|Initial release||24 Dec 2017|
|Stable release||RC5 / 4 Jan 2018|
h3lix is a semi-untethered jailbreak for 32-bit devices running any version of iOS 10, developed by tihmstar and Siguza. h3lix works by sideloading an IPA using Cydia Impactor. The first release candidate was released on 24 December, 2017. It is one of two jailbreak projects based on the v0rtex exploit, the other being Saïgon for 64-bit devices.
Since Apple’s transition to 64-bit in 2013, the market share of their 32-bit devices has been steadily shrinking. During the lifespan of iOS 9, the 32-bit share reached a level low enough for jailbreak developers to start dropping 32-bit support altogether. The iOS 10 jailbreaks released in late 2016 and early 2017 continued this trend and left the last supported 32-bit devices, namely the A6 devices, unjailbreakable.
Early 2017 saw renewed interest in the 32-bit devices, with the release of the Home Depot jailbreak for iOS 9.1-9.3.4, as well as the iDeviceReRestore tool for restoring to iOS 9 using saved blobs, and the combination of them provided a jailbreak solution for 32-bit devices that had been stuck on iOS 10. Apple silently and effectively killed off iDeviceReRestore as an escape route in July 2017, by exploiting the introduction of a new activation method in iOS 10 to reject activation records coming from A6 devices on iOS 9 and older, if they had ever been activated on iOS 10. By then, the focus of jailbreak developers had already started shifting to the upcoming iOS 11, and it was feared that both iOS 9.3.5 and iOS 10 would remain unjailbreakable on 32-bit. Soon after, however, no less than four jailbreaks were released for 32-bit devices (Phœnix, UntetherHomeDepot, etasonJB and Home Depot 1.1 for 8.4.1). At that point all pre-A6 devices were jailbreakable for life, and hopes grew for a final 32-bit jailbreak.
At least one of the exploits that powered the iOS 10 jailbreaks, mach_portal by Ian Beer of the Google Zero project, could in theory be ported to 32-bit. Beer used another vulnerability he discovered, CVE-2017-13861, to write the async_exploit for iOS 11, inspiring Siguza to write an exploit that was compatible with 64-bit iOS 10, named v0rtex, on which he published an article in early December of 2017. v0rtex quickly replaced Adam Donenfeld’s ziVa exploit in the Saïgon project, and it was expected that porting it to 32-bit would be feasible. About a week later, tihmstar announced that he and Siguza had in fact done so, and as the duo were responsible for the Phœnix jailbreak a few months earlier, users hoped that this meant that a 32-bit jailbreak was imminent. Screenshots were posted by tihmstar as the development progressed, and the user community was involved with choosing the name and designing the app and logo. Credits were given to @FoxletFox for the graphics and Jacky C for the logo concept.
The first release candidate of h3lix was then published on tihmstar’s website on Christmas Eve, successfully tested with iOS 10.3.3 on the N42AP (iPhone5,2). Users found it to be compatible with other A6 devices on the same version, while some also reported problems when attempting to use it on older iOS 10 versions.
Being the last version offered for the A6 devices, iOS 10 was considered by some users to be slower and less usable than older versions, making downgrading one of the main use cases for this jailbreak. Like some other jailbreaks, h3lix does not enable
task_for_pid(0), but tihmstar announced that it does have the equivalent
host_get_special_port(4) instead. For kloader-based downgrades to work, kloader must be recompiled using
Version Change Log
|RC1||24 December, 2017||initial release|
|RC3||31 December, 2017||
|RC4||1 January, 2018||fixed crash on patching amfi on iOS 10.0.2|
|RC5||4 January, 2018||fixed a bug related to programs requiring JIT|
- v0rtex | IOSurface exploit
- @tihmstar: We just ported v0rtex to 32bit :D @s1guza is going insane lately!
- [Release] Tihmstar releases iOS 10.x H3lix jailbreak for 32bit devices
- @tihmstar: In case you were wondering: There is no tfp0 in h3lix, however there is hfsp(4). I verified it works by using ios-kern-utils.