Exploiting the iPhone 4

556 points

3 years ago

Hi HN, author here! For the past three months, I've been obsessively working on gala, a jailbreak for iOS 4 that currently targets the iPhone 4. While other jailbreaks for this device, and this iOS version, already exist, the 'special sauce' of this jailbreak is that it comes with a 6-part series describing the building of a jailbreak and the many challenges that arose when jailbreaking iOS. The series includes interactive visualizations at every step of exploiting the device - from pulling memory dumps of the boot ROM to debugging a flashed filesystem image.

That said, this isn't just a bare-bones jailbreak with some writing attached: gala is a fully-fledged suite that includes a significant Python application, a Cocoa GUI for end-users, a Rust payload, Cocoa Touch games to play within the boot environment while the jailbreak completes, and C utilities that run on-device.

This was a lot of fun, and the journey included lots of milestones: when an iOS device boots, it does so in discrete stages (boot ROM, then boot loader, then kernel, etc.). This meant that my experience of developing this jailbreak also included these milestones, as over time I successfully compromised and ran each of these stages!

Building this was personally exciting because I used to regularly make and sell tweaks for jailbroken phones on Cydia. The jailbreaks themselves always seemed like inscrutable black magic, until now!

I'm really gratified to have finished up this project, and am excited to put it out into the world. Please feel welcome to have a look at the code, the writeup, or give it a spin on an old iPhone 4 that you have lying around. I hope you enjoy!

74 comments