Current location - Quotes Website - Personality signature - IOS jailbreak principle
IOS jailbreak principle
Regarding Prison Break, with the release of 5.0, there are many questions from Feng You. Some questions can't be whiter, and the old birds probably don't care. But who is not a little white man? I want to explain some basic problems, so that the little whites can reduce some confusion, and the old birds are also welcome to pat more bricks.

Why did you run away?

Users can't fully access files on Apple devices. Users will not be able to install plug-ins, input methods and apps at will, which is Apple's consideration based on security and interests.

So jailbreaking is to gain complete control of the device and the highest management authority of all files.

It is legal to jailbreak Apple devices in the United States, because the user is admitted to have full ownership of the devices.

Jailbreak does not mean pirated installation of the APP. I often see such remarks as "What's the point of jailbreaking? A few hundred dollars is enough to buy genuine software. "I am speechless. For example, I changed "China Unicom" to "China Unicom" on my mobile phone (my mobile phone), which is my right. I don't have to do it, but Apple won't let me do it, which will damage my rights. I want to escape! It is illegal to install pirated apps after you escape from prison, which damages the rights and interests of developers!

"Those who violate the law will be investigated"! Believe it or not, I don't believe it anyway.

How to achieve prison break?

Breaking out of prison requires digging a hole in the ground, that is, finding a so-called loophole to take advantage of it. Take advantage of the vulnerability to gain the control of the equipment, and then obtain the full management right of the equipment's documents through the operation of lifting the permission. Getting full management rights of documents is a successful jailbreak. You've left the prison. But for ordinary users, the equipment can't be used at this time. We must install CYDIA (thanks to Saurik's work) and some basic plug-ins to ensure our use (you must have a new or legal identity to lead a normal life when you escape from prison).

Vulnerabilities and jailbreak.

There are two kinds of vulnerabilities that can be exploited in jailbreak, userland and bootrom.

Userland vulnerability refers to the vulnerability in IOS, such as JailbreakMe.com jailbreak in 4.33, which uses a PDF vulnerability to complete jailbreak. The characteristics of this prison break:

First, it is implemented after the equipment is started.

The second is for all devices using this IOS (so that IPAD2 can escape from prison).

Third, it is generally impossible to "imperfect escape".

This kind of jailbreak is not easy to realize, because to find a suitable vulnerability, to remove the operating authority, and to arrange the installation of CYDIA and the location of system files. On the other hand, it is very easy to be blocked, and upgrading IOS can permanently block this vulnerability.

Bootrom vulnerabilities are caused by errors in hardware. At present, most bugs such as green poison, green rain and red snow use A4 processor to finish jailbreaking. The characteristics of this prison break:

First, the equipment needs to enter DFU mode before it can be implemented (the full name of DFU is Development FirmwareUpgrade).

The second is for all devices using this firmware (such as A4 processors).

Third, there will be an "imperfect prison break".

Because IPAD2 and IPHONE4S use A5 processors, the tools that exploit Bootrom vulnerabilities will definitely not support both (IPHONG4, IPAD 1, ITOUCH4) and (ipad2, IPHONE4S). The iFaith tool does not support IPAD2, and neither does it.

Why is Prison Break "imperfect"?

Perfect jailbreak means that your device can be started without obstacles (no computer boot is needed)

Perfect jailbreak doesn't mean that all kinds of plug-ins and apps run without problems after jailbreak. This compatibility problem has nothing to do with jailbreaking. (Interestingly, after the release of IOS5, many former friends said that XX software flashback was a BUG of IOS5! This is because the APP does not support IOS5, just wait for the APP to update).

The characteristics of Bootrom vulnerability make jailbreak irresistible. When the user buys the IPHONE4, the A4 processor inside will remain unchanged, and that BUG will always exist, regardless of IOS. So no matter what version of IOS Apple produces, jailbreaking is certain. It's no longer shocking news that IOS5bate released Prison Break the next day (I apologize to the great gods, and I didn't mean to belittle you. )

Why is it not perfect? The reason why jailbreak uses DFU mode is because the startup of the device is controlled by the computer at this time, and the device will be allowed to read certain codes from the computer (the device is ready to upgrade the system firmware). Jailbreak uses a mechanism to let devices read specific codes, and takes advantage of the Bootrom vulnerability to gain full management rights of device files. At the same time, write CYDIA and some basic plug-ins into the system. Okay, escaped from prison.

However, Apple programmers are not idle. Of course, every time the equipment is turned on, it should be self-checked, one of the purposes is to prevent files from being tampered with. It is found that the tampered file is repaired, and the irreparable blow (white apple), white apple, the user wants to restore the system is actually using the user to repair the file.

The Tao is one foot high and the magic is ten feet high. The great god who escaped will start the equipment again and continue to use it.

The above is the so-called imperfect prison break.

Therefore, the jailbreak of Userland vulnerability can't be imperfect, because the great god of Userland vulnerability jailbreak can't use DFU mode to write code to terminate the IOS startup self-check unless it is arranged once (Bootrom vulnerability jailbreak can be done directly if possible). So Userland vulnerability jailbreak is rare.

The gap between perfect jailbreak and imperfect jailbreak is huge. In the imperfect jailbreak, the vulnerability remains unchanged, the overflow code remains unchanged, and the file framework of the Apple device remains unchanged. Just make a small adjustment to the new system and pack it. Of course, finding the leaked exploitable overflow code for the first time is another matter. To achieve a perfect jailbreak, we need to reinterpret the self-checking mechanism of IOS and crack it. This work has to be repeated every time, which is also the core of the contest between Great God and Apple programmers. It is not easy to make the IOS self-check turn a blind eye to the modified file, so it takes time! Because of this, almost all versions of IOS have imperfect jailbreaks, but not all versions have perfect jailbreaks.

If the workload of imperfect jailbreak is 1, I think the workload of perfect jailbreak is not less than 10. (referring to the existing A4 processor) Since the great gods handed over the 60-point answer sheet with 1 share of energy, do they need to spend another 9 shares of energy to answer 100?

What I'm trying to say is.

Some people say that there must be a bug in the system, and jailbreaking will be realized.

This is a fearless optimism. Anyone who has studied statistics knows that if I buy lottery tickets every issue, I will definitely win the first prize, but not necessarily in my life. Bugs definitely exist, and it's hard to say whether they can be found or used to escape from prison. If it weren't for some arguments that "Apple deliberately reserved (leaked) bugs for the jailbreak god", perhaps one day the new device could not be jailbroken.

The jailbreak prospects of IPAD2 and IPHONE4S are not optimistic. At present, there is no exact information that A5 has a Bootrom vulnerability that can be used to escape from prison.

For those frontier friends who are waiting for IPAD2 and IPHONE4S to escape from prison every day, you have to wait for a long, long time. Although A4 processor jailbreak is perfect, just call every day, which has nothing to do with you. You chose high-performance equipment and gave up A4 series equipment that can always escape from prison. There are gains and losses.

The perfect jailbreak will not be released within a few days of the release of IOS. I think one month is an acceptable time.

If there are many or serious bugs in a new IOS, Apple will launch a new version soon, and it is not cost-effective to make a perfect jailbreak. IOS5, for example, has gone through several beta versions, which is a big upgrade, and there will be a perfect jailbreak, but certainly not recently. Some questions will interfere with the test of the perfect escape. Users keep reporting compatibility problems after jailbreaking. In fact, the APP does not support the new version of IOS, so the great gods will be very uncomfortable. Why not wait until most apps are updated?