JailbreakMe

Last updated
JailbreakMe
Developer(s)
  • 2.0–3.0: comex, Grant Paul (chpwn), Jay Freeman (saurik), MuscleNerd, et al.
  • 4.0: tihmstar
  • TotallyNotSpyware: JakeBlair420 team
Stable release
TotallyNotSpyware / September 7, 2018;6 years ago (2018-09-07)
Operating system iOS
Type iOS jailbreaking
License Freeware
Website jailbreakme.com

JailbreakMe is a series of jailbreaks for Apple's iOS mobile operating system that took advantage of flaws in the Safari browser on the device, [1] providing an immediate one-step jailbreak, unlike more common jailbreaks, such as Blackra1n and redsn0w, that require plugging the device into a computer and running the jailbreaking software from the desktop. JailbreakMe included Cydia, a package management interface that serves as an alternative to the App Store. Although it does not support modern devices, the websites remain available for compatible devices.

Contents

JailbreakMe's first version in 2007 worked on iPhone and iPod Touch firmware 1.1.1, the second version was released in August 2010 for firmware 4.0.1 and earlier, and the third and final version was released in July 2011 for iOS versions 4.3 to 4.3.3 (and was the first jailbreak for the iPad 2). JailbreakMe 3.0 has been used to jailbreak at least two million devices. [2]

Versions

JailbreakMe 1.0 (iOS 1.1.1)

JailbreakMe, released on October 28, 2007, was originally used to jailbreak the iPhone and iPod Touch running the 1.1.1 version of iOS, then named iPhone OS. [3] Using a TIFF exploit against Safari, it installed Installer.app. [4] The vulnerability used in this exploit was patched by Apple in the 1.1.2 firmware.

This tool, also called "AppSnapp", was created by a group of nine developers, and hosted by Conceited Software. [5] The team estimated that 100,000 devices were jailbroken in the first three days of its release, growing past 1 million in the first month. [3] [6]

JailbreakMe 2.0 (iOS 3.1.2–4.0.1)

JailbreakMe 2.0 "Star", released by comex on August 1, 2010, exploited a vulnerability in the FreeType library used while rendering PDF files. This was the first publicly available jailbreak for the iPhone 4, able to jailbreak iOS 3.1.2 through 4.0.1 on the iPhone, iPod Touch, and iPad models then current. [7] This jailbreak was activated by visiting the jailbreakme.com web page on the device's Safari web browser.

The vulnerability used by JailbreakMe 2.0 was patched by Apple in iOS 4.0.2 for iPhone and iPod Touch, and iOS 3.2.2 for iPad. [8]

JailbreakMe 3.0 (iOS 4.3–4.3.3)

JailbreakMe 3.0 "Saffron", released on July 6, 2011, will jailbreak most iOS devices on iOS 4.3-4.3.3 and iPad 2 on 4.3.3. [9] It was the first publicly available jailbreak for iPad 2. JailbreakMe 3.0 exploited a FreeType parser security flaw (similar to JailbreakMe 2.0), using the form of a PDF file rendered by Mobile Safari, which then used a kernel vulnerability to complete the untethered jailbreak. [10] [11] Comex also released a patch for this FreeType flaw, named PDF Patcher 2, which is available as a free package installable via Cydia. [12]

A few days before the initial release, a beta tester leaked JailbreakMe 3.0 to the public. Comex said on Twitter that this put him on a "time limit" to release the final version quickly. [12]

The JailbreakMe website looked similar to downloading an App Store app. It included a blue button indicating "FREE", which changed into a green "INSTALL" button when pressed once, much like an application on the App Store. After tapping "INSTALL", Safari would close, Cydia would load as a new app, and the device would be jailbroken with no reboot necessary.

On July 15, 2011, Apple released iOS 4.3.4 (GSM) and 4.2.9 (CDMA) to patch the flaws used by JailbreakMe. [13]

Comex received a Pwnie Award at the Black Hat Conference in 2011 for "Best Client-Side Bug" for this work. [14]

Comex was hired by Apple as an intern in August of 2011. [15]

JailbreakMe 4.0 (iOS 9.1–9.3.4)

JailbreakMe 4.0, released by tihmstar on December 12, 2017, exploited three serious vulnerabilities (CVE - 2016-4655 ,CVE- 2016-4656 andCVE- 2016-4657), already utilized by the spyware Pegasus. It was mainly based on HomeDepot, a semi-untethered jailbreak released by jk9357. HomeDepot targeted all 32-bit devices between iOS 9.1 and iOS 9.3.4.

