With great power, comes great responsibility
[DISCLAIMER]
The tools and techniques discussed here provide you with high privileges which allows you to alter low level settings and data on a device. If not handled properly such changes may result in unexpected and undesired behaviour which in turn may lead to damaging your device. 9dot9 Media Limited, Digit and Think Digit are not responsible for any damage to your phone resulting from your actions based on this guide.
This article is accompanied with the customary disclaimer. What we’ll do here is risky and if not done carefully then there are chances that you’ll brick your phone. Jailbreaking/rooting your phone is not illegal as long as it is limited to non-copyright infringement purposes, but jail-breaking/rooting your phone willvoid your device’s manufacturer warranty so proceed with extreme caution.
Before trying out any method mentioned in this pages make sure that you create a full backup of your phone backup using the method(s) mentioned for each OS. Please make sure is that you follow all the instructions provided here or the guides to which links are provided for a particular model or device to the tee. Not doing so can lead to extremely dire consequences.
ANDROID
Android is much more relaxed as compared to other platforms when it comes to allowing the user to install third-party apps which is perhaps the main reason for rooting/jailbreaking other mobile platforms. Rooting is the first step in extending the functionality that your phone has to offer – wireless tethering for older phones, custom ROMs, CPU overclocking and so on. Rooting in Android is very much akin to running a program as an administrator in Windows or running a program with the sudo command in *nix systems.
BackupAll your contacts, mail, calendar and other Google account specific data will be already in sync with Google’s servers, so you need not worry about that. As far as the system data, apps and app data is concerned there are two ways to go about taking a backup – one of them is using Titanium Backup and the other is using ADB (Android Debug Bridge). The problem with the first method is that, you need your phone to be rooted to use Titanium Backup as it requires root permissions, and brings into existence the classic chicken and egg problem. Titanium Backup is useful once you’ve rooted your phone and you plan on installing a custom ROM. You’d want to make sure that all your installed applications, settings and the original firmware are available to you in case you run into any problems. Another advise here is to go for a Nandroid backup provided by the Clockwork Recovery Mod or your own custom ROM which saves an entire image of the device to the disk for future use.
For Android 4.0 and upwards you can use the ADB backup. Just download HoloBackup, a GUI wrapper for conducting the backup,
from its homepage. Once you get the app running , hit “Backup all without system apps” and you’re set. One problem here is that this functionality doesn’t exist for Android 2.3 or lower, your best bet would be use an application like MyBackup Pro to backup your other data and use Astro file manager to copy your application APKs to a safe location.
RootingThe complication for Android is that there are a large variety of phones available in the market today. Now, while some methods do work for a very large cross section of handsets, there is no universal one-size-fits-all rooting solution for every phone out there. We’ll start with the one tool that is able to root a lot of models, especially the older ones - SuperOneClick. The catch is that it may or may not work for your phone, so you’ll have to dig in a bit deeper especially for older phones as they have their own little quirks.
Download SuperOneClick from
its download site and extract the downloaded zip file. On your phone make sure that USB Debugging is enabled under the settings and then connect the phone to your PC. The next step is very important, make sure your SD card is not mounted before proceeding. Once your phone is detected by SuperOneClick click on “Root” to begin the rooting process and wait for it to complete. That’s it! once the process completes your phone will be rooted and then you can proceed to the post-rooting section of the guide. In case you face any problem, search the
SuperOneClick support thread on XDA Developers for people having same problems as you.
This app is known not to work with the following phone. You can use unrevoked.com instead to circumvent the NAND lock used by these phone.
Sprint EVO 4G (HTC Supersonic)
Droid Incredible (HTC Incredible)
HTC Desire GSM
HTC Desire CDMA (HTC BravoC)
HTC Aria
Droid Eris (HTC DesireC)
HTC Wildfire (HTC Buzz)
SuperOneClick in action
One thing to take note of here is that this may not be the only method which roots your phone there may be multiple methods out there to root your phone. You’ll have to find the one that suits you the best. For example, all phones from HTC released in and after 2011 are allowed to
unlock their bootloader by HTC itself, the only step you need to perform after this is to flash a custom ROM to your device to get the root access. Now other methods may exist which may do this for your phone in one click, it’s entirely up to your discretion to select the method that you’re comfortable with.
Some of the latest phones have different exploits and one-click root tools specifically made for them. We’ve listed the phone along with the link to the guide in the table below.
