If you’ve been paying attention to leaders of the jailbreak community regarding the future of jailbreaking, then you should already know that rootless is the future. But what does this mean for you as the jailbreaker?
Rootless jailbreaks are nothing new, however this will be the first time one becomes the mainstream for essentially the entire community. There are a lot of technical differences between a standard jailbreak and a rootless one, so with that in mind, this invokes a lot of questions among prospective jailbreakers.
Given all the confusion, we consulted with Chariz repository manager Adam Demasi (@hbkirb) and Procursus maintainer Cameron Katri (@KatriCameron) to discuss some of the most frequently asked questions about rootless jailbreaks so that we could share everything we learned with our readers. Having said that, we offer our gratitude for their time in contributing to some of the answers you’re about to read.
If you’re ready to learn more about the upcoming rootless jailbreak for iOS & iPadOS 15 and later and how it may or may not impact your jailbreaking experience, then be sure to read on!
Rootless jailbreak F.A.Q. – Debunking the myths
Why will the upcoming jailbreak for iOS & iPadOS 15 be rootless?
Perhaps the most frequent question we see is ‘why is this jailbreak going to be rootless?’ and fortunately, we have an answer for that.
iOS & iPadOS 15 and later unleash Apple’s signed system volume (SSV) security mitigation feature on the mobile platform for the first time. This feature first debuted on macOS as a means of verifying the integrity of system content at runtime with the help of a kernel mechanism. It would then reject all and any data that lacked a valid cryptographic signature from Apple.
Now that SSV is a part of iOS & iPadOS 15 and later, jailbreak developers can’t tinker with the OS/root volume on iPhones and iPads running this firmware because SSV compels read-only behavior on this volume by filtering and nullifying alterations that don’t belong on that volume as it was designed to be by Apple.
Apple continuously beefs up security mitigations with every new iteration of iOS & iPadOS. Going rootless is the next major shift impacting how jailbreak developers will cope with those mitigations going forward, and such a shift is comparable to the time when jailbreak developers adapted to bypassing kernel patch protection (KPP) starting with the Meridian and Electra jailbreaks for iOS 10 and 11 respectively.
These shifts are consequential of Apple’s anti-jailbreaking comportment, but they’re a far cry from ending jailbreaking entirely. They simply make the process more challenging, and where there’s a will, it seems there’s always a way.
What is the difference between a full-fledged jailbreak and a rootless jailbreak?
The primary difference between the full-fledged jailbreaks we’re all used to and rootless jailbreaks for iOS & iPadOS 15 and later is that users will not have access to the OS/root volume. This means users can no longer install or modify files that exist in this space.
Instead, jailbreakers may only tinker with files residing in the /var and /private/preboot volumes, with the latter being an entirely new volume that the Odyssey Team plans to add especially for jailbreak-related files that would traditionally be placed in the now read-only OS/root volume.
One thing we’d like to clear the air of some confusion about is that there are two different ways jailbreakers may refer to root – one is the OS/root volume, and the other is root user. While a rootless jailbreak excludes access to the OS/root volume, you can still act as a root user and SSH into your device to modify files in the /var and /private/preboot volumes – that hasn’t changed, so changing the root password is still important.
Does the lack of OS/root access break anything substantial for jailbreakers?
As you might come to expect, lack of access to the OS/root volume constrains the resources that jailbreakers can work with when compared to the likes of a full-fledged jailbreak. This smaller access space may also affect certain mechanisms of your jailbreak, such as the bootstrap, some jailbreak tweaks, and even the package manager app you use.
The bootstrap is the component of your jailbreak that installs essential Unix tools and a package manager such that you can install and run modifications, like jailbreak tweaks, on your iPhone or iPad. Traditional bootstraps are based on full-fledged jailbreaks and have long enjoyed all the benefits of OS/root access. Now, jailbreak developers must adapt a new rootless-compatible bootstrap that writes to a volume other than OS/root.
Obviously, jailbreak tweaks that modify files found in OS/root won’t work on a rootless jailbreak, but those that receive updates to support the rootless paradigm should operate just as smoothly on a rootless jailbreak as they did on a full-fledged jailbreak. This may not be possible for all jailbreak tweaks and add-ons, but certainly for a vast majority of them, as few jailbreak tweaks actually go as far as to modify system files.
Which bootstraps will support a rootless iOS & iPadOS 15 jailbreak?
Rootless jailbreaks will generally utilize the Procursus bootstrap, which is currently adapted to support the rootless standard.