The vulnerabilities used by HomeDepot and JailbreakMe 4.0 were patched by Apple in iOS 9.3.5.

The jailbreak was hosted by Corellium founder Chris Wade at jailbreak.me. Whilst technically semi-untethered, the jailbreak could be made fully untethered with the use of tihmstar's UntetherHomeDepot package.

TotallyNotSpyware (iOS 10)

TotallyNotSpyware, created by the JakeBlair420 team, released on September 7, 2018, is a JailbreakMe-style exploit that works on any 64-bit device running iOS 10. As with JailbreakMe 4.0, the web browser is induced to sideload Cydia using a payload, either Meridian or doubleH3lix. It is hosted at totally-not.spyware.lol, and is semi-untethered.

Domain name transfer

On October 7, 2011, Conceited Apps, which had been allowing Comex to use the domain name for hosting, sold the domain name jailbreakme.com to an allegedly "unknown" party. SaurikIT acquired the domain the next day. [16] [17]

Domain redirection

jailbreakme.com would redirect to cydia.saurik.com if an incompatible device was detected.

Later, it redirects to totally-not.spyware.lol

Compatible iOS versions

DeviceiOS versions vulnerable to JailbreakMe
iPhone (1st generation) 1.1.1, 3.1.2 to 3.1.3
iPhone 3G 3.1.2 to 4.0.1
iPhone 3GS 3.1.2 to 4.0.1, 4.3 to 4.3.3
iPhone 4 (GSM)4.0 to 4.0.1, 4.3 to 4.3.3
iPhone 4 (CDMA)4.2.6 to 4.2.8
iPhone 4S and laterNone
iPod Touch (1st generation) 1.1.1, 3.1.2 to 3.1.3
iPod Touch (2nd generation) 3.1.2 to 4.0.1
iPod Touch (3rd generation) 3.1.2 to 4.0.1, 4.3 to 4.3.3
iPod Touch (4th generation) 4.3 to 4.3.3
iPod Touch (5th generation) and laterNone
iPad (1st generation) 3.2 to 3.2.1, 4.3 to 4.3.3
iPad 2 4.3.3
iPad (3rd generation) and later9.1 to 9.3.4
iPad Mini (all models)None

Related Research Articles

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application or user with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

iPod Touch Series of mobile devices by Apple (2007–2022)

The iPod Touch is a discontinued line of iOS-based mobile devices designed and formerly marketed by Apple Inc. with a touchscreen-controlled user interface. As with other iPod models, the iPod Touch can be used as a portable media player and a handheld gaming device, but can also be used as a digital camera, a web browser, for email and messaging. It is nearly identical in design to the iPhone, and can run most iPhone third-party apps from the App Store, but it connects to the Internet only through Wi-Fi and uses no cellular network data, as it lacks a cellular modem.

iOS Mobile operating system by Apple

iOS is a mobile operating system developed by Apple exclusively for its smartphones. It was unveiled in January 2007 for the first-generation iPhone, launched in June 2007. Major versions of iOS are released annually; the current stable version, iOS 18, was released to the public on September 16, 2024.

SpringBoard is the standard application that manages the iPhone's home screen. Other tasks include starting WindowServer, launching and bootstrapping applications, and setting some of the device's settings on startup.

iOS jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by Apple on devices running iOS and iOS-based operating systems. It is typically done through a series of kernel patches. A jailbroken device typically permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.

<span class="mw-page-title-main">Cydia</span> iOS package manager

Cydia is a graphical user interface of APT for iOS. It enables a user to find and install software not authorized by Apple on jailbroken iPhones, iPads and iPod Touch devices. It also refers to the digital distribution platform for software on iOS accessed through Cydia software. Most of the software packages available through Cydia are free of charge, although some require purchasing.

