In the world of iPhone jailbreak and unlocking, two terms that often come up are tethered and untethered. While experienced users are already pretty familiar with what this means, it often boggles down novice users who are new to the jailbreak frontline. In this article we’ll explore what these term mean, why some jailbreaks are tethered, what are the advantages and disadvantages, and what is the current status of iOS devices when it comes to jailbreaking.
WHAT IS TETHERED JAILBREAK?
Tethered literally means ‘attached’, and this is exactly what these kinds of jailbreaks are. In definition terms, a tethered jailbreak is one in which a jailbroken device cannot reboot (not from standby, but from complete power off) unless it is attached to a computer. Such a device, if powered off, will go into recovery mode (or recovery loop) infinitely when rebooted unless it is attached to a computer and the same program that was used for jailbreak, will bypass the Apple logo and boot the device again.
The first tethered jailbreak was GeoHot’s blackra1n, the first of its kind that could jailbreak iOS 3.1.2.
This requires a little in-depth explanation, and an understanding of how jailbreaking works. Apple’s iOS is a brilliant structure constructed in layers, with iBoot being the lowermost layer in the chain of trust. Every iDevice runs with a processor chip, which is governed by the iBoot code, the same code that initiates the boot sequence. iBoot itself has a signature check built-in which, at the time of boot, verifies that the software installed on the device is genuine, non-modified Apple programming. In the entire iOS structure, there is a signature check at every level, enabling Apple to ensure that only their signed (or approved) software can be run on any iDevice.
A jailbreak software uses a loophole in Apple’s signature checking process and injects a certain code that allows unsigned software to be loaded, bypassing the check and balance sequence. While these exploits may exist at any level, the best scenario would be finding an exploit in iBoot, so that the signature check fails right from the booting sequence. The biggest advantage of a bootrom exploit is that it cannot be closed with a new software release – bootrom can only be modified with a hardware revision.
Such an exploit was discovered prior to iOS 3’s release, codenamed 24kpwn, which allowed the jailbreak software to inject 24kb of modified code into iBoot, and iBoot would consider that perfectly normal. This particular string of ‘injected’ code would bypass the signature check and everything thereon became a breeze.
Apple was quick on the uptake, and at that time the new line of iPhone 3G and iPhone 3GS contained a patched iBoot, rendering existing jailbreaks useless. When GeoHot released his blackra1n tool, he managed to find a way to bypass iBoot’s security check, but only if the device was connected to a PC and the jailbreak software actually communicating with the device. Hence the first tethered jailbreak was born.
As of today, there have been a few tethered jailbreaks – QuickPwn, purplera1n, blackra1n, and sn0wbreeze 2.0, which jailbreaks iOS 4.1 on devices older than iPhone 4 and iPod Touch 4G.
IS TETHERED JAILBREAK GOOD?
On the whole, no. A tethered jailbreak means every time there is a need to reboot your device, you’ll lose jailbreak. What’s worse, not only will you lose jailbreak, your device will not boot either. Consider yourself to be traveling, and your phone’s battery runs out – now you’re practically left with an expensive paperweight unless you can find a PC with the right jailbreak tool available. So, tethered is not good.
It is worth mentioning here that in case of a tethered jailbreak, even though you cannot boot your device without a PC, that doesn’t mean you’ll lose your apps or customizations. The only reason a tethered jailbreak requires the assistance of a computer is because iBoot cannot pass the installed OS as genuine; it reads it as a modified (unsigned) one. The tool in your PC overrides iBoot itself, and so, the OS remains as it was before, but you get the device booted.
WORKAROUND FOR TETHERED JAILBREAK
When GeoHot’s blackra1n tethered jailbreak was the only solution for devices running iOS 3.1.2, an interesting device with the name of iDongle surfaced that connected to the iDevice’s dock and rebooted a tethered-jailbreak device preserving the jailbreak. The device worked only with iOS 3.1, 3.1.1, and 3.1.2, although a USB-based upgrade was possible.
SO WHAT IS UNTETHERED JAILBREAK?
Pretty much everything other than the four tools I mentioned above. Technically, an untethered jailbreak is one in which your device stays jailbroken even after a full reboot, and iBoot is bypassed normally. Examples of such jailbreaks are numerous, ranging from redsn0w to greenpois0n and beyond, which all jailbreak the device permanently without need of support from any other medium. Generally, these jailbreak tools use such an exploit that bypasses the iBoot sequence on its own, hence eliminating the need to connect with a computer.