Jailbreak update: a summary of current tools

In times gone by, jailbreaks would come in the form of one tool per firmware range. Whoever got there first would release, and that release would be the standard. As we’ve moved from secret tools to public exploits, developers are free to seize upon vulnerabilities as they become public and try to make a jailbreak out of them, resulting in multiple tools for the same firmware. These tools often have different advantages and limitations, and can become hard to differentiate. In this article, we’ll do our best to summarise the current tools, as well as how they differ from the rest.
iOS 11

iOS 11.2 and above have no jailbreak. For iOS 11.1.2 and below there are a few things on offer, in various stages of readiness.

LiberiOS is an example of a new type of jailbreak, one without a KPP bypass. So-called KPP-less jailbreaks can boast superior stability to ones which use a bypass, but currently suffer from downsides. As they do not bypass KPP they cannot modify areas of the kernel which are checked by KPP. Instead, they modify only safe areas, making them very stable. However, in order to do this and still achieve the effects we want they must constantly run a daemon to inject their changes into the system. The use of this jailbreak daemon is viewed by some as an inelegant solution, and could have reliability or battery life concerns, though this hasn’t been proven. More of an issue is that Cydia Substrate and some of its dependencies are not yet updated to work with this jailbreakd approach. LiberiOS lacks Cydia (Substrate) support for this reason, and may not get it.

It should be noted that future jailbreaks will almost certainly be of this type, as KPP bypasses are hard to come by. The stability offered by this methodology looks to be the way forward, once compatibility with Substrate is ironed out. All iOS 11 jailbreaks are KPP-less. For iOS 10 the field is split, with Meridian being KPP-less, and G0blin (and some older tools) using a bypass.

LiberiOS supports iOS 11.0-11.1.2, on all devices.

Made by CoolStar, Electra uses the same exploit as LiberiOS, though packaged independently. Unlike LiberiOS this tool has made some attempts to resolve the incompatibilities with the Cydia platform. Without a working Cydia Substrate, CoolStar has bundled Substitute instead. This is an open-source Cydia Substrate alternative made by Comex. It has the same functionality as Substrate, but can be freely updated to work with KPP-less jailbreaks. Saurik does not approve of Substitute, nor of a jailbreakd approach, and it remains to be what his own solution will be for KPP-less Substrate support. For more information, see the explanation under LiberiOS.

Electra supports all 64-bit devices on iOS 11.0-11.1.2 and can install tweaks due to Substitute. However, it does not yet bundle Cydia as several of its dependencies like apt and dpkg are not updated for it. All tweaks must be installed manually from the command line, requiring a little more technical expertise than the average Cydia user is used to. Exercise caution if trying things out, though it shouldn’t be too hard to find the information for basic tweaking. Updated versions of apt and dpkg may be available in the next few days, making an Electra revision with Cydia a distinct possibility.

Saurik’s unknown solution
The current status and rate of progress of this project is unknown, though it has been confirmed to be underway. It may lack the addition of the jailbreak daemon, which is required by other KPP-less tools, as Saurik has commented on his perceived inelegance of it as a solution. For more information, see the explanation under LiberiOS. Do not expect any status updates on this project, though once released it will have the advantage of official support for Cydia and Cydia Substrate, without recourse to the command line, and without Substitute.
iOS 10

iOS 10.0-10.2.1 already had jailbreaks, which we have covered in detail before. For iOS 10.3-10.3.3, there are again a couple of tools to choose between.

This tool supports all 64-bit devices on all iOS 10.x firmwares. However, if you are on iOS 10.2.1 or below you’d be better off jailbreaking with existing tools, such as Yalu, extra_recipe, or Saïgon, for the time being. If you’re on iOS 10.3.x, you should consider using G0blin instead of this too, at least for now. The reason for this is that as Meridian is a KPP-less jailbreak it does not yet support Cydia Substrate, making it unsuitable for the average user. For more information about KPP-less, how it differs from traditional tools, and what it means for a jailbreak, see the explanation in the section on LiberiOS.

At the present time, Meridian is recommended for developers only, not advisable for everyday inexpert use. All changes must be made from the command line, any tweaks requiring Substrate will not work, and any problems will likely require a good amount of knowledge to get out of. However, going forward, an updated Substrate could turn this into a powerful jailbreak without the kernel panics caused by solutions with a KPP bypass. Meridian may also be getting a jailbreak daemon and Substitute in short order, bringing it alongside Electra in terms of functionality.

This is a traditional jailbreak tool, of the kind we are used to seeing. It is not KPP-less, instead using a KPP bypass like Yalu, extra_recipe and Saïgon. Consequently, it doesn’t need a jailbreak daemon, nor does it need an updated Cydia Substrate. This is good news for the average user as it already includes Cydia and Substrate, and all your tweaks will work as you expect. For more information on KPP-less, see the section on LiberiOS.

One downside to G0blin is possible instability caused by the KPP bypass, similar to what you may have experienced with Yalu and extra_recipe. Another hitch is that it does not cover every device and firmware, unlike Meridian. G0blin supports only iOS 10.3-10.3.3, and only A7-A9 devices. This means the iPhone 7 (Plus) and newer cannot use this tool. Only iPhone 6s (Plus) and older will ever be compatible. Finally, G0blin currently has a known bug where Touch ID does not function in third-party apps, though this will hopefully be remedied soon.

G0blin is the obvious choice for iOS 10.3.x jailbreaking for now, due to its Substrate support. In the future it will be interesting to see if KPP-less Meridian can exceed it in terms of stability, especially for those with an A10(X) device, which G0blin cannot support.

Sister to LiberiOS, LiberTV supports 11.0-11.1 on the Apple TV and Apple TV 4K. Like the rest of the Apple TV jailbreaking ecosystem, it has no Cydia or Substrate support, making it of limited use to non-developers. SSH and root access are available, allowing for most things to be done via the command line, but it will need some attention from a package installer such as nitoTV to give it broader public appeal. This has been stated to be in the works, though it will have to wait until after nitoTV’s release for tvOS 9-10.

This is a port of G0blin for iOS 10.3.x, and will support tvOS 10.2.2 only. Adapted from the iOS version by nitoTV, it will come bundled with his nitoTV package manager, giving it wider appeal to end users. Upgrades from tvOS 10.2.2 to tvOS 11.0-11.1 may be possible at a later date via futurerestore with saved blobs.

A package manager for tvOS, nitoTV allows for unsigned app installation, tweak installation and removal, and Substrate support. This is an exciting prospect, and brings Apple TV jailbreaking on par with iOS. Support for nitoTV will eventually come to tvOS versions covered by LiberTV (11.0-11.1), but will initially be limited to tvOS 9.0, 9.0.1, 10.0.1, 10.1 and 10.2.2. These are the firmwares jailbroken by the Pangu, LiberTV (tvOS 10 version), and Greeng0blin tools respectively. I am looking forward to finally seeing an ecosystem come to Apple TV jailbreaking, and will be testing it out on release on tvOS 10.2.2. Later, I look forward to tvOS 11 support, once nitoTV has been adapted for the KPP-less tvOS exploit.

The developer of Meridian, PsychoTea, has started preliminary work on a watchOS 3 jailbreak named OverCl0ck. Whilst in very early development, it’ll be interesting to see what is possible on what has been until now a relatively unexplored platform.

Quite the range of tools. Whilst initially daunting, this new approach to jailbreaking with more decentralised contribution seems to be paying dividends. The tools can borrow techniques and expertise from each other, and missing pieces can be replaced, updated, or remade by whoever has the knowhow. On iOS 11, very few hurdles remain to a full jailbreak, whether with Substrate or Substitute. iOS 10 will surely follow, and tvOS is closer to a full release than it has been in years, possibly within a day or two. All in all, it’s worth acquainting yourself with the current offerings, even if you decide to wait it out a little longer for a final release. It won’t be long before a fully user-friendly version of these tools is available.

    Leave Your Comment

    Your email address will not be published.*