So you guys use a closed source program from 'hackers' to be able to fully use your phone? So you have all the disavantages of paying for something and all the disadvantages of using some keygen binary to use as it was pirated.
and i'm worried about what lies in the binary blob of my phone's boot1 and radio driver....
By the time a patch is publicly released like this, I'm sure Apple will have it decompiled and know what the exploit is within weeks if not days since the actual exploit code won't be much code to analyze (as opposed to digging through all of iOS like the jailbreakers have to do find an exploitable location).
Plus, Apple I'm sure has plenty of software/hardware debuggers they can attach to their own hardware that'd let them know what is happening even if they didn't have the closed/open binary.
(Days matter.) Another issue is that open-sourcing the exploit makes it easier to use for nefarious purposes in the mean time, and it isn't like knowing exactly how the exploit works actually helps end users protect themselves, due to Apple's platform policies. In essence, this is all a really dangerous ethical tightrope to be walked.
The lazy binding is really interesting. There is lots of interesting stuff in the kernel, dyld, and libSystem. I would encourage you to have a look! You can do interesting things like run code before libSystem_init[1]
/var/mobile/Media/Recordings is a folder that you can upload files to from a PC. I would bet that some stage of the jailbreak copies those files to their proper place in the filesystem (places that the PC uploading interface doesn't have permissions to write).
I do agree, though, that visiting a page, pressing a "jailbreak" button and finding Cydia installed and running, was, to use the scientific term, slick.
In the case of JailbreakMe 2.0 (the exploit last year), the makers of the JB actually released a Cydia patch for that exact reason. In that instance, the JB'ed device was in that regard more secure than the stock device.
Because that would require someone to invest time and money in writing malware which will only ever make it on to a handful of devices and will be removed when those devices are updated.
There are a huge number of iphones in circulation.
If the malware had jailbroken privileges would it not be able to disable the update mechanism on the phone?
Apple will want to rapidly patch this either way. They still see it as a large security flaw, even if it needs a physical connection, and they hate jailbreaking.
4.2.1 is still vulnerable to a remote safari exploit, capable of gaining root. There's no way for iPhone 3G users to update past that point. They don't care about security.
Yeah, but there's nothing stopping someone from porting JailbreakMe to 4.2.1 — it already works on 4.2.8 for the Verizon iPhone 4, and the other versions are similar enough. The hardest part would be the CPU (armv6 vs armv7), but it's clearly possible.
To be clear, you're arguing that [Apple doesn't show adequate concern] about (a theoretical) security (risk to a handset that was discontinued 2 years, 8 months ago)?
A proven exploit that is publicly known, on a device that millions of people still browse the web with daily. Just because it is discontinued doesn't mean that it doesn't exist anymore.
Not worth it because the parallel jailbroken world instead of being something full of free and interesting things is poor and full of things that you need to pay for, but, 5 times the average app price on iTunes.
I'm not going to get instabilities and hard to upgrade devices just for SBSettings or alike.
Unfortunately too many people only jailbreak so that they can install software for free.
That said it completely sucks that Apple does not allow me to be in control of what I want to install, including apps downloaded from a web site.
Also, a lot of people install SBSettings just because how freaking lame is the iOS algorithm to understand how bright the screen should be a given light level. Lame.
Please don't lump everyone wanting to JB into the same (laughable, to me) SBSettings or the even more presumptuous pirating use cases. For example, I'm in Canada, and my favourite music service is Grooveshark (Spotify is not available). The only way to get the Grooveshark iOS app is through jailbreaking.
Sure, too many people but definitely not everybody, and I just talk for what I see, that is, the population here in Italy that I can monitor directly (however in Italy there is a strong inclination for software piracy).
I Jailbreak mainly for SSH, VLC, Grooveshark, and being able to write and install my own software that does whatever I want. SBSettings is awesome, though.
I jailbreak only because it was the easiest way to get data and MMS working on my _unlocked_ AT&T iPhone using Straight Talk. It was a choice of spending $5 for TetherMe or spending hours swapping SIMs or editing backup files.
Now that iPhones are more or less officially on Straight Talk (vie Walmart), there might be a better solution.
Awesome! Does anyone know if SMS GV/Phone GV extension is working or not? I tried the tethered jailbreak on the 3GS and it wasn't working then. Only the Phone GV was working but it was slow.