<span class="mw-page-title-main">Installer.app</span> Freeware software installer for the iPhone

Installer.app was a freeware software installer for the iPhone created by Nullriver and later maintained by RipDev, first released in summer 2007 and maintained until summer 2009. Installer allowed users to install third-party applications into the iPhone's Applications directory where native applications are kept. Users could install applications from a variety of sources provided by software developers or directly onto the iPhone without requiring a computer. Users could browse lists of applications inside Installer to find ones they wanted to install. In June 2009, RipDev dropped support for Installer in favor of developing a different package manager and installer named Icy.

blackra1n is a program that jailbreaks versions 3.1, 3.1.1 and 3.1.2 of Apple's operating system for the iPhone and the iPod Touch, known as iOS.

iOS 4 2010 mobile operating system

iOS 4 is the fourth major release of the iOS mobile operating system developed by Apple Inc., being the successor to iPhone OS 3. It was announced at the Apple Special Event on April 8, 2010, and released on June 21, 2010. iOS 4 was the first version branded as "iOS" rather than "iPhone OS", due to the release of the iPad. It was succeeded by iOS 5 on October 12, 2011.

<span class="mw-page-title-main">Jay Freeman</span> American computer scientist

Jay Ryan Freeman is an American businessman and software engineer. He is known for creating the Cydia software application and related software for jailbroken iOS—a modified version of Apple's iOS that allows for the installation and customization of software outside of the regulation imposed by the App Store system.

In computing, a SHSH blob is a digital signature that Apple generates and uses to control the iOS versions that users can install on their iOS devices generally only allowing the newest iOS version to be installable. Apple's public name for this process is System Software Authorization. The term “SHSH blob” is unofficial and based on abbreviations for signed hash and binary large object. An alternative term, ECID SHSH, refers to the device's ECID, a unique identification number embedded in its hardware)

greenpois0n is a name shared by a series of iOS jailbreaking tools developed by Chronic Dev Team that use exploits to remove software restrictions on iPhones, iPads, iPod Touches, and Apple TVs. Greenpois0n's initial release in October 2010 jailbroke iOS 4.1, and its second version in February 2011 jailbroke iOS 4.2.1 as well as iOS 4.2.6 on CDMA iPhones. The second generation of the tool, greenpois0n Absinthe, was developed with iPhone Dev Team members and jailbroke iOS 5.0.1 in January 2012, and a second version jailbroke iOS 5.1.1 in May 2012.

<span class="mw-page-title-main">Evasi0n</span>

evasi0n is a jailbreak program for iOS 6.0-6.1.2, released on 4 February 2013, made by the evad3rs team. An updated version for iOS 7.0-7.0.6, evasi0n7, was released on 22 December 2013. More than seven million copies of evasi0n were downloaded in the first four days after release. It is known for a portable code base and minimal use of arbitrary code execution.

The Pangu Team, is a Chinese programming team in the iOS community that developed the Pangu jailbreaking tools. These are tools that assist users in bypassing device restrictions and enabling root access to the iOS operating system. This permits the user to install applications and customizations typically unavailable through the official iOS App Store.

iOS 9 2015 mobile operating system

iOS 9 is the ninth major release of the iOS mobile operating system developed by Apple Inc., being the successor to iOS 8. It was announced at the company's Worldwide Developers Conference on June 8, 2015, and was released on September 16, 2015. It was succeeded by iOS 10 on September 13, 2016.

PP Jailbreak, also commonly known as PP, PP25 App or PP25 Jailbreak, is a term describing a free Chinese app containing tools capable of jailbreaking iOS 8 devices, except for Apple TV. Eligible products include: iPod Touch, iPhone and iPad. This app was developed by a Chinese iOS hacking community known as PP Assistant. It was first released on January 19, 2015

Pegasus is a spyware developed by the Israeli cyber-arms company NSO Group that is designed to be covertly and remotely installed on mobile phones running iOS and Android. While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists. The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense.

macOS Catalina 16th major version of the macOS operating system

macOS Catalina is the sixteenth major release of macOS, Apple Inc.'s desktop operating system for Macintosh computers. It is the successor to macOS Mojave and was announced at WWDC 2019 on June 3, 2019 and released to the public on October 7, 2019. Catalina is the first version of macOS to support only 64-bit applications and the first to include Activation Lock. It is also the last version of macOS to have the major version number of 10; its successor, Big Sur, released on November 12, 2020, is version 11. In order to increase web compatibility, Safari, Chromium and Firefox have frozen the OS in the user agent running in subsequent releases of macOS at 10.15.7 Catalina.

iPadOS 13 2019 tablet operating system by Apple Inc.

iPadOS 13 is the first major release of the iPadOS mobile operating system developed by Apple Inc. for their iPad line of tablet computers. The successor to iOS 12 on those devices, it was announced at the company's 2019 Worldwide Developers Conference (WWDC) on June 3, 2019, as a derivation from iOS, with a greater emphasis on multitasking and tablet-centric features. It was released on September 24, 2019. It was succeeded by iPadOS 14, released on September 16, 2020.

