IPhone jailbreak story: from a time of intense fire to death

The story below is told by the people who participated in the jailbreaking of the iPhone from the day the phone started to appear on the market. That's an interesting story about hardware crackdowns so that the iPhone runs other AT&T networks, about how jailbreaking people become a very simple game simply by accessing the web JailbreakMe. , or the fact that a key member of the iPhone jailbreak group is a senior engineer in Apple. The story is a bit long, but every brother who once had a bloody night to jailbreak, those who have been trying to make the iPhone run in Vietnam should read through to recall a happy and exciting time interesting and broke when a new version of JB was released.

Should read before starting:

1. The article is an excerpt of the book The One Device: The Secret History of the iPhone written by author Brian Merchant.
2. In the article with many sections summarized and not translated raw, the full excerpt can be viewed here.
3. The lesson is long, but worth it, you can read it patiently, you can get a cup of tea or lie on the bed to read it

Jailbreak - a time of fire

It was a gloomy day in Bassano del Grappa - a town located in Eastern North Italy known for its Grappa imported wines. I was sitting on a single bed, the only place I could sit in this house. On my left is a bookshelf filled with stories about Mickey Mouse, a childhood mark of any Italian-born child. In front of me, sitting on a racing model chair, was Luca Todesco, a 19-year-old boy named the world's best iPhone hacker. He is also known for his nickname qwertyoruiop.

I gave him a brand new iPhone 7 and asked: " Can you jailbreak it?". Todesco grabbed it, attached the cable to the computer, put it down on the table with a few dozen iPhone and iPad placed. On the screen, the words "Doing it . Patching . Jailbroken " appear . Then he shouted: "Ha", and the elaborate Apple wall was knocked over, the jailbroken phone.

As you know, jailbreak is an art of hacking into super-secure iOS operating systems and unlocking it - which allows users to customize their phones, install additional software that Apple does not allow. When I met Todesco - in December 2016 - people still haven't found a way to hack widely for iOS 10.2 version installed on my phone.

The jailbreak guide (hereinafter abbreviated to JB) was first discovered in 2007 and posted online for all users. Since then, millions of users around the world have used it to JB their iPhone, even at times they can easily JB by just visiting a website called jailbreakme. com. All of these tools are provided free for everyone to use - an extremely wide range of hackers' actions.

But the JB technique that Todesco is using is limited to the room in which he is staying, where all his parents live with him. No one other than Todesco knew that technique, but there were still plenty of people out there waiting for the day when iOS 10.2 was possible.

If it is now in the late 2000s, Todesco will surely post what he has online, then create a tool and then release it for others to use. Anyone who wants to install apps that Apple does not allow, or want to tweak the phone's features, interface, and theme, can be done only with easy operations.

Jailbreaking iPhone means you are exploiting one or more vulnerabilities to disable the security mechanisms Apple has developed for iOS, such as the digital signature check mechanism in the app. This allows hackers to run unsigned and authenticated lines of code by Apple and thereby re-adjust the operating system as they wish.

Shortly after the iPhone was born, JB was like a phenomenon. JB person, JB house. Popular hacker groups such as iPhone Dev Team, Chronic Dev and evad3rs are names that are constantly mentioned as the "hero" of iPhone users because they helped open interesting things that if you didn't JB ever get.

And yet, a programmer named Jay Freeman also helps the JB world become more fun by creating Cydia - a place for all the software or mods (also called tweaks) so you can easily Search and download anything you like without having to wander the web for hours. At the peak of time, Cydia is considered a real App Store with millions of dollars in revenue and gives iPhone users a feeling like they are using a real and very open computer, not closed like the iPhone. You just bought from Apple home.

Jay Freeman, ranked second from the right

" In iPhone OS 1.0, Apple doesn't even have any games. Every other phone has a Snack game, all with a Hangman game - and Apple doesn't even have a Hangman game ," Freeman said. The iPhone in the early days could not set the profile to ring or mute the sound at specific times of the day, while other competitors running Windows Mobile and Symbian have been doing it for a long time. You can also easily install additional applications on these platforms, while the iPhone app is almost unavailable. App Store will not appear until 2008. "The iPhone is like a tablet with a web browser and casually attaches some functions to a phone."

For a long time, hackers have brought "freedom" to users. " There are lots of fun things you can do - whoever JB is. Go to iPhone OS 2, people still JB to change themes or install copy paste function," Freeman recalls. "There are so many basic things that the iPhone doesn't have so people have to JB to install it ."

