All about Jailbreaking: Jailbreaking 101

All about Jailbreaking rect

Jailbreaking has been around for a long time. And we have seen major changes to jailbreaking throughout the years. From basic tethered jailbreaks that force you to plug your phone in every time you jailbreak to untethered jailbreaks where your device boots into jailbroken mode automatically after rebooting it, this community has been spoiled with utilities that allow you to customize your device to your liking.

Legality of Jailbreaking

IMG 0034

I bet you are questioning if jailbreaking is legal. Well in the US it has been given exemptions to the DMCA three times. In 2010 and 2012, the US Copyright Office (UCO) gave specific exemptions for smartphone users to jailbreak their devices. In 2015, the UCO expanded on these exemptions to include tablet devices such as the iPad.

This list will be constantly updated to show you what utilities you can use for your current iOS devices and will be updated if there is a new release for a utility. This will also help you know that you are using the right utility to not cause harm to your device!

Current jailbreaks available

  • iPhone XS series, iPhone 11 series, iPhone SE (Gen. 2) (A12-A13 Bionic Chips)

Index Anchors

#checkra1n

checkra1n iOS 12 14.1 rect

Semi-tethered jailbreak for older devices A7-A11, but it does support all upcoming firmwares for the said devices which includes currently iOS 12.3-13.7. This jailbreak uses the #checkm8 bootROM exploit created by @axi0mX.

As mentioned above this jailbreak is semi-tethered which means you do have to connect to a device (such as a computer) in order to get back into jailbroken mode after rebooting. Currently, it does only support macOS and Linux devices so this means it is not possible to use the Windows OS to jailbreak. But you can partition your device with either macOS (aka a Hackintosh) or a Linux OS (ex. Ubuntu) to jailbreak with the CLI (Command Line Interface aka via Terminal).

This jailbreak also brings out the support for Project Sandcastle, which is an Android port for iPhone. The idea is that you will be able to dual boot iOS and Android OS on your iPhone. Some people see this as a dream come true.

  • Current version: 0.11.0 beta
    •  Last updated on September 21, 2020
      • iOS 12.3 – 12.4.8 for iPhone 5s-iPhone X (A8-A11)
      • iOS 13.0-13.7 for iPhone 6s – iPhone X (A8-A11)
      • iOS 14.0-14.1 for iPhone 6s-iPhone 5s (A8 and A7 only)
    • Download via checkra1n website (macOS only)
    • Download via checkra1n website (Linux x86_64)
    • Download via checkra1n website (Linux ARM)
    • Download via checkra1n website (Linux ARM64)
    • Download via checkra1n website (Linux i486)
  • Odysseyra1n (Originally Chimera1n)
    • Sileo, Procursus bootstrap, and libhooker
    • To install follow these steps:
      • Experimental on checkra1n device
        1. Jailbreak using checkra1n
        2. Install NewTerm from Chariz repo
        3. Install cURL and Z Shell from Bingner repo
        4. Run this script in NewTerm:
          • /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/coolstar/Odyssey-bootstrap/master/procursus-deploy-linux-macos.sh)"
        5. You may have to reboot and rejailbreak with checkra1n for libhooker to work
        6. After the script is finished open Sileo on your iPhone/iPad
        7. Before installing updates, install these three packages from Odyssey repo, BigBoss, and Chariz
        8. Install all updates and install the libhooker package.
        9. Reboot your device WITHOUT clicking the reboot button on Sileo
        10. Then on your device install NewTerm from Chariz repo
        11. Run this to make sure libhooker is running
          • su /etc/rc.d/libhooker
          • The default password will be alpine
        12. Enjoy!
    • Recommended with macOS and Linux computer (Special thanks to Sileo Discord)
      1. If jailbroken you will need to restore rootfs
      2. Jailbreak and DO NOT OPEN THE LOADER that is installed on your device
      3. Make sure your device is still connected via USB
      4. Run these commands in your computer’s terminal
        • macOS
          1. Install Homebrew if you do not already have it:
            • /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)”
          2. Install iProxy
            • brew install usbmuxd
          3. Odyssey install script
            • /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/coolstar/Odyssey-bootstrap/master/procursus-deploy-linux-macos.sh)"
          4. After the script is finished open Sileo on your iPhone/iPad
          5. Before installing updates, install these three packages from Odyssey repo, BigBoss, and Chariz
            • RocketBootstrap
            • PreferenceLoader
            • Cephei
          6. Install all updates and install the libhooker package.
          7. Reboot your device WITHOUT clicking the reboot button on Sileo
          8. Then on your device install NewTerm from Chariz repo
          9. Run this to make sure libhooker is running
            • su /etc/rc.d/libhooker
            • The default password will be alpine
          10. Enjoy!
        • Linux
          1. Install iProxy with Terminal
            • sudo apt install libusbmuxd-tools
          2. Odyssey install script
            • /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/coolstar/Odyssey-bootstrap/master/procursus-deploy-linux-macos.sh)"
          3. After the script is finished open Sileo on your iPhone/iPad
          4. Before installing updates, install these three packages from Odyssey repo, BigBoss repo, and Chariz repo
            • RocketBootstrap
            • PreferenceLoader
            • Cephei
          5. Install all updates and install the libhooker package.
          6. Reboot your device WITHOUT clicking the reboot button on Sileo
          7. Then on your device install NewTerm from Chariz repo
          8. Run this to make sure libhooker is running
            • su /etc/rc.d/libhooker
            • The default password will be alpine
          9. Enjoy!

