h3lix

From The iPhone Wiki
Jump to: navigation, search
h3lix
Developer(s) tihmstar
Siguza
Initial release 24 Dec 2017 (2017-12-24)
Stable release RC5 / 4 Jan 2018; 9 months ago
Operating system iOS
Available in English
Type Jailbreaking
Website h3lix.tihmstar.net

h3lix is a semi-untethered jailbreak for 32-bit devices running any version of iOS 10, developed by tihmstar and Siguza. h3lix works by sideloading an IPA using Cydia Impactor. The first release candidate was released on 24 December, 2017. It is one of five jailbreak projects based on the v0rtex exploit, the others being Saïgon for some 64-bit devices on 10.2.1, g0blin for some 64-bit devices on 10.3-10.3.3, doubleH3lix for some 64-bit devices on 10.x, and Meridian for 64-bit devices on 10.x.

History

Background

Since Apple’s transition to 64-bit in 2013, the market share of their 32-bit devices has been steadily shrinking. During the lifespan of iOS 9, the 32-bit share reached a level low enough for jailbreak developers to start dropping 32-bit support altogether. The iOS 10 jailbreaks released in late 2016 and early 2017 continued this trend and left the last supported 32-bit devices, namely the A6 devices, unjailbreakable.

Early 2017 saw renewed interest in the 32-bit devices, with the release of the Home Depot jailbreak for iOS 9.1-9.3.4, as well as the iDeviceReRestore tool for restoring to iOS 9 using saved blobs, and the combination of them provided a jailbreak solution for 32-bit devices that had been stuck on iOS 10. Apple silently and effectively killed off iDeviceReRestore as an escape route in July 2017, by exploiting the introduction of a new activation method in iOS 10 to reject activation records coming from A6 devices on iOS 9 and older, if they had ever been activated on iOS 10. By then, the focus of jailbreak developers had already started shifting to the upcoming iOS 11, and it was feared that both iOS 9.3.5 and iOS 10 would remain unjailbreakable on 32-bit. Soon after, however, no less than four jailbreaks were released for 32-bit devices (Phœnix, UntetherHomeDepot, etasonJB and Home Depot 1.1 for 8.4.1). At that point all pre-A6 devices were jailbreakable for life, and hopes grew for a final 32-bit jailbreak.

Development

At least one of the exploits that powered the iOS 10 jailbreaks, mach_portal by Ian Beer of the Google Zero project, could in theory be ported to 32-bit. Beer used another vulnerability he discovered, CVE-2017-13861, to write the async_exploit for iOS 11, inspiring Siguza to write an exploit that was compatible with 64-bit iOS 10, named v0rtex, on which he published an article in early December of 2017.[1] v0rtex quickly replaced Adam Donenfeld’s ziVa exploit in the Saïgon project, and it was expected that porting it to 32-bit would be feasible. About a week later, tihmstar announced that he and Siguza had in fact done so,[2] and as the duo were responsible for the Phœnix jailbreak a few months earlier, users hoped that this meant that a 32-bit jailbreak was imminent. Screenshots were posted by tihmstar as the development progressed, and the user community was involved with choosing the name and designing the app and logo. Credits were given to @FoxletFox for the graphics and Jacky C for the logo concept.

The first release candidate of h3lix was then published on tihmstar’s website on Christmas Eve, successfully tested with iOS 10.3.3 on the N42AP (iPhone5,2). Users found it to be compatible with other A6 devices on the same version, while some also reported problems when attempting to use it on older iOS 10 versions.[3]

Being the last version offered for the A6 devices, iOS 10 was considered by some users to be slower and less usable than older versions, making downgrading one of the main use cases for this jailbreak. Like some other jailbreaks, h3lix does not enable task_for_pid(0), but tihmstar announced that it does have the equivalent host_get_special_port(4) instead.[4] For kloader-based downgrades to work, kloader must be recompiled using host_get_special_port(4) instead.

Version Change Log

Version Date Changes
RC1 24 December, 2017 initial release
RC2 25 December, 2017 fixed JavaScript bug
RC3 31 December, 2017
  • added support for iOS 10.2
  • only running exploit if system was up for at least 80 sec
  • running uicache manually form the app clears Cydia caches
RC4 1 January, 2018 fixed crash on patching amfi on iOS 10.0.2
RC5 4 January, 2018 fixed a bug related to programs requiring JIT

See also

References