I have an iPhone 5 now and hopefully the day ends early today so I can go home and jailbreak. Can't wait to get NCsettings and Google voice integration!
They aren't updated for iOS 6 yet, but I believe the developer is planning on updating them. You can email him for more information if you like - his email address is listed at the bottom of his website (http://gvexts.appspot.com/).
Your sha for OSX does not match those listed on the site.
Also the size is different:
9.6M evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release (1).dmg
9.2M evasi0n-mac-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.dmg
The Mega link (Mac client) from the official web page:
bd9fe1e58343a5c03295a975697de3e64e65b42c
asiekierka's Mac link:
bd9fe1e58343a5c03295a975697de3e64e65b42c
Both file sizes are the same (9,690,941 bytes, 9.7 MB on disk). Maybe the discrepancy has to do with -a flag for 224, 256, 384, or 512 or something.
I think his mirror is safe. It's the one I used to successfully jailbreak my iPad 3. Now I can SSH into my iPad and change the hosts file for some ad-blocking and installed Flux for "easier on the eyes" nighttime reading.
I don't look forward to Apple's next update which will wipe out my jailbreak, so I don't want to customize things too much. Last time I did a jailbreak for my iPod Touch, it messed up an in-app purchasing mechanism for a game I was testing. After this experience, I dread that jailbreaks will cause unforeseen problems and prefer not having to customize every single little tech option. Still, I performed this jailbreak mostly to get ad-blocking in MobileSafari.
Actually, one snag I have: the iPad time was totally wrong, insisting that it was 8 hours ahead, and the General Settings wouldn't properly automatically update the time. Had to do a lot of fiddling with Location services and Date & Time to fix it.
Jailbreakin' ain't all that it's cracked up to be!
Another glitch: the volume controls don't work correctly. No matter what level your volume is at, if you press the down button just once, the volume will go completely to 0! You have to keep pressing up again to reach the proper level. Quite annoying when the volume is a function used so many times a day. Jailbreaking may allow you to get more features, but it usually brings a whole host of headaches, too. I'll probably just stick with the standard iOS system after the next update.
The last time I jailbroke my devices they slowed to a crawl and crashed frequently. Felt like I had installed Windows on my iOS device. I'd much rather have my walled garden of reliable bliss.
I'll still donate to the cause however. Keep up the fine work gents! :)
That's odd. Which device and which jailbreak was it, if you can remember? From my experience, it was almost certainly a piece of software (e.g. from Cydia) that caused the instability, not the jailbreak itself.
There's a Cydia app called BrowserChanger that lets you change the default browser (so clicking a link in Mail will open Chrome instead of Safari, for example). Is there a similar app that lets you change the default maps application?
The most important part of jb for me is the ability to run an host based firewall, and have per application rules.
I use FirewallIP on iOS 5, I hope it works on iOS 6.
I block hundreds of ad and tracking servers as global policy.
This functionality doesnt exist on android... I've yet to find anything except moxies firmware for the nexus (now MIA) that has this.
Essential things for me: having openSSH running so I can upload files to my device from linux, and installing a custom "hosts" file to get rid of advertising.
Sorry late response... One is WiFi Analyzer. Shows Channel, strength, encryption, ssid. Has a nice little great with signal strength along with min/max/avg. Not sure if you can get it from appstore now as someone else pointed out can get OpenVPN officially there now :)
Also... I'm curious as to why Apple hasn't added a SBSettings / NCSettings type feature as most other smartphones have toggle buttons in the "notification area" which make life a lot easier.
As a sidenote, I'm interested in hearing piracy numbers after this jailbreak. Is piracy still popular, or are people just jailbreaking solely for the mods?
didn't hackulous develop Appsync? That's the only simple method I knew of for transferring pirated apps from iTunes to the iDevice. Which is the main way the non technical users did it. Now that they've called it quits piracy will probably be drastically slowed down until there are new well known alternatives.
I could be totally wrong though, I don't own any iDevices, just basing my knowledge off helping people jailbreak their phones and pods over the past many years (except this last year of course..)
I'm not interesting in pirating apps, I'm interested in either prevention and/or not selecting iOS as a games platform. Nothing has shaken me more than buying an iPad 3 off Craigslist because the dude couldn't jailbreak it to get free apps. (And he definitely did not come across as a technical person.)