#checkra1n Official link: https://checkra.in/
Odysseyra1n GitHub link: https://github.com/coolstar/Odyssey-bootstrap
Procursus bootstrap GitHub: https://github.com/ProcursusTeam/Procursus

#unc0ver

unc0ver v5.3.1 rect

This is a semi-untethered jailbreak tool for all devices supporting the firmware the exploit is created for. Currently, for iOS 13.0-13.5 it supports A8X-A13 using a substitute tweak injection method without using a PAC bypass. This is the first jailbreak to not use a PAC bypass for A12 devices.

v5.0.0 uses a 0-day kernel exploit found by @Pwn20wnd himself. A 0-day exploit is an exploit that isn’t released until it is used to achieve something. In this instance, the exploit was not released until the jailbreak was released. This is the first 0-day exploit since iOS 8 in 2014.

As of v4.3.1, it supports a userspace reboot which corrects many bugs presented in A12/A13 substitute tweak injection as well as many other great opportunities for tweak developers. This is the first time a jailbreak has been able to inject tweaks into the userspace as well as reboot it.

The tool was also helped achieve a jailbreak for iOS 12.0-12.4 excluding iOS 12.3.x. This version supported A7-A12 and used various exploits including the SockPuppet exploit. For A7-A11 devices it used Cydia Substrate for tweak injection and for A12 devices it used @Pwn20wnd’s Substitute tweak injection method without a need for a PAC bypass. v3.8.0 also supported iOS 12.4.1 for A12 devices excluding the iPhone XR due to ZecOps Kernel Exploit flaw.

  • Current version: v5.3.1 (iOS 11.0-13.5)
  • Outdated but still stable: v3.8.0 (iOS 12.0-12.4)

Official link: https://unc0ver.dev/

#Odyssey

Odyssey v1.1.2 13.0 13.5 rect

This is a semi-tethered jailbreak tool for all devices that support iOS 13. This includes the iPhone 6s-iPhone 11 series (A8X-A13 bionic chips).

This jailbreak tool is created by Chimera jailbreak developer, CoolStar, and Hayden Seay (aka Diatrus). The application was designed by Aaron. The exploit was created by Tihmstar.

This is the first time CoolStar’s Libhooker and Hayden’s Procursus has been brought to A12 and A13 devices, as well as, a semi-untethered jailbreak. It is, however, featured in the Odyseeyra1n jailbreak tool which uses the checkm8 exploit and checkra1n‘s framework. Libhooker is a Substitute and Substrate alternative. Procursus is a new bootstrap alternative for future jailbreaks.

Odyssey, by default, gives you the famous Sileo package manager made by CoolStar, Alessandro Chiarlitti, Adam Demasi, Kabir Oberai, Conor Byrne, Hayden Seay (aka Diatrus), Skitty, Aaron, and jcks.

Odyssey is currently only in beta prerelease. This means you may experience bugs, crashes, failed jailbreak attempts, and other unattended functions of the jailbreak. As always with every jailbreak (but more for this instance), use at your own risk.

Official link: https://theodyssey.dev/
GitHub link: https://github.com/coolstar/Chimera13

#rootlessJB4

Description eta s0n.