But this is 2017, and everything has changed. The JB community was no longer as active as it was, many left to join security companies, some returned to Apple themselves. A few others have secretly sold JB and sold the flaw they found to enjoy millions of dollars in bonuses from Apple or companies that make an iOS app. End users themselves no longer need to go to JB as many years ago because Apple simply brought many of JB's community ideas to integrate into iOS.

Jailbreak - the way for iPhone to become more useful

In a YouTube video in August 2007, the skinny 17-year-old boy in a shirt declared: " Hello everyone, this is geohot (Hotz), and this is the first unlocked iPhone in the world ". Along with his online hacker group, geohot freed iPhone from AT&T network - a carrier that sold exclusively iPhone in the early days.

In order to do that, geohot had to open the back of the iPhone, and found that there was a chip handling the baseband - which was used to control the mobile network and also the one that locked the iPhone into the AT&T network. Then he welded wires and applied a strong enough voltage to interfere with the code being embedded inside the chip. People call this "Pwned". On his PC, he wrote a software that overwrites the chip, allowing the iPhone to work with any carrier.

Hotz filmed his success - an iPhone called when using SIM from T-Mobile network - and posted it online. A giant gave Hotz a sports car, in exchange for Hotz to take him the iPhone he unlocked. The next day, Apple's stock price soared, analysts said finding a way to run the iPhone on another network made people more confident in the future of the phone.

At the same time, another group, the iPhone Dev Team - unrelated to Apple - also sought to overcome software barriers within the iPhone. "In 2007, I was still in college and didn't have much money," said David Wang, a member of the iPhone Dev Team. Like everyone else, Wang likes the iPhone when it comes to its debut. "I'm really impressed by the milestones that this device marks. I really want it. But it's too expensive, and I have to pay AT&T for it too. But Apple also introduced iPod Touch. , and I think: someday when iPod Touch can make phone calls, doesn't it become an iPhone too? "

So you hacked one for yourself. "At the time there was no App Store, there was no third-party app for you to call. I heard people talking about modding it, the iPhone Dev Team, about hackers and how they ran code on the iPhone. I waited for them to do the same for iPod Touch, I waited patiently .

And the good news is that when Chris Wad, now a 4Sense CTO, finds a way to exploit a vulnerability that crashes Safari when you visit a website that has a special TIFF file embedded. Actually this error was mentioned by Tavis Ormandy - now working for Project Zero specializing in Google security. Later, Wang also saw a post on the HD Moore security expert's blog about how to hack this TIFF vulnerability. This has put the first brick for making JB automatically.

So Wang started writing something that would later become the legendary JB iPhone. Instead of having JB in 74 detailed steps, you just need to use the Safari browser on iPhone to access a website, so your phone will be JB immediately.

The first version of "JailbreakMe" was called AppSnapp, which appeared in October 2007 (and the JailbreakMe version we used was written by another hacker named Comex) and quickly became a "legend", an easy JB way that anyone holding an iPhone in their hands can do, without any technical knowledge.

"JailbreakMe is very happy. You access it, with the words" Swipe to Unlock "just like the lock screen, you slide it one by one so your phone is rooted from the Internet". You can visit Apple stores and jailbreak all the phones they're showing just this way: D ". Apple worries so much to block the JailbreakMe domain for the Wi-Fi system used in stores to not be broken anymore.

Apple and Jailbreaker - cat and mouse game

It did not take much time for Apple to recognize the emerging JB trend, so on September 24, 2007, the company issued an announcement as follows: " Apple has discovered programs to unlock the iPhone illegally. The network can compromise the iPhone's software - that could lead to an inactive iPhone when updating new updates . " And do you still remember, whenever JB, we cannot update the software because the machine will die and have to refresh from the beginning? That time was fun.

There is a reason for Apple to worry about this. The fact that JB is too easy just by visiting a website will cause many people to be exposed to malware. Just last year, Chinese hackers stole hundreds of thousands of passwords from jailbroken iPhones. When you are JB, you are revealing operating system weaknesses to allow hackers to freely exploit, and when you get into the machine, he can easily take control of the device, turn off the microphone and camera to record. Unauthorized pronunciation of what you say or stealing sensitive information brings you for sale or extortion, for example.

Indeed, not long after Comex - real name Nicholas Allegra - launched his JailbreakMe version, there were bad hackers who inserted malicious code into the fake JailbreakMe website to break into users' devices, everything. The other is exactly the same so users are tricked by one. Instead of running Cydia when JB is done, the malicious code will run a much more harmful thing. This information is provided by two people from Apple.