The jailbreak community, who overall do very good things for users, are shooting themselves in the foot by not having the Cydia store work properly once you jailbreak --- the store is totally down, servers slammed. They had 6 months to prepare for this? why don't they correct it? people's first impressions (who have never jailbroken before) are that the process is terrible.
Look, I mostly do this because I find it meaningful. It pays miserably, and yet people always act like I'm making tons of money off of it, so a ton of people hate me and I don't even get to self-medicate by staring at a massive pile of cash. I've built a lot of really cool assets, but they (even the Cydia Store) are totally reliant on security flaws in something that is becoming more secure every day, so the work is even futile.
That doesn't mean, however, that I should be expected to perform miracles. I already work nearly every waking hour on things related to jailbreaking: "I'm giving er' all she's got, captain". For the record, by the way, here is what I'm up against today:
The game is also really difficult to predict. In this case, this is unlike any previous jailbreak, because they announced a specific time. I was not expecting them to announce a time: they have never announced a time before. I was not prepared for them to announce a specific time. What normally happens is there is a massive wave over the first few days while people find out about the jailbreak. Today, there were people watching a progress bar for hours until it hit 100%.
Meanwhile, you make it sound like it is really simple to take a payment transaction and licensing system, and just go "oh wow, we are doing over 10x the load? flip the switch boys!"... payment systems just don't work like that: this isn't some stupid web forum where you can play fast and loose with consistency (or even durability) to get more performance.
Also, six months to prepare? Seriously: you think I should spend six months while Cydia is losing money and there are no jailbreaks available--and there may never be a jailbreak available again--sitting around figuring out how to make a payment system scale infinitely so that during a small multi-hour long window it can shine?
Even in jailbreak-land, that is not the most important thing to be doing; one of my big time sinks this last half year was figuring out how to better deal with credit card fraud, for example. Leaving the world of payments, vendors are happier with more backend features, developers are happier with more Substrate improvements, and end users would prefer I make more tweaks or add things to WinterBoard.
This may be one of the most anticipated jailbreaks ever.. I'm not sure, even without announcing a specific time, you wouldn't get hammered. The moment the jailbreak went up, sites like reddit and hackernews would be on it like a flash.
You do great work, don't let the few smaller complainers get to you.
They actually took some steps to try and mitigate this - the version of Cydia that this jailbreak installs is pre-loaded with the catalogs of the main repositories.
The repos are still, of course, slammed. Keep in mind that there's no money in hosting one AFIK. Who's gonna pay for ramping up more servers? Can you even easily do that with Cydia or would it require a lot of hacking on code that mostly works well enough?
I think anyone aware enough to be jailbreaking the first day the jailbreak is out is also aware enough to know that a royal fuckton of other people are also jailbreaking, and that if they can chill out for just a couple more days then they'll be able to load up all their favorite tweaks.
Am I the only one getting a stream of NetDB errors (with the occasional HTTP 500 or 502)? I guess I'll just have to wait until... whatever server it's trying to connect to is up and running. I haven't had a chance to install a single package yet.
Edit: Popping over to r/jailbreak confirms it, I guess it'll be a while before things calm down. I just hope I can get f.lux before I have to go to work.
Confirming this as well... If you see this error, NetDB, Failed to fetch, etc., it is not any problem with your iDevice, Cydia, the jailbreak, or really anything at all. In fact, if you are seeing this right now on 2/4/2013, it most likely means everything is working properly!
The servers that provide the apps, the 'sources', are overloaded with people trying to download. Waiting until the servers are less loaded is the only solution, right now.
It's an untethered jailbreak (allows the device to reboot on its own without using a desktop tool to help it boot), if that's what you mean by permanent. I probably wouldn't call it "permanent" since you can easily remove the jailbreak by restoring the device with iTunes.
I haven't Jailbroke my iPhone for a few years. I did out of curiosity, but updating OS was just too much pain.
Been thinking what are the real benefits of doing that? Why? Is it customizing UI, adding more effects? Or is it just downloading apps outside app store? I think it brought value when we didn't have notification center etc, but still people doing it?
I do it for integration with Google Voice (with Phone GV and SMS GV) so that I can place calls from the built in dialer and send free texts through Messages.