  • Current version vRC.2.1 (iOS 12.0-12.4.8) (A7-A11 devices)

Official link: https://github.com/brandonplank/rootlessJB4

How to install semi-untethered jailbreaks

With Cydia Impactor being nulled with changes to IPA signing by Apple, it has gotten super confusing on how to install IPAs which is how semi-untethered jailbreaks work. There are a few options that we have though as time has gone on.

Install via a Computer

AltStore (iOS 12.2-iOS 14.0.1)

macOS (Requires at least macOS 10.14.4)
  • Current version: v1.4 (macOS Big Sur compatible)
    • Download ZIP (.app) via BlackBlaze [Official Download]
    • last updated on October 5, 2020
    • Instructions (special thanks to the unc0ver team):
      1. Download AltStore. Use the link for your operating system.
      2. Unzip and move AltStore to your Applications folder.
      3. Launch the AltStore application.
      4. Click on the AltStore icon in the Menu Bar, and then click on the Install Mail Plug-in option.
      5. Open the Mail app, and click on Mail->Preferences in the menu bar.
      6. Open the General tab in mail preferences, click Manage Plug-ins, check AltPlugin, and apply and restart Mail.
      7. Connect your iOS device via USB. Click AltStore in the menu bar, then go to Install AltStore->(Your iOS Device)
      8. Login with your Apple ID when prompted and click install.
      9. On your iOS device, open Settings -> General -> Device Management and tap on your Apple ID.
      10. Trust AltStore.
      11. Download the wanted jailbreak utility IPA file on your iOS device.
      12. Open the IPA file you downloaded in AltStore with the sharesheet.
      13. If prompted, sign into the same Apple ID you used before.
      14. AltStore will now install the app. Wait until it finishes.
      15. On your iOS device, open Settings -> General -> Device Management and tap on your Apple ID and trust it.
      16. Done! You can now use the app.
Windows (Windows 10 ONLY)
  • Current version: v1.3.5
  • last updated on July 15, 2020
  • Download ZIP (.exe) via BlackBlaze [Official Download]
  • iTunes is needed
    • Current version: v12.10.7.3
    • Last updated: May 21, 2020
    • Download 64 Bit via Apple
    • Download 32 Bit via Apple
    • Cannot use the Universal Windows Platform (UWP) on the Microsoft Store
  • Instructions (special thanks to the unc0ver team)
    1. Plug your iOS device into the computer
    2. Unzip AltSever.zip by right-clicking and selection Extract all
    3. Double click the Setup.exe to install and follow instructions
    4. Open the app if it is not already open by searching for it (AltServer)
    5. Click the arrow icon near the network icon in the taskbar. This will bring up a menu with multiple icons. Look for a diamond-shaped logo that says AltServer when mousing over it. Click on it.
    6. From the option brought up, hover over Install AltStore, and select your iOS device.
    7. Enter your Apple ID and Apple ID password (not in-app passwords) when prompted.
    8. On your iOS device, open Settings -> General -> Device Management and tap on your Apple ID.
    9. Trust AltStore.
    10. Download the wanted jailbreak utility IPA file on your iOS device.
    11. Open the IPA file you downloaded in AltStore with the sharesheet.
    12. If prompted, sign into the same Apple ID you used before.
    13. AltStore will now install the app. Wait until it finishes.
    14. On your iOS device, open Settings -> General -> Device Management and tap on your Apple ID and trust it.
    15. Done! You can now use the app.

Install OTA with no computer (may not always be signed)

Package Managers

Cydia

This package manager is one of the first package managers for jailbroken devices and was an alternative to the first Installer.app. Cydia was first released in 2008. It allowed the user to install packages using APT (Advanced Packaging Tool) and it added a GUI for the end-user.

Now it seems it has been stuck in the stone age after the original developer, Jay Freeman (Saurik), left the jailbreak scene in 2019 and Sam Bingner took over. It is slower and less updated than the other package managers that will be mentioned below but users tend to like it because of the original feel to it.

It lays the groundwork for many jailbreak utilities including #checkra1n and #unc0ver. You cannot install it on any Chimera jailbreak.

  • Pros
    • Semi-Stable
    • Original jailbreak feel
  • Cons
    • Slow source updates
    • Slow package installations
    • UI is outdated and cluttered
    • Some of the UI is unnecessary

Sileo

CoolStar, the head developer behind the Sileo package manager, Electra, Chimera, and other jailbreak tools, came along and decided it was time to update the APT (Advanced Packaging Tool) and create a whole new feel to the jailbreaking experience that it is hard to find a con about this package manager. This package manager was created in December 2018.

