iOS Jailbreaking - Types & Techniques

Jailbreaking is a privilege escalation exploit used to bypass the manufacturer's software constraints. It is usually accomplished by a series of kernel changes.

The three types of jailbreaking are discussed below: 

• Userland Exploit - The Userland Exploit takes advantage of a flaw in the system program. It provides access at the user level but not at the iboot level. There is no way to protect iOS devices against this attack since nothing can induce a recovery mode loop. Firmware upgrades are the only way to fix such flaws.

• iBoot Exploit - If the device has a fresh bootrom, this sort of exploit can be semi-tethered. User-level and iboot-level access are both possible with an iboot jailbreak. To delink the code-signing appliance, this attack makes use of a weakness in iBoot (iDevice's third bootloader). Firmware upgrades can be used to fix such flaws.

• Bootrom Exploit - The Bootrom Exploit exploits a flaw in the SecureROM (iDevice's initial bootloader) to bypass signature checks, allowing patch NOR firmware to be loaded. Firmware upgrades will not be able to fix such flaws. User-level and iboot-level access are both possible with a bootrom jailbreak. This vulnerability can only be fixed by an Apple bootrom hardware upgrade.

Techniques of Jailbreaking:

• Untethered Jailbreaking - The device will start up entirely and the kernel will be patched without the aid of a computer if the user switches it off and on; in other words, the device will be jailbroken after each reboot.

• Semi-tethered Jailbreaking - The gadget will totally startup if the user switches it off and on again. It will no longer have a modified kernel but will continue to work usually. To utilize jailbroken add-ons, the user must first boot up the device using the jailbreaking program.

• Tethered Jailbreaking - If the device boots up on its own, it will no longer have a modified kernel and may become stuck in a halfway initiated state; to start it entirely and with a patched kernel, it must be "re-jailbroken" with a computer (using a jailbreaking tool's "boot tethered" function).

• Semi-untethered Jailbreaking - When the device reboots after this form of jailbreak, the kernel is not fixed. The kernel, on the other hand, may be patched without needing a computer; instead, an app must be installed on the device.

You might be interested in,

• iOS Jailbreaking - Introduction
• iOS Jailbreaking - How to Jailbreak?
• iOS Jailbreaking - Post Jailbreak Tools

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible