iDevice Central Website

iDevice Central

iOS Jailbreak News, Tutorials and Tools!

What is a Rootless Jailbreak & Is Rootless Less Powerful Than Rootful?

Author:

GeoSn0w

Published:

What is a Rootless Jailbreak & Is Rootless Less Powerful Than Rootful?

Rootless jailbreaks are now the de-facto jailbreak tools for iOS 15 and newer versions, and many users believe a rootless jailbreak is much less powerful than a rootful (or a traditional) one, but is this belief anchored in truth?

Rootless jailbreaks were born out of necessity back in iOS 15 when the introduction of SSV made rootful or traditional jailbreaks impossible to develop.



In this article, we’re going to delve into the aspects of both rootless and rootful jailbreaks and I will explain each one so that the terms are no longer confusing for the jailbreak community.

CLARIFICATION

Rootless jailbreak = iOS 15+ jailbreak that does not re-mount the Root File System (System Partition) as Read / Write during the jailbreak process, all jailbreak components living in /var/jb/ on the User Partition.

Rootful jailbreak = An iOS 15+ jailbreak that tries to dodge SSV yet still remount the Root FS by making a copy of the File System and remounting that as Read / Write while the real one remains untouched. This has multiple disadvantages and has fallen out of favor.

Traditional Jailbreak = iOS 14.x and older jailbreaks that re-mounted the Root File System as Read / Write during the jailbreak process. Changes to the File System did not reset after reboot and they remained permanently even after an iOS update unless cleaned beforehand. This is what most users talk about when they compare it with Rootless jailbreaks. It’s no longer possible due to SSV (Signed System Volume) which debuted in iOS 15.

What is a Rootless Jailbreak?

In a nutshell, a rootless jailbreak on iOS does whatever a normal iOS jailbreak would do, with one notable change: it does not touch the Root File System, also known as the ROOTFS or the System partition.

You can still install tweaks, themes, and package managers like Sileo, Zebra, or Installer 5, however, tweaks need to be updated by their respective developers to work on rootless.

The reason tweaks need to be updated has very little to do with the jailbreak itself, but rather with the outdated and not very future-proof way the tweaks used to be developed.

XinaA15 Rootless Jailbreak
XinaA15 Rootless Jailbreak
Dopamine 2 Rootless Jailbreak
Dopamine 2 Rootless Jailbreak

Even today compiled tweaks have hardcoded paths such as folders and files into them, which means that if that path changes for any reason, the tweak breaks.

A solution for this would be to never hard-code paths into tweaks, and rather grab the path at runtime from a variable provided by the jailbreak. Unfortunately, we did not think of this at the time most tweaks were developed and for about 14 major iOS versions it wasn’t a problem.

Why are hardcoded tweak paths a problem now?

Since rootless jailbreaks do not re-mount the System / RootFS partition, tweaks had to be moved to a different path in /var/jb which is part of the User Partition (mobile). Since tweaks expect to run from a completely different path, they just error out.



For many tweaks, this can be fixed by simply recompiling the existing tweak to work on rootless without much hassle for the developer.

For no longer developed tweaks, there are patchers meant to change the hardcoded path in the compiled tweak. They are a bit hit-and-miss with some tweaks, but this is a solution for tweaks that have long been abandoned.

Tweaks and themes running on Rootless Jailbreaks
Tweaks and themes running on Rootless Jailbreaks
Tweaks and themes running on Rootless Jailbreaks
Tweaks and themes running on Rootless Jailbreaks

Are rootless jailbreaks less powerful than rootful jailbreaks?

The answer is no. Despite the Root File System being sealed on iOS 15+ and remaining so even after jailbreak, all other aspects of the jailbreak work as intended.

There aren’t a lot of important things to change in the Root File System to begin with.

Sure, system apps pre-installed by default are stored there, as well as the iOS components themselves. Still, for the user, most of the important things are in the User partition or the memory, both accessible on rootless jailbreaks.

Come to think of it, most of the files in the System partition should never be touched, or you run the risk of bootlooping the device. In a way, it’s a blessing that the System partition is no longer Read / Write.

Examples of rootless jailbreak tools:

  • Dopamine 2 Jailbreak
  • Dopamine Jailbreak
  • XinaA15 Jailbreak
  • PaleRa1n Jailbreak

Examples of rootful jailbreaks:

  • PaleRa1n Rootful jailbreak
  • nekoJB Jailbreak

Examples of traditional jailbreaks:

  • CheckRa1n Jailbreak
  • Unc0ver Jailbreak
  • Taurine Jailbreak
  • Odyssey Jailbreak
  • Pangu Jailbreak
  • Meridian Jailbreak
  • Electra Jailbreak
  • etc.

But can my tweaks run as root?

Yes. Tweaks running on a rootless jailbreak can still run as root if they need to. They can still escape the sandbox, run with arbitrary privileges/entitlements, and access various areas of the device.

But I saw rootful jailbreaks still being made in 2024!

Yes. Developers did figure out a compromise to fool the system eventually, but it’s a clunky fail-prone method that also eats many GBs of storage and it doesn’t even work on 16 GB devices because they just don’t have the extra space necessary.

This kind of rootful jailbreak is more of a patched-together method. Developers are still not re-mounting the real Root File System, but rather a copy of it which not only requires many GBs of additional space, but it also breaks a lot of stuff at the system level.

This is why PaleRa1n Jailbreak completely dropped their support for this style of rootful jailbreak.

It was a temporary method that can’t even be compared with traditional jailbreaks. It was useful during the transition period between Rootful and Rootless jailbreaks, but I wouldn’t use it today due to how unstable and janky it is.

NekoJB is a fork of Dopamine Jailbreak, but with rootful support.
NekoJB is a fork of Dopamine Jailbreak but with rootful support

Final thoughts about rootless jailbreaks

This is the new paradigm in the jailbreak community, a change born out of necessity and not out of desire. We would have kept things the way they were if we could, but as iOS evolved so did the jailbreak community to catch up.

The result was the rootless jailbreak format, which is actually not that bad. Most of the hate comes from the early days when very few tweaks were compatible out of the box, and it really felt like those jailbreaks were much more limited.

Today, most tweaks developed support rootless jailbreaks by default, most major repositories have updated their system to not only allow rootless tweaks but also allow submissions of the same tweak in rootful format, and the jailbreaks are quite great (See Dopamine 2.x).



The rootless jailbreak also has the advantage of being fully reversible. Since all the jailbreak files live in the /var/jb/ folder, all you have to do is delete that particular folder and you are back on a clean iOS install.

This simply wasn’t the case for rootful jailbreaks where leftover files kept haunting you many iOS updates later, long after you removed the jailbreak, sometimes causing apps to believe you are jailbroken even when you were not.

More iDevice Central guides

About the author

GeoSn0w

An iOS and Jailbreak enthusiast who has been around for quite some time in the community. I’ve developed my own jailbreaks before and I am currently maintaining iSecureOS, one of the first iOS Anti-Malware tools for jailbroken devices. I also run iDevice Central on YouTube with over 146.000 Subscribers! Thank you for being part of this awesome community.

Leave a Reply

Latest posts