You’ll find that nearly all links point to XDA Forums. It is infact the Mecca of smartphone hacking, rooting and development. Nearly all the developers congregate and collaborate, thus making this rooting toolkits and apps possible. Whenever in doubt just head over to XDA Developers forums, you’ll find that someone usually has had the exactly the same problem as you, as in all probabilities you’ll find an excellent solution there.
Post RootingOnce you’ve rooted your phone, it’ll open up a host of hidden features on your phone. For starters, you’ll be able to flash custom ROMs on your phone like ParanoidAndroid, LiquidSmooth, Android Open Kang Project, Cyanogenmod 10, Xylon to name a few. You’ll find a host of threads online which deal with installing/flashing these ROMs on your phone after rooting. You’ll also be able to install applications which need root access like Titanium Explorer, ES File Explorer, ROM Manager, CPU Master for overclocking and so on. There is this
excellent thread at StackExchange which details what are the possibilities after rooting your phone.
Paranoid Android running on the Nexus 4.
CyanogenMod 10.1 which provides a customized Jelly Bean experience.
iOS
Hacking your iOS device on the other hand, is called, jailbreaking. In an ecosystem which is under tight control by the iron-fists of the Cupertino-based giant, jailbreaking allows the user to install a modified operating system by unlocking the bootloader, sideloading third party apps apart from the app store and provide root permissions to the user.
Backup
Backing up your iPhone is quite straightforward. You could either have your phone synced with iCloud or just manually create a backup from iTunes by right-click on your phone icon and clicking on backup, an advantage of doing it this way is that you can restore it much faster. If you’re upgrading from a jailbroken phone, make sure that you backup your Cydia apps separately so they can be easily restored after you’ve upgraded+jailbroken your phone.
You can backup your Cydia apps by downloading OpenBackup from Cydia’s official repositories. The app is quite easy to operate, just open the app and hit the Backup button, this backs up your Cydia data to either iCloud or iTunes. You also get a local copy if you want to manually save the backup file to your computer hard drive. You’ll find the backup file at private/var/mobile/Library/Preferences/OpenBackupFiles, you can use iFunBox to copy the files to your hardrive.
OpenBackup to back up your Cydia apps
Rooting
As opposed to Android there are not a lot of methods available for cracking your iPhone (in fact this works for any iDevice, but we’ll be limiting our discussion to the iPhones here), in fact there are a very limited set of methods available for you to jailbreak your iPhone. The table below details the various methods available for the different versions of the phone at different operating system versions.
Firmware Version | iPhone 5 | iPhone 4 | iPhone 4S | iPhone 3GS |
6.0 - 6.1.2 **
| evasi0n | evasi0n | evasi0n | evasi0n |
5.1.1 | - | absinth v2 | absinth v2 | absinth v2 |
5.1 | - | Redsnow | - | Redsnow |
5.0.1 | - | Greenpois0n | Redsnow | Redsnow |
4.3.4/5.0 | - | Redsnow | - | Redsnow |
4.3.3 | - | Redsnow | jailbreakme.com* | Redsnow |
4.3.2 | - | Redsnow | - | Redsnow |
4.3.1 | - | Redsnow | - | Redsnow |
4.3 | - | - | - | - |
4.2.7 | - | - | - | - |
4.2.1 - 4.2.6 | - | Greenpois0n | - | Greenpois0n |
4.0.1 - 4.1 | - | Greenpois0n | - | Greenpois0n |
4.0 - 4.0.1 | - | jailbreakme.com* | - | jailbreakme.com* |
* You just need to point Safari to this URL for this jailbreak to work
** This jailbreak wont work for users who’ve updated their phones to 6.1.3 which was released on 19th March
The highlighted jailbreaks are tethered jailbreaks, i.e. you need to plug in the phone at every restart so that the jailbreak can be loaded which patches the kernel in real time. This might sound quite cumbersome but it’s the only way to go about doing it for the older versions of the operating systems. If you update your phone now, you will be updated to iOS 6.1.3 and you won’t be able to downgrade to 6.1.2 or lower so if you’ve not updated your phone you’re still in luck, as you’ll still be able to use evasi0n or the respective jailbreaking tool for your version of operating system. The evad3rs team is hard at work for getting out a jailbreak for iOS 6.1.3, you can
follow them on Twitter for latest updates.
evasi0n in action
These jailbreak tools are incredibly easy to operate. For e.g. consider, evasi0n, just grab the latest zip file from the tool’s download page and extract the file. Make sure that you remove the lock screen password before proceeding and avoid all iTunes related tasks when evasi0n is running. In case the process freezes at any time it is safe to restart the program and reboot the device to try the process again. To jailbreak your device just run evasi0n and click on the jailbreak button and the process will begin. Your phone will restart a couple of times during the process, be patient. Eventually, the process will run it’s course and you’ll be able to tap on the exit button. The phone will restart and Voila! you’ve just jailbroken your iPhone.