Jailbreak and new threats in modern times

Unlike many hackers with bad intentions, jailbreakers like Wang only work because they want to expand what the iPhone can do. Most of them do not break into the phone of the user, they only JB their phones to customize it to your liking.

All vulnerabilities discovered were quickly patched by Apple. The same TIFF vulnerability is also the same, and it has opened up a persistent spiral: the hacker group who finds the first flaw and the JB that is engineered will devote all the credit. Then Apple will fix this to turn JB-made machines into bricks, and another group of hackers will re-research and explore other vulnerabilities they can exploit. Steve Jobs calls this game "cat and mouse" when asked about the battle between Apple and hackers."We are not sure if we are a cat or a mouse. People will try to break in, and our job is to prevent them from doing this . "

Apple also introduced rules that jailbreaking is not legal in an attempt to make people afraid of jailbreak. In fact, Apple has never sued anyone who jailbroken their machines or hackers who created jailbreak tools, but this is still a gray area of ​​law. A year later, the US Congress decided that the jailbreak did not violate the law, paving the way for passionate people to continue their negative work.

The popularity of JB and Cydia has helped people make a lot of fun on their iPhones, a simple way for people to better control the device they are holding. In 2011, Freeman said his Cydia platform had 4.5 million users a week, generating $ 250,000 in profits each year and most of this money was pumped back to support the Cydia community to continue to grow. .

Money is an issue that the jailbreak faces. They earn their major revenue through the Donation button via Paypal, but over time the amount of money users spend on the App Store has made this contribution go down and they no longer have enough money to finance their hacking. half. In addition, Apple continues to increase efforts to prevent JB users so the jailbreaker groups gradually disintegrate.

And like every story you see in action movies, there's always a bit of a twist here. Evidence suggests that one of the key members of the iPhone Dev Team is actually an Apple employee. He is famous for reverse engineering to know how iOS is running, and this person is acting like a "double agent" for both the JB community and for Apple. Who is he?

He is Ben Byer, who works as a senior engineer in charge of security for Apple in 2006. At least that's the remnants of this person online. A LinkedIn profile with Ben B. mentioned the same position for Apple as well as a series of security-related work for Second Life virtual social network. Some believe that Ben Bayer is an iPhone employee and also an iPhone Dev Team participant.

"We didn't know then," Wang said. "Only later will we realize". But tragically, Byer died in 2016 for "natural reasons" according to his friends and colleagues. He was 36 then .

Not always the relationship between Apple jailbreaker community and stress. Occasionally, at WWDC conferences, celebrities in the JB world still come to talk to Apple's security team. Some people even leave their information in a jailbreak and mention some employees with specific names. "Many of them are young people, they need to get a job or graduate. They jailbreak for fun, to prove themselves, and to overcome challenges."

The jailbreak is dead

And by the beginning of the year, illustrious jailbreakers gradually quit the game, officially. In January, Todesco announced that he would not jailbreak anything. He said the changes in the modern jailbreak community made him crazy. People constantly urged him to come up with his JB tool, constantly demanding to know about the release time of that JB tool. Such a style, and this probably doesn't make jailbreakers feel comfortable.

"I think the jailbreak is basically dead," Todesco said. With Freeman, the father of Cydia, this was true and he recognized it long ago. On happy old days, a jailbreak hole may take several months to be fixed. Today, it will be killed immediately. "Apple has a very high priority in patching software and fixing jailbreak vulnerabilities, but we have gone too far to be in danger ourselves," Freeman said. Even Freeman does not recommend people jailbreak anymore because there are too many risks out there compared to 10 years ago, when you can comfortably unlock your device without worrying about someone sneaking into stealing believe or do nonsense inside.

"But what do you need JB to do? In the past, you also had great features that were very important, but now, your JB friend just runs small mods." Those big features have been integrated into iOS by Apple. When the demand for JB from the user decreases, the number of developers studying how JB is less, basically the demand is not, how can there be a supply? "

Years after JB was a fever, jailbreaks took more and more time to come. Partly because iOS is more secure, the other part is because hackers have found jobs in security companies or have always had Apple teams. But their merits are still great, they have helped the iPhone become a powerful tool, which has proven the needs of users with an online app store are real, and gives Apple a reason to do so. App Store. And the memory of that time was a very beautiful memory for any brother who used to play with the iPhone, used to grope every command line to jailbreak, or once stood there when the code was running suddenly stopped before the left picture fragrant appeared.

Jailbrake has officially died!

Source: Motherboard