The other thing I use frequently is NCSettings, which is much like SBSettings, but well integrated into notification center. It has a couple of pages you can swipe through, and gives immediate access to toggles for wifi, data, volume, brightness, VPN, location services, and more. http://modmyi.com/info/ncsettings.php
I also use Chrome on my phone, mostly because I use it on my desktop and laptop and like to have access to open tabs from my computers. It's doable without jailbreaking, but being able to set it as the default browser makes it a lot better.
If you work in mobile security, you essentially have to jailbreak the devices you use for testing. Things like being able to edit /etc/hosts are critical, as is being able to decrypt applications for analysis.
For most people it's about customizing iOS: adding extra features to the interface, disabling features you don't like, personalizing how it looks - generally finding ways to improve it so that it works better for you. Instead of just looking at interesting concept designs for new iOS features, you can install them. Here's a long thread from the jailbreaking subreddit where a bunch of people discussed the first packages they planned to install after jailbreaking: http://www.reddit.com/r/jailbreak/comments/17gm4g/since_this... - I think it provides a decent cross-section of some benefits that people get excited about.
Also, if people are interested in technical details about what the jailbreak actually does, this old HN thread with comments from saurik is very informative: http://news.ycombinator.com/item?id=4127801
Generally it is getting less useful but there are till a few tweaks i couldn't live without:
zephyr - task switching via a 2 finger swipe. A great way to switch back and forth between 2 apps
Swipeshiftcaret - move the cursor around by swiping rather than having to hold and then position it, which I always find fiddly. Great to make quick corrections.
AndroidlockXT - unlock my phone via a swipe pattern rather than a number code. Looks much cooler and is quicker I feel.
Sbsettings/ncsettings - easier access to things like wifi and Airplane mode which I use more often than you think
There some other ones like 5 icon dock and double decker switcher which are cool but not really essential. And zeppelin to change my carrier name to any logo I like.
The big one for those of us with an AT&T unlimited data plan is tethering. They had to grandfather our plans in because they sold them to us as unlimited, but they will not offer tethering as they are trying to force all users off of those plans and on to the 5GB plan.
They certainly did on my iPhone 4 (as recently as 6 months ago). I haven't tried it on my iPhone 5, though, because I haven't jailbroken it yet. I guess I'll find out soon enough.
I believe it is becoming less and less useful. To begin with, it was the only way to get any third party apps on iOS devices. Later it became the only way to have custom wallpapers, multitasking, better notifications etc. Obviously all these things have now been added officially, and in most cases the official implementation is more user friendly and more integrated.
There is still increased ability for theming with jailbreaking, and some unapproved apps such as emulators etc. as well as a few general tweaks such as allowing extra apps in the dock or allowing the home screen to be rotated on iPhone, but the benefits are slowly decreasing as iOS gets improved. But there is still benefit to it for some.
It's the same case with rooting Android devices; at a time it was almost essential to address the shortcomings of the OS. Now, it is barely even required for most users, due to the improvements of the OS. (stuff like taking screenshots, making backups of app data, tethering etc. used to require root on Android; now it's all baked right into the OS)
I'd say it's noteworthy though that these features may never have made it to their respective official OSes had they not been so popular with jailbreak/root users, so it's an important part of the OS improvement process in my opinion.
Consider NCSettings. It's slicker than SBSettings and doesn't require activator if you're one of the many who have a thing against activator. It builds itself into the notification centre rather than replacing it with its own.
It worked for me, but now I am getting error "HTTP/1.1 500 Internal Server Error" in cydia
It looks like this also happened to people alot when the jailbreak for iOS 5 first appeared, so I am pretty sure cydia is just getting flooded with traffic from hoards of newly jailbroken users.
Definitely waiting until tonight to jailbreak. Last few times my phone got slightly screwed up when I jailbroke right after it came out, followed by a couple updates/fixes to the jailbreak program the same day.
That's an awfully big assumption that only pirates don't update to the latest and greatest device. Especially when many can't afford to and a smaller community does actually jailbreak to mod their devices. Some I know that went back to iOS from Android were waiting for a jailbreak so they could mod stuff.
