We all have our differences in the tech world—PC versus Mac, Android versus iOS, Emacs versus Vim. Occasionally, though, we can reach out to our friends across the aisle and realize that, at the end of the day, we’re not all that different. Today’s uplifting message of unity comes from the two main smartphone factions sharing in the joys of privilege escalation: it’s now possible for a rooted Android phone to jailbreak iOS.
As first spotted by XDA Developers, Reddit user Stblr put the jailbreak puzzle pieces together when iOS jailbreaking exploit “Checkra1n” gained Linux support, which means it can also run on Android. If you have a rooted phone, you can plug your Android phone into your iPhone, run a few terminal commands, and break out of the Apple sandbox.
Checkra1n is the first jailbreak compatible with iOS 13, and it works on the iPhone 5 to iPhone X, running iOS 12.3 and up. It’s only a temporary jailbreak, though, and will get wiped out once the phone reboots. This makes an ultra-portable device that can kick your iPhone back over into jailbreak mode pretty handy, and—for now at least—Android phones are still a bit smaller than laptops.
Checkra1n exploits iOS via the Device Firmware Upgrade (DFU) mode. This is a recovery mode meant to send a new OS to the device over USB, and a few bugs in the DFU USB implementation can kick off a jailbreak exploit chain. Regular Android phones can run a Linux terminal just fine, and they have USB host capabilities, but you need root access for full control over Android’s USB stack. Checkra1n does some dirty tricks like interrupting USB transfers mid-way, and there’s no user-level API for that.
Since this is a USB exploit, you’ll need to run a wire from the Android phone to the iPhone, which usually means some way of going from Android’s USB-C to the iPhone’s Lightning Cable (when are those USB-C iPhones coming, Apple?). DFU mode won’t turn on unless a cable is plugged in, and Stblr notes that not every USB-C to Lightning Cable out there has the right pins to put an iPhone in DFU mode (including first-party cables!). Stblr ended up using a Lightning to USB-A cable and then a USB-A-to-C adapter.