iOS is pretty complicated as-is and jailbreak, even more so. If you are new to the world of iOS jailbreaking, here’s a quick beginner guide to jailbreak that will help you get started within seconds.
Table of Contents
Q. What is jailbreaking?
A. Jailbreaking is a process whereby the restrictions placed on the root filesystem by Apple are removed.
It essentially allows you to customize your iOS device in a way which apple doesn’t want you to, by installing “tweaks” and “themes” that are not available for download on the App Store and never will be.
Q. Is this process legal?
A. Yes, at least right now, in most countries.
Jay Freeman and organizations like the Electronic Frontier Foundation have defended our right to jailbreak in front of the U.S. Copyright Office in the past.
— Yalu Jailbreak (@Yalujb) October 27, 2018
Q. Can I pirate tweaks and apps?
A. Unfortunately, some people associate jailbreaking with piracy, which couldn’t be further from the truth. You can legally purchase jailbreak tweaks from Cydia, just like any other App Store app.
There are, however, certain websites and stores that distribute pirated apps, games, and tweaks.
Q. Can I jailbreak my iOS version?
A. Yes, you can jailbreak almost all versions up till iOS 12.1.2. You can download the iOS 12 jailbreak from this link.
For the sake of this guide, we assume you are on a semi-untethered jailbreak, which is anything higher than iOS 9.3.4 (and 9.2.x and 9.3.x for 64-bit devices).
Q. Will jailbreaking slow down my Apple device?
A. Jailbreak per se does not slow your device down. However, some tweaks may drain the battery or slow your phone.
Typically asking others about tweaks before installing them is not a bad idea.
Q. Can it void my iPhone’s warranty?
A. If you remove your jailbreak before entering the store, Apple cannot refuse you service and your warranty is still valid.
Some people also have had success on a semi-untethered by just hiding all of their jailbreak apps in the second page of a folder and then rebooting their iPhone or iPad.
Q. What is a semi-untethered jailbreak?
A. There are three types of jailbreaks –
- Untethered – When you reboot your phone, your tweaks and themes stay enabled.
- Semi-untethered – When you reboot your phone, your device boots to the stock iOS operating system until you open the jailbreak app and press the “jailbreak” button.
- Tethered – Your phone does not boot unless you plug it into your computer and jailbreak it.
Tethered and fully untethered are so rare nowadays that knowing everything about them is pretty useless.
The last fully untethered jailbreak was on iOS 9.3.4, and the last tethered jailbreak was on iOS 5.1 firmware.
Q. How do I get this jailbreak app on my iPhone, iPad or iPod touch?
A. You can install the jailbreak app using a tool called Cydia Impactor, which is the standard tool for sideloading apps and games on your device.
There are plenty of other unofficial tools as well. However, we don’t recommend using them as they might steal your Apple ID credentials.
All apps signed with a free certificate will remain signed for a week whereas the ones signed with a developer certificate will stay signed for 365 days.
Q. So I have to replug into my computer and re-sign the app once a week?
A. No. A tweak called Reprovision allows you to automatically re-sign the jailbreak app on-device every few days. You must install it from a third-party Cydia repository.
Q. What is Cydia?
A. Cydia is the original package manager for jailbroken Apple devices. It’s basically the App Store for tweaks and themes.
Sileo, an alternative package manager by Coolstar, is growing popularity for its modern interface. Nonetheless, Cydia is still on top right now and continues to enjoy a cult following of dedicated fans.
The creator of Cydia, Jay Freeman aka Saurik, also created the Cydia Substrate.
Q. How do I install Cydia tweaks and themes?
Q. What is Substrate?
A. Substrate is an API (Application Programming Interface) required for tweaks to run.
You can use all types of tweaks, paid or free so long as they are compatible, on iOS 12 and below.
Q. Are Cydia tweaks paid?
A. Yes, most of them are but there are plenty of free ones too.
Cydia tweaks aren’t easy to develop, so many tweaks cost money. Unfortunately, most uniformity is gone from purchasing tweaks, so it varies from tweak to tweak.
Q. What is a third-party repository?
A. Cydia comes with default repositories like BigBoss that have tens of thousands of tweaks.
Private repositories, on the other hand, contain relatively fewer tweaks and are often managed by developers themselves. You can add these in the “Sources” tab of Cydia by clicking “Edit” and then “Add”.
