Spirit was said to not be a jailbreak done by going to a website like the old days of the first iphone, which i wasn't a part of. And there still isn't a clear definition of what a userland jailbreak is. Is everyone just running around saying omg this awesome thing can do this even though it can't, or is there something about the term userland that i'm missing here
Userland jailbreak is a Client side jb done by going on a website through mobile safari on your iDevice but now spirit has changed it's plan is Now going to be sofware jailbreak like blackra1n reason being not known. Even though it's easier to be patched and found
to what I have known from all the research I've done.. userland JB is mean for untethered jailbreak ( don't know if I had it spell right?? but whatever) and untethered JB is mean you can goes off and on your iphone without hooking back in compt for reset the JB if your phone accidentally goes off.
Without knowing for sure, I believe it refers to what permissions you have to run on the device.
For instance, for any changes to the OS, you'll need root access. With this new exploit, you can run commands that are normally reserved for root, as any user, hence the name, userland.
An OS usually divides virtual memory into Kernel Space and User Space. Kernel space is reserved for kernel, kernel exts, drivers and stuff like that. The User space is where user mode applications run (such as I/O libraries, filesystem access routines, user's applications). By the way, there are usually 2 levels of execution in a UNIX like environment: kernel mode (kernel hooks and kernel space memory access) and user mode (user space memory access). The term Userland refers to all the code that runs outside kernel space, therefore in user space. The jargon file says: " Anywhere outside the kernel. “That code belongs in userland.” ".
Thus a userland jb exploits a vulnerability belonging to some code running in user space. This has drawbacks too: no very low level control(we're outside the kernel), while an iboot exploit, for instance, gives us extremely low level control. Moreover a userland jb can be fixed very easily since it exploits the vulnerability of some non-vital code.
Utente, that is a great explanation. Thank you very much. Is this the reason why it is an untethered jailbreak since the boot loader is unable to remove the modifications like I'm guessing the newer iPhone 4/3GS does?
@kraziebone: I'm glad you found my explanation helpful. To answer your question, it's not a matter of iboot removing something or not it's more like iboot loading something modified or not. I'll try to explain. When you have a tethered jailbreak it's (often) because you don't have an exploit for your iboot version, therefore your iboot doesn't accept to load (from your non-volatile memory) and boot a modified version of the firmware because the signature check fails, so the phone doesn't boot up. To overcome this you have to connect your phone to a computer or a device able and programmed to send a series of commands (exploiting a vulnerability) which make it possible to boot your modified firmware. When you have an untethered jb it means that you found a vulnerability in the iboot's code by exploiting which you can bypass in some way the signature check. Once you bypassed the signature check you can boot whatever version of the firmware you want (even a modified one!!!!). With a userland jailbreak, the process of gaining root privileges, through the exploitation of a userland code vulnerability, happens after iboot has loaded the ORIGINAL firmware, which is then modified by the jailbreak routine. In other words you may think of a userland jb as a special app which runs at every startup, after the boot process, but before the springboard has loaded, and which each time modifies the firmware in the memory, allowing you to get root privileges.
In addition, userland refers to a vulnerability that can be exploited across all platforms - in the case of iOS 4.0, this would refer to 3G, 3G[s] and 4. The exploit resides in a file that is common to all of these files, whereas other exploits dig specifically into the individual platforms of the iPhone, as Utente alluded to.
This is why PwnageTool asks you to select which device you're using and greys out or activates certain options depending on your specific hardware. redsn0w obscures this process by autodetecting the hardware, probably by detecting the bootrom and making it a single-click procedure.
LinkBack URL
About LinkBacks
What is a "Userland" Jailbreak?
Reply With Quote
Posting Permissions
