https://lug.mtu.edu/w/index.php?action=history&feed=atom&title=Minutes_2026-04-09 2026-04-16T20:08:29Z Revision history for this page on the wiki MediaWiki 1.39.17 https://lug.mtu.edu/w/index.php?title=Minutes_2026-04-09&diff=8096&oldid=prev 2026-04-09T23:29:03Z

<p>Created page with &quot;Presentation by Simone on iOS Jailbreaking * What is it? ** Remove restrictions ** Root access ** Sideloading apps ** Bypass code signing * Tools ** Cydia (old) ** Sileo ** Checkra1n * iOS Architecture ** Darwin kernel (derived from FreeBSD) ** Enforces code signing ** Apps are sandboxed ** Secure boot chain (iBoot) * How does it work? ** Exploits *** Bootrom exploits like checkra1n and redsn0w, which are usually unpatchable *** Userland exploits through apps or tools,...&quot;</p> <p><b>New page</b></p><div>Presentation by Simone on iOS Jailbreaking<br /> <br /> * What is it?<br /> ** Remove restrictions<br /> ** Root access<br /> ** Sideloading apps<br /> ** Bypass code signing<br /> * Tools<br /> ** Cydia (old)<br /> ** Sileo<br /> ** Checkra1n<br /> * iOS Architecture<br /> ** Darwin kernel (derived from FreeBSD)<br /> ** Enforces code signing<br /> ** Apps are sandboxed<br /> ** Secure boot chain (iBoot)<br /> * How does it work?<br /> ** Exploits<br /> *** Bootrom exploits like checkra1n and redsn0w, which are usually unpatchable<br /> *** Userland exploits through apps or tools, usually get patched very quickly<br /> ** Attempt privilege escalation<br /> ** Patch out kernel protections<br /> *** Caries wildly by iOS version and device<br /> * Types of jailbreaks<br /> ** Untethered<br /> *** Full reboot persistence<br /> *** Died out by iOS 9<br /> ** Semi-untethered<br /> *** No reboot persistence<br /> *** Requires an app to jailbreak each boot<br /> *** Apps must be resigned each week<br /> *** Most common type<br /> ** Semi-tethered<br /> *** Requires a computer to jailbreak each boot<br /> *** Most bootrom exploits are this type<br /> *** Computer tool overrides iOS boot chain<br /> ** Tethered<br /> *** Requires a computer each boot<br /> *** Rare<br /> ** Demo using iOS 10 on an iPhone 5S<br /> *** Using browser exploit called Totally Not Spyware<br /> **** Creates a popup saying the kernel was patched<br /> *** Zebra is the package manager for this jailbreak<br /> *** Reloaded into jailbroken state with theme<br /> *** Hard crashed :(<br /> *** After jailbreaking again, it reloads again and then died immediately.<br /> ** What you can do<br /> *** Install package manager<br /> **** Cydia, Sileo, Zebra<br /> **** Frontends for apt<br /> *** Customization<br /> **** Theming<br /> **** UI modifications<br /> *** Modify app or system behavior<br /> *** SSH server<br /> ** Jailbreaking is dead now<br /> *** Modern iOS is much more secure<br /> **** Signed boot chain<br /> **** Page protection to stop kernel read and write<br /> **** Pointer authentication code<br /> **** Hasn&#039;t been a bootrom exploit in years<br /> *** Can&#039;t downgrade iOS<br /> **** Every iOS version is signed per individual device<br /> **** SHSH blob must be saved to downgrade, but must be saved while still signed by Appled<br /> **** Firmware incompatibilities<br /> *** Apple hired prominent Jailbreak developers<br /> **** Bug bounty programs<br /> *** Apple added some Jailbreak features to stock iOS<br /> **** Dark theme<br /> **** Icon themes<br /> ** Jailbreak compatibility<br /> *** iPhone X and older<br /> **** All versions vulnerable<br /> **** Bootrom and software exploits<br /> **** Devices are no longer supported by Apple<br /> *** Newer devices<br /> **** Userland exploits on iOS 17 and older<br /> **** Generally don&#039;t exist now<br /> ** Risks<br /> *** Security risks<br /> *** Can be unstable<br /> *** Some apps will break<br /> **** Games<br /> **** Banking apps<br /> *** Updating iOS usually patches the exploit<br /> *** Legal grey area<br /> **** Not exactly illegal<br /> **** Violates Apple EULA</div>

Freya