I am very afraid of this moment. I know after this jailbreak released, there will be more and more people use illegal applications, and I have to worry about the meals next month. For god sake, hoping they will not release something that could break the IAP.....
Your concern is silly. People pirating applications are likely not going to be willing to pay for those applications in the first place. There is no opportunity cost associated with piracy.
If anything, in my opinion, app piracy just increases the visibility of your app and could potentially win new, legitimate users through word of mouth.
Do you really think that software pirates with jailbroken iPhones that have their phones loaded up with the latest popular apps would not spring the 20 bucks or so in the app store to buy them if it were hard to pirate them? The "no opportunity cost associated with piracy" canard held water in the days where lots of commercial software was reasonably outside the reach of your average individual who wanted to play with it. But saying that little Johnny that's playing Angry Birds for free would not have bought the game for a dollar anyway is, to be frank, complete bullshit.
Not the OP, but the only people I've heard of pirating apps are those for whom $20 is the difference between eating and starving (e.g. students whose phone is paid for by family, but their food and apps are not).
A number of people pirating apps are people who don't have the App Store available in their countries, and some others are children and young teenagers who don't have their own money to buy things online (with parents who aren't interested in helping them buy games).
The worst case is when developers owe license fees for components within apps. Pirates can literally make you pay out $0.xx per pirate... Which kills profits fast.
That's a very misleading article. It's conflating jailbreaking with carrier unlocking, and they're two different things - in iOS community terminology, "jailbreaking" is removing software restrictions so that you have root on your own device, and "unlocking" is about carrier unlocking.
In any case, unofficial carrier unlocking isn't illegal now - it's just in a legal grey area for newer devices. See the EFF's corrections to sensationalized articles like this one: https://www.eff.org/is-it-illegal-to-unlock-a-phone
Incidentally, can anyone comment on whether it's worth it to jailbreak your iPhone these days? Are there any must-have improvements, and do they come at a cost of stability? Is there any public review on security of the jailbreaks/apps, i.e. have they have had backdoors/steal your data? I would have no idea how to identify a "trustworthy" developer from someone random.
You can also override pretty much anything, e.g. turn on tethering without paying extra for data you already paid for etc.
With regard to data stealing / backdoors: It is the same as installing apps on a computer. You lose the walled garden of Apple but this is only the same as any other computer system has been since computers existed.
The only one I can think of is f.lux but that's more useful on an iPad anyway. Most of the other ones are really much more useful on an iPad than an iPhone.
I always wonder, how can you U.S. guys tolerate this stupid carrier lock-in with year-long contracts? When in other parts of the world they are planning or already have laws obliging carriers to provide call forwarding to your new number after you switch away.
People go for long contracts because the carriers will help pay for your phone if you do, and until recently, you got no discount for not signing up for a contract. So, I could pay $600 for my phone and $X/month for service with no contract, or I could pay $200 for my phone and $X/month for service with a two-year contract. If I'm not planning to switch carriers anyway, why not save $400?
This is starting to change, with T-Mobile leading the way toward giving people discounts if they bring their own phones or buy at full price. However, it's been the case for a long time that you could get service with no contract if you were willing to pay what it takes.
A multi-year contract is an option here, not a requirement, and some carriers will cut you a break to bring your own phone. Also, you take your phone number with you when you switch carriers.
My understanding is that we already have number portability (but I've never tried it). As for the carrier lock-in, I believe most people get subsidized phones with a contract requirement, by the time the contract is up people are moving onto their next phone (and/or carrier) anyways. So right now it's not been a mainstream issue.
"I always wonder, how can you U.S. guys tolerate this stupid carrier lock-in with year-long contracts?"
How? Because we have a limited competition between carriers in the US. We "tolerate" because until very recently, there were not unsubisidized plans available (and even still, there are very few being offered.)
It's happening in Europe too, and I don't see the big problem.
It's what makes it economically possible for carriers to offer a subsidized up-front price on the phone. You're free to buy the much more expensive unlocked phone, even in the US, on apple.com, no?
Its completely unnecessary. If you sign up for a 1 year contract, you still have to pay out the rest of the contract, regardless of whether your phone is unlocked or not. The only reasons to lock the phone are to force users to pay roaming charges, and to stop people from switching carriers after the contract has expired.
and i'm worried about what lies in the binary blob of my phone's boot1 and radio driver....