The iOS mobile operating system developed by Apple has had a wide range of bugs and security issues discovered throughout its lifespan, including security exploits discovered in most versions of the operating system related to the practice of jailbreaking, bypassing the user's lock screen, issues relating to battery drain, crash bugs encountered when sending photos or certain Unicode characters via text messages sent through the Messages application, and general bugs and security issues later fixed in newer versions of the operating system.

References

  1. Bradley, Tony (August 3, 2010). "JailbreakMe Exploits Serious iPhone Security Flaw". Net Work. PCWorld Communications, Inc. Retrieved October 15, 2010.
  2. Greenberg, Andy (August 1, 2011). "Meet Comex, The 19-Year-Old iPhone Uber-Hacker Who Keeps Outsmarting Apple". The Firewall. Forbes. Retrieved August 2, 2011.
  3. 1 2 Krazit, Tom (October 31, 2007). "More than 100,000 iPhone owners break out of jail". CNET. Retrieved August 13, 2024.
  4. Wilson, Ben (October 29, 2007). "One-step method for adding third-party apps to iPhone 1.1.1, iPod Touch debuts". CNET. Archived from the original on March 13, 2012. Retrieved August 25, 2011.
  5. Keizer, Gregg (October 29, 2007). "Hacker Software Can Install Unauthorized Software on iPhones". PCWorld. Archived from the original on September 25, 2011. Retrieved August 25, 2011.
  6. Zdziarski, Jonathan A. (2008). iPhone open application development (1st ed.). Beijing; Sebastopol, CA: O'Reilly. pp. v. ISBN   978-0-596-51855-4. OCLC   192027459.
  7. Hollister, Sean (August 1, 2010). "Official: iPhone 4 jailbreak hits from iPhone Dev Team (updated with video)". Engadget. Retrieved September 11, 2010.
  8. Patel, Nilay (August 11, 2010). "Apple releases iOS 4.0.2 for iPhone and 3.2.2 for iPad, fixes PDF vulnerability". Engadget. Retrieved 2010-09-11.
  9. iPhone Dev Team (July 6, 2011). "jailbreakme times 3". iPhone Dev Team Blog. Archived from the original on July 7, 2011. Retrieved August 2, 2011.
  10. Connolly, P. J. (July 15, 2011). "Apple Fixes Latest iOS Exploit". eWEEK Labs. eWEEK. Retrieved October 23, 2011.
  11. jean (July 18, 2011). "Analysis of the jailbreakme v3 font exploit". Sogeti ESEC Lab. Archived from the original on July 22, 2011. Retrieved October 23, 2011.
  12. 1 2 Schwartz, Mathew J. (July 7, 2011). "Apple iOS Zero-Day PDF Vulnerability Exposed". InformationWeek. Archived from the original on July 10, 2011. Retrieved October 23, 2011.
  13. Mediati, Nick (July 15, 2011). "iOS 4.3.4 Is Out; Fixes JailbreakMe 3.0 Exploit". Geek Tech. PCWorld. Archived from the original on April 13, 2012. Retrieved October 23, 2011.
  14. Schwartz, Mathew J. (August 4, 2011). "Pwnie Award Highlights: Sony Epic Fail And More". InformationWeek. Retrieved August 25, 2011.
  15. Greenberg, Andy (August 26, 2011). "Apple Hacker Extraordinaire Comex Takes An Internship At Apple". Forbes. Retrieved November 2, 2011.
  16. Waisybabu (October 7, 2011). "Jailbreaks.me Is The New URL For iPad 2 Jailbreak; Stay Away From JailbreakMe.com As It May Distribute Malware Under New Ownership". Redmond Pie. Retrieved October 23, 2011.
  17. Waisybabu (October 8, 2011). "JailbreakMe.com Bought Back By Saurik, Community Collectively Heaves Sigh Of Relief". Redmond Pie. Retrieved October 8, 2011.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.