Q. Can I brick my device?
A. Not on a semi-untethered jailbreak. If for some reason you do end up bricking your device, you can always restore to the latest iOS through iTunes.
The worst case scenario is a boot loop and even that is easily fixable in most cases.
Q. What is a respring loop and boot loop?
A. I will try to explain loops as best as I can right now –
- Respring loop – Either you get a pinwheel indefinitely or a black screen on your device’s display. You can easily fix this by hard resetting your device.
- Boot loop – It results in an infinite apple logo, which means your device is trying to boot but it can’t. It’s quite hard to boot loop on a semi-untethered jailbreak. So, you should always try hard resetting your device before trying other fixes.
Q. What is a hard reset?
A. A hard reset is a button combination that powers your phone down no matter what.
- On an iPhone 6s and lower, hold home and power buttons at the same time for at least 10 seconds to hard reset.
- On an iPhone 7 or 7+, hold the volume down button and power button for a few seconds to hard reset.
Q. So I’m out of my Respring Loop, how do I uninstall the broken tweak I installed or revert the changes caused by whatever sent me into a respring loop?
A. Every jailbreak since iOS 11 has come with a “tweaks” toggle in the app. Switch it off and open Cydia to delete the broken tweak.
On other jailbreaks, you can try holding the volume up button whilst jailbreaking or volume up and power at the same time while jailbreaking.
Q. I can’t get the new jailbreak to run on my device, can you help?
A. Keep trying. Lots of jailbreaks use exploits with low success rates.
Most of the newer tools, however, shouldn’t take more than 5-6 tries.
SHSH Blobs, FutureRestore, and Signing
Q. What does signing mean?
A. There are two important types of “signing” –
- App signing
- Firmware signing
These terms are not the same and should not be confused with each other.
When a firmware or iOS version is signed, you can upgrade or downgrade to it freely through iTunes, and save SHSH Blobs.
If an iOS version is signed, it isn’t necessarily the latest version. Often versions stay signed for a few weeks after a newer version gets released.
You only can use the OTA update function if you are going to the latest version. You can check signing status for iOS versions uses TSS Checker on macOS as well as Windows.
When an app is signed, you can open it.
Apple developer accounts allow you to keep an app signed for a full year whereas a free account only gives you a week. When the week/year ends, the app crashes and does not run.
Q. What are SHSH Blobs, boot nonce, SEP, and FutureRestore?
A. To be clear, none of these are necessary to jailbreak. They are for manipulating your iOS version to go either to a newer iOS or the same iOS but with a clean filesystem.
Getting past that, here is my best attempt at explaining these.
SHSH Blob is a file unique to your device which allows updating via FutureRestore at a later date.
You use SHSH Blobs through FutureRestore, but to start FutureRestore you need to set your “nonce”. To do this, you need a jailbreak or root access. Without root access, you can’t use FutureRestore.
To successfully complete a FutureRestore, a signed iOS version must have SEP that is compatible with the version you are restoring. Otherwise, the process fails.
For example, iOS 11.4 SEP is compatible with iOS 11.3 and higher, but not iOS 11.2.6. So, right now, you can FutureRestore to iOS 11.3 but not iOS 11.2.6.
Q. Who develops the jailbreak tools?
A. Back in the day, teams of security researchers and hackers were formed to break Apple’s protection mechanisms.
Beginning with iOS 10, jailbreak teams are no longer as active as they used to be. Currently, most of the exploits out there are developed by Google Project Zero and other hackers.
Developers like Pwn20wnd and Coolstar pick up these iOS exploits and vulnerabilities and use them to develop full-blown jailbreak tools.
Q. How active is the community?
A. Conceptualized in 2008, iOS jailbreaking continues to enjoy huge popularity across the iPhone user base.
As of now, there are hundreds of thousands of jailbroken iPhones, iPads, and iPods running the latest firmware versions.
We have a thriving social community comprising over 25,000 enthusiastic followers.
Q. Where can I discuss or talk to others about jailbreaking?
A. You can talk about jailbreaking and iOS in our comments section, which is accessible at the end of each article.
Also, I recommend joining the official discord server of the jailbreak community if you want to chat with like-minded fellows.