Up to Speed

From The Apple Wiki

So, all of this may sound intimidating. Jailbreak, signing, AMFI, unlock, baseband, iBoot, seczone, untethered jailbreak, checkm8 - there are lots of terms to learn, but most of them are defined here on the wiki. The basics:

  • Activation - to bypass the required iTunes signup.
  • Jailbreak - to allow full write and execute privileges on any Apple TV, iPad, iPhone or iPod touch.
  • Unlock - to allow the use of any mobile phone carrier's SIM.

Think of iPhone as a little computer, even though Apple doesn't want you to. It has a processor, RAM, a "hard drive", an operating system, and a cellular modem on the serial port.

Ways to learn about how jailbreaks work

The basic idea here is that there are lots of ways to learn more about jailbreaking, for people of all experience levels and backgrounds. You might want to learn enough to actually find vulnerabilities in iOS (which is a huge undertaking), or you might just enjoy learning a little bit out of curiosity. Go through this list and pick something that looks fun to read!

  • Read fuzzing for some explanation of how that technique has been used on iOS, and read how to reverse for some inspiration.
  • If you want to really get started, learn assembler for ARM processors. Open Security Training has "Introduction to ARM" materials, for example.

Talks, write-ups and analyses

  • Check out this older conversation with saurik, explaining some of the changes performed by a jailbreak (might not be as relevant for later iOS versions).
  • Take a look at the rootless jailbreak write-up by Jake James, which goes through the steps they went through to get a rootless jailbreak up and running on their device.
  • This presentation from Luca Todesco goes through how the checkra1n jailbreak actually jailbreaks the device, from the BootROM level to the kernel.


  • Read iOS Hacker's Handbook, published in May 2012 (2012-05): "The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it."
  • Jonathan Levin posts interesting iOS reverse engineering research. His series of books on "*OS Internals" are a definitive reference. In particular, Volume III deals exclusively with security, insecurity, and dissects every modern jailbreak from evasi0n (6.0) through async_wake (11.1.2) in detail.


  • Read the timeline.
  • If you're serious about learning jailbreak development, check out this 'roadmap' written by Siguza here.