saurik): “Apple decided to strike hard with the new iPhone 3G[S]. Apple decided that every restore of the device would be verified as being valid and safe by Apple itself. Not only does this allow Apple to keep custom firmwares from getting loaded onto the device, but it also allows them to recall existing firmwares by keeping people from restoring to them in the future. To do this, they simply would refuse to ever sign, for example, iPhone OS 3.0 again.”

In other words, the technique won’t work if you’re running iPhone OS 3.1. Period. And if you’re running iPhone OS 3.0, it also won’t work now because — after the release of iPhone OS 3.1 — Apple stopped signing off on the 3.0 OS. The required restore step now fails.

Even if you had the foresight to obtain the needed data beforehand, you still apparently will have to wait awhile before you can jailbreak. The relevant software tools have not yet been updated to work with an iPhone 3GS (at least that’s the latest word from the iPhone Dev-Team folks).

• The bad news keeps coming. If you buy an iPhone 3GS today, it comes with iPhone OS 3.1 pre-installed. This means the door is already shut for any solution that requires that you do something before updating to 3.1. The situation will, of course, be the same for all future iPhone purchases.

• According to Jay Freeman’s article, there is a potential escape hatch here. Even with an iPhone 3GS running 3.1, and even without having previously acquired the ECID data, you may be able to jailbreak your iPhone — by accessing its signature data from a Cydia server. Even better, if this works, your iPhone becomes “registered” at the server and you should be okay to use the server going forward. In theory, this preserves your ability to update a jailbroken iPhone to new OS versions and still retain the jailbreak capability — unless Apple finds a way to defeat this latest exploit.

However, yet again, the procedure for doing all this is far from simple. Even if you do it correctly, you’ll wind up having to deal with error messages, such as  “An unknown error occured (1015).” Only a tiny segment of the iPhone population will likely attempt this. And even if you do make the attempt, it may fail. As Jay Freeman notes: “If you encounter ‘unknown error (3002),’ you probably do not have your ECID SHSH’s for 3.0 ‘on file’ with Cydia. Unfortunately, as Apple is no longer allowing users to sign the 3.0 firmware, it is no longer possible to register your device with Cydia.” In other words, you’re out of luck.

While there may ultimately be a solution that gets around all of these obstacles, in a way that the average iPhone user finds acceptable, I am not holding my breath.

Bottom line. If you own an iPhone 3GS, your options for jailbreaking your iPhone range from slim to none, and slim is on its way out of town.

Note: Apple’s new signing restriction has negative implications even for users who never intend to jailbreak their iPhones. For example, suppose you are still running iPhone OS 3.0 and need to restore your iPhone 3GS. For whatever reason (perhaps to deal with some app compatibility problem), you don’t want to update to OS 3.1 yet. With other iPhone models, you can accomplish this goal by holding down the Option key when clicking the Restore button. An Open dialog appears, allowing you to select the 3.0 firmware file stored on your Mac. This keeps you at 3.0, rather than the default of updating to 3.1. While I cannot yet confirm this with certainty (if I’m wrong here, let me know!), this should no longer work with a 3GS because Apple will not sign off on keeping the OS at 3.0, even for this legitimate purpose. The Option dialogue will appear and a selection is allowed, but the Restore attempt fails.

Note: Apparently, the iPod touch models released this month share the same signature mechanism as in the iPhone 3GS. There was a form of kernel signature check with the prior iPod Touch (2G) models — but it was easier to circumvent than what is used in the the current devices.