We don’t yet know if the unc0ver Team is working on a rootless-supported Elucubratus bootstrap or not, but that doesn’t mean that one isn’t being worked on.
As far as we know, the checkra1n team purportedly isn’t making a rootless jailbreak, so it remains to be seen if the bootstrap will require many substantial changes.
Currently, the XinaA15 and Fugu15 jailbreaks for iOS 15.0-15.1.1 and 15.0-15.4.1 respectively, as well as the palera1n jailbreak for iOS 15.0-16.x support rootless.
Which jailbreak tweaks will work on a rootless iOS & iPadOS 15 jailbreak?
All or most of the jailbreak tweaks we know and love today are likely to be incompatible with rootless jailbreaks as they stand. This is because of the array of differences in available resources between a rootless jailbreak and a full-fledged jailbreak. Fortunately, those jailbreak tweaks can almost certainly be updated to support a rootless jailbreak on iOS & iPadOS 15 and later.
In fact, Demasi explained to us that jailbreak tweak developers, Procursus developers, and jailbreak developers are currently discussing ways to mitigate the work required to adapt jailbreak tweaks from the full-fledged jailbreak experience on iOS & iPadOS 14 and earlier to the rootless jailbreak experience on iOS & iPadOS 15 and later.
The aforementioned specifically applies to whether jailbreak tweak developers will be required to make separate packages specifically for iOS & iPadOS 15 and later or if existing packages can merely be updated to support the rootless jailbreak experience. The latter may or may not be possible, but Demasi seems confident about the idea.
What about filesystem browsers like Filza, SSH, and Apple File Conduit?
It appears that, for the most part, file browsers including the on-device Filza app, remote SSH, and even wired Apple File Conduit connections should work just fine. The only asterisk is that users wouldn’t be able to edit files outside of /var and /private/preboot.
Having said that, files existing in /var and /private/preboot can be viewed, executed, and modified on a rootless iOS & iPadOS 15 and later jailbreak using these methods. Files residing in the OS/root volume, on the other hand, can only be viewed and executed, but not modified.
Based on what we know, you can still use apps like Filza or alternative filesystem browsing methods like SSH or Apple File Conduit even on a rootless iOS & iPadOS 15 or later jailbreak, but access to certain things will be more restricted than they were on a full-fledged jailbreak, as patching system files will now be totally off limits.
Will jailbreakers notice a difference between a rootless and full-fledged jailbreak?
While there are some apparent differences between the two types of jailbreaks, Demasi doesn’t think the typical jailbreaker will notice a stark difference between a full-fledged jailbreak or a rootless one. That’s because the Procursus team is working hard behind the scenes to make the bootstrap work as it should, and because most jailbreak tweaks can be updated to support this new jailbreak style.
It’s somewhat uncommon that an ordinary jailbreaker would need to patch system files found in OS/root since most of what we need will reside in /var and /private preboot.
One of the most significant perks of a rootless jailbreak, according to Demasi, is that undoing the jailbreak to revert to a stock installation of iOS or iPadOS could be easier, faster, and safer – especially since it’s now virtually impossible to break system files thanks to SSV.
Additionally, going rootless may have positive implications for evading jailbreak detection. Of course, if certain app companies really want to be pig-headed, then they may develop alternative jailbreak detection methods which may still be easy to bypass.
Is it worth it to go from a full-fledged jailbreak on iOS or iPadOS 14 to a rootless jailbreak?
This is something that really comes down to user preference, but according to Demasi, the answer is probably yes.
While there are limitations involved with a rootless jailbreak, they aren’t likely to affect the end user all that much. Furthermore, after a rootless jailbreak has been out for a while, jailbreak developers will have had enough time to iron out the kinks and make things work in the most ideal way.
When it comes down to it, it will take time for jailbreak tweaks to receive updates to work on the rootless jailbreak for iOS & iPadOS 15 or later, but jailbreakers should ultimately be able to enjoy most of the perks of jailbreaking that they’ve had for years on a full-fledged jailbreak.
Conclusion
Yes, there are a lot of technical differences between a full-fledged jailbreak and a rootless jailbreak, and they’re bound to have a significant impact on the jailbreak community as a whole. On the other hand, once the jailbreak community catches up with the rootless dynamic, the average jailbreaker shouldn’t be able to tell much of a difference – getting to that point may take some time, however.
If you have any other questions about rootless jailbreaks, then please feel free to drop a comment below.