Both the other apps function in a similar way, whenever in doubt visit the forums on the respective app’s pages you’re bound to get help there. Make sure that you find the exact version of your firmware and use the recommended jailbreaking tool from the table above.
Post JailbreakingYou’ll now have an access to an amazing set of features which will let you modify the phone in some very interesting ways, the first of which being Cydia. This amazing little app will allow you download a host of 3rd party apps hosted on both Cydia’s own and other repositories. You’ll be able to personalize the menu and it’s appearance along with the background and lock screen images. Advance task switcher, mods which let you run tasks in background, folder enhancer, ssh and gcc are just some of the apps which form the tip of the iceberg. You can get quite an interesting list
compiled by The Big Boss, it lists some of the apps mentioned here and many more interesting ones which can be installed once you’ve jailbroken your phone.
(left) UI overhaul using WinterBoard (right) GCC on the iPhone
WINDOWS PHONERooting a Windows phone is more tricky compared to it’s cousins. Root/unlock in Windows phone comes in three flavours:
Developer UnlockThis allows you to sideload third-party apps in your phone. The number is restricted to 10 and you need to register yourself at AppHub @ $99/year to unlock your phone. There is also a student account which allows you to side load up to three apps.
Interop UnlockA new lock was introduced with the earlier builds of WP7 Mango which required apps to have this lock for accessing device drivers and other restricted areas like the registry, root access, the file system and so on. Called the interop unlock by it’s finder Heathcliff from the XDA Developer forums, this unlock used exploits to target the vulnerabilities in some of the manufacturer specific software to unlock the phone.
Full UnlockAs of now this is only possible for first generation HTC and Samsung phones. After unlocking the bootloaders and installing custom ROMs, you need to install Full Unlock packages which patches to remove the policy checks and gives you the full access to the system. The problem here is that all apps then have the full access to your system even the bad ones.
BackupThere are two ways you can go about backing up stuff on your Windows Phone. You can either use the WP7 Easy Backup Tool or the WP7 Backup App. You can grab WP7 Easy Backup Tool from
it’s download page. The process is quite straightforward and the app is laid out like a wizard to guide you through the backup process.
Use WP7 Easy Backup to save all your files on your PC hard-drive
The app is a very clever piece of software, it uses the Zune updater tool to backup your phone. This backup can be used by Zune to restore the device when you use the "Update" option under settings. This will save everything right from the application settings to your texts inside the update. One downside is that any file changes, updates or other user specific data will not persist if it was not present at the time of the backup. Checkout the
apps XDA Developers thread for the download and exact deployment instructions.
Unlocking/RootingDifferent brands, different OEMs and different versions will have their own unlocking method(s). We’ve compiled a list of brands and devices which can be unlocked in the table below. One important thing to note here is that Windows Phone 8 users will not be able to unlock their phones as there are no unlocks available which allow you to root your phone.
Another method possible is what is called policy unlock, once you manage to get an interop-unlock activated on your phone you can sideload WP7 Root Tools into your phone and then use the bundled exploits to attempt a full unlock of the phone. You can grab the latest copy of the WP7 Root Tools from i
ts download page. You’ll also need the Windows Phone SDK to deploy the app file (.xap) to the phone. You’ll find the deployment program at the location
C:Program Files (x86)Microsoft SDKsWindows Phonev8.0ToolsXAP Deployment. You can either use this or XAPDeployX which can be downloaded from its
XDA Developers thread. Mindwell this will only work once you’ve interop-unlocked the phone or on the 1st generation Windows phones with developer unlock.
Post Unlock/Rooting
A host of brilliant applications are made available once you’ve unlocked your phone. Starting with jaxbot’s WPH Tweaks, which enables you to make a lot of much needed tweaks to the OS. Other applications include new themes, dynamic backgrounds, lock screen widgets, orientation lock, file explorer, screen capture, certificate installer and so on.
WP7 Root Tools to tweak WP performance.