Currently it is only stable on Chimera, Odysseyra1n, and Odyssey jailbreaks.

  • Pros
    • Uses new and update APT
    • Faster than most package managers
    • The UI feels updated and sleek
    • The package manager is starting to be added to other jailbreak tools
  • Cons
    • Some features such as multiple repos adding are hard to find
    • The UI isn’t as customizable as other package managers below
    • Sileo is not fully compatible on all Jailbreaks

Zebra

Zebra is by far my favorite package manager. It has an updated and customizable GUI while also speeding up the process of Cydia’s APT on unc0ver and checkra1n jailbreaks. It even gives you a wishlist and other features that make jailbreaking even more user friendly.

  • Pros
    • Can be used with any jailbreak utility
    • Semi-fast
    • UI is customizable
    • Open Source
    • Still have close to the original feel of a jailbreak package manager
  • Cons
    • Isn’t as fast as other package managers
    • Has bugs that need ironed out

Installer

Last but not least, Installer. Installer was technically the first package manager ever created. But it has grown up a lot since then. It is being created by the AppTapp team. It’s not only fast, it has elegant design and App Store inspired GUI make it a great to use package manager.

  • Pros
    • Can be used with any jailbreak utility
    • Fast and furious
    • GUI is customizable
    • Apple App Store feel
  • Negatives
    • Loss of jailbreak feel
    • Can be buggy
    • Missing key features

Tweaks and Themes

eta s0n

SHSH Blobs

If you have been anywhere near the jailbreak community, I am sure you have heard of the term “SHSH Blob”. Well what is an SHSH Blob? It is basically an encryption key that allows you to update to the firmware it is signed for. This key is also unique to each device.

With newer devices (A12+, aka iPhone XS series and up), you have what is called an entangled nonce which you have to have a jailbreak on that device in order to get the valid generator/nonce pair for saving blobs. So this means that you have to jailbreak your device in order to be able to start saving Blobs for that device. For older devices (A11 and below), you can actually save Blobs. You can just save blobs without a jailbreak.

You can use SHSH to fake sign IPSW to restore to various versions of iOS. But do keep in mind the SEP (Secure Enclave Processor) has to be compatible with the firmware you currently are on. SEP is a part of the A7+ Bionic Chips that keeps Touch ID, Face ID, and other data protections.

  • blobsaver
    • Current version: v2.5.4
    • Last updated: September 19, 2020
    • Downloads: macOS (Not Big Sur compatible), Linux, and Windows
    • Steps:
      1. Open Finder or Windows Explorer
      2. Find a place to create a folder called “SHSH Blobs”
      3. Download blobsaver from links above
      4. Install blobsaver on your computer
      5. Open blobsaver
      6. Plug in your device via USB
      7. Make sure your computer is trusted by your computer and device
      8. Next to ECID click read from the device
      9. Find which device you are saving blobs for under identifier
      10. Click “Read from device” for apnonce
        • For A12+ you MUST BE jailbroken to find the nonce
          • If you are jailbroken and you have it, I would save it in a note so you can use it later.
      11. Open Finder and go to Documents
      12. Click “Go”
      13. Enjoy saved SHSH Blobs

Glossary

  • Semi-Tethered
    • A jailbreak that will not boot back into jailbroken mode without hooking up your device via USB to the jailbreak utility but you can still boot back into stock mode. 
    • Examples: checkra1n, Odysseyra1n
  • Semi-Untethered
    • A jailbreak that will boot back into jailbroken mode with an application installed onto your device. 
    • Examples: unc0ver, Odyssey, RootlessJB
  • Untethered
    • A jailbreak that does not need any kind of utility or application to reboot back into jailbroken mode.
    • Examples: Pangu (iOS 9.1), JailbreakMe (iOS 3.1.2)
  • Tethered
    • A jailbreak that will not boot back into jailbroken mode without hooking up your device via USB to the jailbreak utility and you cannot boot your device at all including stock mode. 
    • Example: redsn0w (iOS 4.2.1)
  • More s0n

This page will be constantly be updated to show the most up to date jailbreak utilities, package managers, and other jailbreak software. To stay up to date, follow us on Twitter!

Jailbreaking opens the option for features that Apple does not attend to be on your device. But this could mean a security risk for your device. Do not under any circumstance install something that seems suspicious or illegal. Apple Terminal recommends that you jailbreak at your own risk, and we do not support anything that is illegal.