Exploration of rooting and jailbreak techniques and tools

In this publication, we will explore in detail the rooting and jailbreaking techniques and tools.

Retrieved from http://www.wikihow.tech/Root-Android-Phones, due to many varieties in Android phones, there is no single rooting method that will work for every phone or version of Android. But the common starting point is to download the appropriate rooting software for the phone model, enable USB debugging (most common) on the phone, and configure your USB drivers on your computer.

Reminder: Don’t forget to back up your data before rooting.

Based on the routing information retrieved from http://www.androidcentral.com/root and http://www.androidauthority.com/root-android-277350/, depending on the phone brand, a cracking bootloader is somewhat diverse. The most standard means is mainly by utilizing the OEM command, putting in mind that unlocking bootloaders on the Android might impact or influence warrant of the device.

Utilization of the commercial rooting applications such as the Kingo Root is usually a straightforward technique and could be performed with or without any computer. As these applications could not root any mobile device, there are techniques to root and jailbreak without PC or with PC and below are some of the tools required.

Using KingoRoot APK (Android).

• Permits installation of the applications from anonymous sources on the Android mobile device.
• Permits download of the KingoRoot.apk on the device.
• Permits installation and launching of KingoRoot.
• Press the “One Click Root” option on the main interface.
• Wait for some seconds till results appear.
• Rooted Succeeded.

Using towelroot (iPhone).

• Download towelroot app from this website “https://towelroot.com/.”
• Install the application and then run it.

Towelroot mostly tries exploiting running kernel, offering a temporary admittance to information system files. As this takes place, correct files required in the running as the root is usually pushed to file system and a quick reboot is then done; hence, the system is rooted. 

Based on the retrieved information from http://www.androidcentral.com/root, with over 12,000 different models, it is impossible in covering each technique to root every mobile phone. We will focus on the top 2 brands Samsung & Apple.

Period	Samsung	Apple	Huawei	OPPO	vivo	Others
2015Q4	20.4%	18.7%	8.2%	3.6%	3.0%	46.2%
2016Q1	23.7%	15.4%	8.4%	5.9%	4.4%	42.2%
2016Q2	22.8%	11.7%	9.3%	6.6%	4.8%	44.9%
2016Q3	21%	12.5%	9.3%	7.1%	5.9%	44.2%

Source: IDC, Nov 2016 http://www.idc.com/promo/smartphone-market-share/vendor

Rooting Samsung phone.

In rooting most of the Samsung devices, one should utilize or make use of the program known as Odin. I have already shared on rooting an Android phone without PC using the most popular KingoRoot (information retrieved from https://www.recovery-android.com/root-Samsung-galaxy.html.  Besides, Android Root is usually developed for rooting the Samsung Galaxy and could help in removing pre-install apps, moving the apps to the SD card, muting the notification of specific application and so forth. This, in turn, supports several Android mobile devices.

Step 1. Before rooting, it is recommended to back up your Samsung.

Step 2. Installing the Android Root as well as connecting the Samsung Galaxy
after a backup is done for the Galaxy, followed by the launching of the Android Root on the PC then moving to “More Tools” on the leftward side of this program. Later, connect the Samsung device.

Step 3. Once connected to a computerized device, the program could assess whether the device is rooted or not.

Step 4. Begin Rooting the Samsung Galaxy device with an Android Root by clicking on “Root Now” and then waiting until this procedure ends.  Once done, the program would then repeatedly root the Samsung device.

Step 5. Once the procedure bar is filled, rooting is done.

It is able to support several mobile phone brands, including the LG, Samsung, Sony, HTC, Techno and so forth. In case one is unsure on whether their devices are supported by specific software, they could just download and then connect in order to have the Galaxy phone scanned. Once this is done, the program would point out whether the Android device is generally supported.

Rooting iPhone

Step 1. Download Pangu app on iPhone from its website – pangu.io.

Step 2. Download compatible Cydia Impactor with the different versions like Mac OS X, Windows, Linux (32-bit), or Linux (64-bit) available. After done downloading, unzip Cydia Impactor file then try to launch it.

Step 3. Connect the iPhone via a USB cable to Cydia Impactor.

Step 4. Once your iOS device has been connected, you should drag the “NvwaStone_1.0.ipa”  or the Pangu application in Cydia Impactor application then, click “Start” key followed by “OK” key once the Apple Developer Warning pops out.

Step 5. Now, enter your Apple account to sign in the app. Though developers guarantee the users that information gathered is only utilized for signing in this application, to be safe, you can log in an alternative Apple ID instead.

Step 6. Cydia Impactor application could be routinely prepared based on the input, and signing IPA files. In case this is successful, the application is automatically installed on the iPhone.

Step 7. On the iPhone, please navigate to the “Settings” then to the “General” and later to “Device Management” or the “General” to the “Profile”  and below. One would then view the profile for developer under the “Apple ID.” Then one should tap on the profile in order to establish some trust for the developers.

Note that Internet connection is necessary for verifying the application developer’s certificate while establishing their trust.

Step 8. Launch Pangu app on your iPhone and merely tap “Start” key in order to begin jailbreaking.

Step 9. When jailbreaking completes, you should see Cydia installed on your iPhone, which means that you’ve successfully jailbroken your iPhone.

You can now run Cydia and download your favorite and desired apps and tweaks for your iPhone. However, you might not download programs from unknown sources.

Jailbreaking iOS using TaiG

Jailbreaking an iOS device can be as easy as a click of the button. All one need to do is install the TaiG tool that is appropriate for the version of iOS. List of jailbreak tools and the links released for various versions of iOS can be found at https://canijailbreak.com. Instructions are indicated on the tool’s websites to understand the steps required to install the jailbreak on the device. Most jailbreak tools are well tested to be non-destructive and non-intrusive to user data; However, as a precaution, it is recommended that backup is performed with iTunes so one can restore if any unexpected data loss happens during the process.

After successfully jailbroken, a new app called Cydia appears on the device. Cydia, developed by Jay Freeman, is the one-stop shop for all customization and tweaking needs at the appropriate price. One can purchase and set various links to FaceBook, Google, Amazon, PayPal, etc.

Author: Tan Kian Hua, Ph.D. student at LIGS University

Bibliography

Srinivasa Rao Kotipalli, Mohammed A. Imran, (2016, July). Hacking Android. Chapter 2: Android Rooting

Suktika Mukhopadhyay, Brandon Clark, Talha Tariq, Luca De Fulgentis; Title of article.

Kunal Relan (2016) iOS Penetration Testing – A Definitive Guide to iOS Security

Suktika Mukhopadhyay, Brandon Clark, Talha Tariq, Luca De Fulgentis (27 June 2015). Projects/OWASP Mobile Security Project – Dangers of Jailbreaking and Rooting Mobile Devices.

Oleg Afonin, Vladimir Katalov (September 2016). Mobile Forensics – Advanced Investigative Strategies.