Difference Between Rootful & Rootless Jailbreak and Which One Is Better for You?
In iOS jailbreak modules, you generally find two categories: rootful and rootless. Each category differs in its interaction with the device’s root filesystem. With both, you gain a certain level of privilege in modifying system files, but in separate ways.
Table of Contents
Rootful Jailbreak
In a rootful jailbreak, the user has full control over the system partition. This is usually achieved by creating a copy of the root directory and remounting it with read-write permissions. Through this method, the user can easily access the root directory (/) as well as the root user account.
Having the access and permissions to modify core system files means that the user can install mods and tweaks directly onto the root filesystem. However, this level of control also means that tinkering with sensitive files can lead to boot loops, data loss, or even a hard brick.
Rootless Jailbreak
A rootless jailbreak does not offer direct access to the root filesystem of the device. This means that writing to ‘/’ is not possible with rootless. Instead, it writes to a different location in the storage, usually /var/jb, which then acts as a symlink to a directory within /private/preboot.
Apple sealed the root filesystem with the introduction of Signed Secure Volumes (commonly known as SSV) in iOS 15. This meant that rootful jailbreaks had to be discontinued. As a result, rootless methods had to be adopted since modifications to the root filesystem weren’t permitted. Most rootful jailbreaks were known to brick devices after the SSV update as well.
Rootless jailbreaks are generally considered safe and reliable. Since the jailbreak is separate from the root filesystem, it is also harder to detect. With rootless, you also have the privilege of reverting back to stock iOS and updating the software whenever needed. There is little to worry about in terms of boot looping or hard-bricking your device, and it is relatively more stable as well.
Why Switch to Rootless?
For the majority, rootless is the “unavoidable future of iOS jailbreaking.” While this approach is relatively new and will require many tweaks and repositories to be updated with new modules, it’s worth noting that most tweaks will remain compatible, needing only minor adjustments unless they involve modifying the root filesystem in some way.
In the past, rootful methods, such as XinaA15, were known to be unstable and prone to crashes, partially due to their reliance on unconventional patches. These jailbreaks were often difficult to set up, with many variables to manage, as they involved manipulating sensitive system data.
While rootless methods are considered less powerful, many tweaks have adapted to this environment by making minor adjustments to file paths and supporting iphoneos-arm64 packages. If a tweak or module doesn’t rely on a hardcoded path, it can typically be recompiled to a different location, allowing it to work easily with rootless tools.
Most jailbreak tools, including Dopamine, Checkra1n, Palera1n, and unc0ver, and package managers such as Sileo and Zebra have transitioned to rootless models, though rootful options remain available with tools like nekoJB and older versions of Palera1n.
Are Rootful Jailbreaks Better than Rootless?
While rootful provided developers with significant control over the root filesystem, it is important to understand that a large percentage of tweaks did not rely on modifying the root filesystem. For them, the transition wasn’t too difficult either. Even though most default system apps are stored within the root directory, they may cause issues if altered, potentially leading your device into unavoidable problems.
To bypass SSV (Signed System Volume), some developers have found a method to mimic the root directory by creating a copy and remounting it as read-write. However, this approach is not only prone to failure but also consumes a large amount of system storage. Jailbreaks like nekoJB, a fork of Dopamine, utilize this method.
Still, with how much compromise was needed for little in return, rootful patches, post-iOS 15, didn’t gain traction. This is also why popular tools like Palera1n eventually dropped support for rootful jailbreaks.
