Tuesday, July 15, 2008

On the difference between jailbreaking and unlocking

Lots of articles in the blagosphere have been talking about "unlocking" the new iPhone, but have been using the term incorrectly. I really want to clear things up, because its annoying to see great sites like Ars Technica and Gizmodo screw this up. So lets get to it.

The act of "jailbreaking" your phone is making it open to third party applications which are not in the app store. This term comes from FreeBSD's chroot jail, a mechanism to segment a machine to different users as if each segment is its own machine. It is a "jail" because you can't break out of it and get into the juicy guts of the system, you can just access the segment you are allowed. Similarly, you can't access the inner workings of your iPhone, you just access the parts Apple allows, which is just their built-in functionality and anything they allow on the App Store.

There are somethings Apple probably wouldn't allow for use on the iPhone ever, like:
  1. An interactive shell/terminal application to access the system guts
  2. An ssh daemon, like OpenSSH (which would allow the iPhone to act as a proxy server to forward 3G over wifi to your laptop)
  3. A web server
  4. Custom XNU Kernel and extensions
To sum it up, since Apple wouldn't allow any applications that make your iPhone more into a general purpose computer instead of a consumer electronics device, you jailbreak your phone to do so. Since you now have a general purpose computer, you can do what you want to do on it, not only what Apple allows.

The jailbreaking process requires exploiting holes the iPhone software's "jail". In the past, this as been achieved e.g. by exploiting some bad TIFF image rendering code on the iPhone. Basically, you just load up a custom made corrupt TIFF image in Safari, which actually contains code. The bad rendering code will cause the iPhone to run the code, and voila, you have broken out of the jail they created for you. These custom made TIFF images then go on to install applications that allow you to access the guts of your system and do whatever you like, essentially rendering the already-in-place jail useless. Jailbreakme was a site that had one such TIFF image that works for older iPhone firmware.

Cellular phones in the US (and practically everywhere else) are typically configured so that you can only use a phone on the network from which you purchased it, even if there are no technical reasons limiting its usability on another network. This is why you can't easily take an AT&T phone you bought here and use it on the T-Mobile network, or take that same phone over to Europe and pop in a local teleco's SIM card to use it on that local network. This is called carrier locking of a phone.

AT&T and others do this so you don't buy a phone of theirs and take it over to another network. They want to retain their user base, and they want you to use their expensive international roaming services when you are traveling abroad instead of using a cheaper local service. There is no technical limitation that prevents any AT&T phone from working on GSM networks in the US (T-mobile), Europe (Vodaphone, O2, Orange, etc.), or anywhere else in the world. It is simply a way for carriers to protect revenue and market share.

Since there is no hardware limited technical issue, people figured out that by modifying the software that runs the phone, you can make it work on any e.g. GSM network worldwide. This is what's called "unlocking" your phone, and is actually how your phone comes by default from the factory. The carriers later lock the phones for use with their network. Some phones come with the capability to be unlocked by the carrier over the air, or by a code entered by the user. These are for situations in which the mobile operator allows you to use your phone on other networks, for example, in places they have no coverage and no parter carriers. Otherwise, there are various methods by which you can hack the device to unlock it.

In the US, unlocking your phone in a manner unapproved by your carrier was formerly thought to be illegal under the DMCA, as it circumvents a measure meant to enforce copyrights, but there has been an explicit exemption to the DMCA that protects your rights to use your phone on any network it will.

So are Jailbreaking and Unlocking related?

In the case of the iPhone, the answer is maybe. There are typically two ways to use a phone in an unlocked manner.

  1. Use a hacked SIM card. This is typically a thin adapter that attaches to your SIM card, and fools the phone into thinking that the SIM card belongs to the network to which your phone is locked, even though the card is from another network. It has been demonstrated with the latest iPhone 3G. This requires no jailbreak, since you are modifying a SIM and not the phone in any way.
  2. Hack your phone. This requires a jailbreak.

Option 2 is really the holy grail of unlocks, because it is a software only solution, requiring no SIM modification, a process which can require manual cutting with a razor and gluing of the tiny slivers of plastic we call SIM cards. The reason the software unlock requires a jailbreak is because in order to start "hacking" or doing anything useful towards unlocking your phone, you have to have control over what software it runs. This is the jailbreaking step. Once you have jailbroken your phone via an exploit, you can find software out there that hacks its way past the carrier lock.

But note that they are not one and the same. They are quite different things. Unlocking requires jailbreaking, but that doesn't mean that's the only reason to jailbreak. I, for example, want to jailbreak so I can run free games not available in the app store and use ssh SOCKS forwarding to get 3G my laptop. I have no intention of carrier unlocking my phone, but am waiting on a jailbreak to be released for my iPhone. More on this below.

Current status of Jailbreaking
The situation could get a little complicated in the future because of different revisions of the firmware on the iPhone, and now, two different hardware revisions. BUT, that said, all of the first generation iPhones can be jailbroken, regardless of firmware version number. Most of the software out there to do this support all revisions of the iPhone firmware up to the major 2.0 release that accompanied the new iPhone 3G. As of today, July 15, 2008, the latest iPhone firmware (iPhone 2.0) has been jailbroken. The bad part is, the jailbreak is unreleased as of yet, and is in heavy testing to work out any potential bugs. I am personally watching this closely, waiting for the release announcement from http://blog.iphone-dev.org/. If you are following this whole thing, I would suggest signing up for the RSS feed on that page so that you know exactly when they release the jailbreak.

No comments: