Difference between revisions of "H3lix"

From The iPhone Wiki
Jump to: navigation, search
m (links)
m
 
(11 intermediate revisions by 5 users not shown)
Line 4: Line 4:
 
| developer = [https://twitter.com/tihmstar tihmstar]<br />[https://twitter.com/s1guza Siguza]
 
| developer = [https://twitter.com/tihmstar tihmstar]<br />[https://twitter.com/s1guza Siguza]
 
| released = {{Start date|2017|12|24|df=yes}}
 
| released = {{Start date|2017|12|24|df=yes}}
| latest release version = RC 1
+
| latest release version = RC6
| latest release date = {{Start date and age|2017|12|24|df=yes}}
+
| latest release date = {{Start date and age|2019|07|23|df=yes}}
 
| operating system = iOS
 
| operating system = iOS
 
| language = English
 
| language = English
Line 11: Line 11:
 
| website = [https://h3lix.tihmstar.net/ h3lix.tihmstar.net]
 
| website = [https://h3lix.tihmstar.net/ h3lix.tihmstar.net]
 
}}
 
}}
'''h3lix''' is a [[semi-untethered jailbreak]] for 32-bit devices running any version of iOS 10, developed by tihmstar and Siguza. h3lix works by sideloading an IPA using [[Cydia Impactor]]. The first release candidate was released on 24 December, 2017. It is one of two jailbreak projects based on the v0rtex exploit, the other being [[Saïgon]] for 64-bit devices.
+
'''h3lix''' is a [[semi-untethered jailbreak]] for 32-bit devices running any version of iOS 10, developed by tihmstar and Siguza. h3lix works by sideloading an IPA using [[Cydia Impactor]]. The first release candidate was released on {{date|2017|12|24}}. It is one of five jailbreak projects based on the v0rtex exploit, the others being [[Saïgon]] for some 64-bit devices on 10.2.1, [[g0blin]] for some 64-bit devices on 10.3-10.3.3, [[doubleH3lix]] for some 64-bit devices on 10.x, and [[Meridian]] for 64-bit devices on 10.x.
   
 
== History ==
 
== History ==
Line 18: Line 18:
 
Since Apple’s transition to 64-bit in 2013, the market share of their 32-bit devices has been steadily shrinking. During the lifespan of iOS 9, the 32-bit share reached a level low enough for jailbreak developers to start dropping 32-bit support altogether. The iOS 10 jailbreaks released in late 2016 and early 2017 continued this trend and left the last supported 32-bit devices, namely the A6 devices, unjailbreakable.
 
Since Apple’s transition to 64-bit in 2013, the market share of their 32-bit devices has been steadily shrinking. During the lifespan of iOS 9, the 32-bit share reached a level low enough for jailbreak developers to start dropping 32-bit support altogether. The iOS 10 jailbreaks released in late 2016 and early 2017 continued this trend and left the last supported 32-bit devices, namely the A6 devices, unjailbreakable.
   
Early 2017 saw renewed interest in the 32-bit deivces, with the release of the [[Home Depot]] jailbreak for iOS 9.1-9.3.4, as well as the iDeviceReRestore tool for restoring to iOS 9 using saved blobs, and the combination of them provided a jailbreak solution for 32-bit devices that had been stuck on iOS 10. Apple silently and effectively killed off iDeviceReRestore as an escape route in July 2017, by exploiting the introduction of a new activation method in iOS 10 to reject activation records coming from A6 devices on iOS 9 and older, if they had ever been activated on iOS 10. By then, the focus of jailbreak developers had already started shifting to the upcoming iOS 11, and it was feared that both iOS 9.3.5 and iOS 10 would remain unjailbreakable on 32-bit. Soon after, however, no less than four jailbreaks were released for 32-bit devices ([[Phœnix]], [[UntetherHomeDepot]], [[etasonJB]] and [[Home Depot]] 1.1 for 8.4.1). At that point all pre-A6 devices were jailbreakable for life, and hopes grew for a final 32-bit jailbreak.
+
Early 2017 saw renewed interest in the 32-bit devices, with the release of the [[Home Depot]] jailbreak for iOS 9.1-9.3.4, as well as the iDeviceReRestore tool for restoring to iOS 9 using saved blobs, and the combination of them provided a jailbreak solution for 32-bit devices that had been stuck on iOS 10. Apple silently and effectively killed off iDeviceReRestore as an escape route in {{date|2017|07}}, by exploiting the introduction of a new activation method in iOS 10 to reject activation records coming from A6 devices on iOS 9 and older, if they had ever been activated on iOS 10. By then, the focus of jailbreak developers had already started shifting to the upcoming iOS 11, and it was feared that both iOS 9.3.5 and iOS 10 would remain unjailbreakable on 32-bit. Soon after, however, no less than four jailbreaks were released for 32-bit devices ([[Phœnix]], [[UntetherHomeDepot]], [[etasonJB]] and [[Home Depot]] 1.1 for 8.4.1). At that point all pre-A6 devices were jailbreakable for life, and hopes grew for a final 32-bit jailbreak.
   
 
=== Development ===
 
=== Development ===
At least one of the exploits that powered the iOS 10 jailbreaks, mach_portal by [[Ian Beer]] of the Google Zero project, could in theory be ported to 32-bit. Beer used another vulnerability he discovered, CVE-2017-13861, to write the async_exploit for iOS 11, inspiring Siguza to write an exploit that was compatible with 64-bit iOS 10, named [[v0rtex]], on which he published an article in early December of 2017.<ref>[https://siguza.github.io/v0rtex/ v0rtex | IOSurface exploit]</ref> v0rtex quickly replaced Adam Donenfeld’s ziVa exploit in the [[Saïgon]] project, and it was expected that porting it to 32-bit would be feasible. About a week later, tihmstar announced that he and Siguza had in fact done so,<ref>[https://twitter.com/tihmstar/status/940751131709292545 @tihmstar: We just ported v0rtex to 32bit :D @s1guza is going insane lately!]</ref> and as the duo were responsible for the [[Phœnix]] jailbreak a few months earlier, users hoped that this meant that a 32-bit jailbreak was imminent. Screenshots were posted by tihmstar as the development progressed, and the user community was involved with choosing the name and designing the app and logo. Credits were given to @FoxletFox for the graphics and Jacky C for the logo concept.
+
At least one of the exploits that powered the iOS 10 jailbreaks, mach_portal by [[Ian Beer]] of the Google Zero project, could in theory be ported to 32-bit. Beer used another vulnerability he discovered, CVE-2017-13861, to write the async_exploit for iOS 11, inspiring Siguza to write an exploit that was compatible with 64-bit iOS 10, named [[v0rtex]], on which he published an article in early {{date|2017|12}}.<ref>[https://siguza.github.io/v0rtex/ v0rtex | IOSurface exploit]</ref> v0rtex quickly replaced Adam Donenfeld’s ziVa exploit in the [[Saïgon]] project, and it was expected that porting it to 32-bit would be feasible. About a week later, tihmstar announced that he and Siguza had in fact done so,<ref>[https://twitter.com/tihmstar/status/940751131709292545 @tihmstar: We just ported v0rtex to 32bit :D @s1guza is going insane lately!]</ref> and as the duo were responsible for the [[Phœnix]] jailbreak a few months earlier, users hoped that this meant that a 32-bit jailbreak was imminent. Screenshots were posted by tihmstar as the development progressed, and the user community was involved with choosing the name and designing the app and logo. Credits were given to @FoxletFox for the graphics and Jacky C for the logo concept.
   
 
The first release candidate of h3lix was then published on tihmstar’s website on Christmas Eve, successfully tested with iOS 10.3.3 on the [[N42AP]] (iPhone5,2). Users found it to be compatible with other A6 devices on the same version, while some also reported problems when attempting to use it on older iOS 10 versions.<ref>[https://www.reddit.com/r/jailbreak/comments/7lvufg/release_tihmstar_releases_ios_10x_h3lix_jailbreak/ <nowiki>[Release]</nowiki> Tihmstar releases iOS 10.x H3lix jailbreak for 32bit devices]</ref>
 
The first release candidate of h3lix was then published on tihmstar’s website on Christmas Eve, successfully tested with iOS 10.3.3 on the [[N42AP]] (iPhone5,2). Users found it to be compatible with other A6 devices on the same version, while some also reported problems when attempting to use it on older iOS 10 versions.<ref>[https://www.reddit.com/r/jailbreak/comments/7lvufg/release_tihmstar_releases_ios_10x_h3lix_jailbreak/ <nowiki>[Release]</nowiki> Tihmstar releases iOS 10.x H3lix jailbreak for 32bit devices]</ref>
   
Being the last version offered for the A6 devices, iOS 10 was considered by some users to be slower and less usable than older versions, making downgrading one of the main use cases for this jailbreak. Like some other jailbreaks, h3lix does not enable <code>task_for_pid(0)</code>, but tihmstar announced that it does have the equivalent <code>host_get_special_port(4)</code> instead.<ref>[https://twitter.com/tihmstar/status/945184098808664064 @tihmstar: In case you were wondering: There is no tfp0 in h3lix, however there is hfsp(4). I verified it works by using ios-kern-utils.]</ref> For kloader-based downgrades to work, kloader must be recompiled using <code>host_get_special_port(4)</code> instead.
+
Being the last version offered for the A6 devices, iOS 10 was considered by some users to be slower and less usable than older versions, making downgrading one of the main use cases for this jailbreak. Like some other jailbreaks, h3lix does not enable <code>task_for_pid(0)</code>, but tihmstar announced that it does have the equivalent <code>host_get_special_port(4)</code> instead.<ref>[https://twitter.com/tihmstar/status/945184098808664064 @tihmstar: In case you were wondering: There is no tfp0 in h3lix, however there is hfsp(4). I verified it works by using ios-kern-utils.]</ref> For [[kloader]]-based downgrades to work, kloader must be recompiled using <code>host_get_special_port(4)</code> instead.
   
 
=== Version Change Log ===
 
=== Version Change Log ===
Line 34: Line 34:
 
! Changes
 
! Changes
 
|-
 
|-
| RC 1
+
| RC1
| 24 December, 2017
+
| {{date|2017|12|24}}
| Initial release
+
| initial release
  +
|-
  +
| RC2
  +
| {{date|2017|12|25}}
  +
| fixed JavaScript bug
  +
|-
  +
| RC3
  +
| {{date|2017|12|31}}
  +
|
  +
*added support for iOS 10.2
  +
*only running exploit if system was up for at least 80 sec
  +
*running uicache manually form the app clears Cydia caches
  +
|-
  +
| RC4
  +
| {{date|2018|01|01}}
  +
| fixed crash on patching amfi on iOS 10.0.2
  +
|-
  +
| RC5
  +
| {{date|2018|01|04}}
  +
| fixed a bug related to programs requiring JIT
  +
|-
  +
| RC6
  +
| {{date|2018|07|23}}
  +
| added support for 10.3.4
 
|}
 
|}
   

Latest revision as of 01:00, 17 September 2021

h3lix
Developer(s) tihmstar
Siguza
Initial release 24 Dec 2017 (2017-12-24)
Stable release RC6 / 23 July 2019; 5 years ago
Operating system iOS
Available in English
Type Jailbreaking
Website h3lix.tihmstar.net

h3lix is a semi-untethered jailbreak for 32-bit devices running any version of iOS 10, developed by tihmstar and Siguza. h3lix works by sideloading an IPA using Cydia Impactor. The first release candidate was released on 24 December 2017. It is one of five jailbreak projects based on the v0rtex exploit, the others being Saïgon for some 64-bit devices on 10.2.1, g0blin for some 64-bit devices on 10.3-10.3.3, doubleH3lix for some 64-bit devices on 10.x, and Meridian for 64-bit devices on 10.x.

History

Background

Since Apple’s transition to 64-bit in 2013, the market share of their 32-bit devices has been steadily shrinking. During the lifespan of iOS 9, the 32-bit share reached a level low enough for jailbreak developers to start dropping 32-bit support altogether. The iOS 10 jailbreaks released in late 2016 and early 2017 continued this trend and left the last supported 32-bit devices, namely the A6 devices, unjailbreakable.

Early 2017 saw renewed interest in the 32-bit devices, with the release of the Home Depot jailbreak for iOS 9.1-9.3.4, as well as the iDeviceReRestore tool for restoring to iOS 9 using saved blobs, and the combination of them provided a jailbreak solution for 32-bit devices that had been stuck on iOS 10. Apple silently and effectively killed off iDeviceReRestore as an escape route in July 2017, by exploiting the introduction of a new activation method in iOS 10 to reject activation records coming from A6 devices on iOS 9 and older, if they had ever been activated on iOS 10. By then, the focus of jailbreak developers had already started shifting to the upcoming iOS 11, and it was feared that both iOS 9.3.5 and iOS 10 would remain unjailbreakable on 32-bit. Soon after, however, no less than four jailbreaks were released for 32-bit devices (Phœnix, UntetherHomeDepot, etasonJB and Home Depot 1.1 for 8.4.1). At that point all pre-A6 devices were jailbreakable for life, and hopes grew for a final 32-bit jailbreak.

Development

At least one of the exploits that powered the iOS 10 jailbreaks, mach_portal by Ian Beer of the Google Zero project, could in theory be ported to 32-bit. Beer used another vulnerability he discovered, CVE-2017-13861, to write the async_exploit for iOS 11, inspiring Siguza to write an exploit that was compatible with 64-bit iOS 10, named v0rtex, on which he published an article in early December 2017.[1] v0rtex quickly replaced Adam Donenfeld’s ziVa exploit in the Saïgon project, and it was expected that porting it to 32-bit would be feasible. About a week later, tihmstar announced that he and Siguza had in fact done so,[2] and as the duo were responsible for the Phœnix jailbreak a few months earlier, users hoped that this meant that a 32-bit jailbreak was imminent. Screenshots were posted by tihmstar as the development progressed, and the user community was involved with choosing the name and designing the app and logo. Credits were given to @FoxletFox for the graphics and Jacky C for the logo concept.

The first release candidate of h3lix was then published on tihmstar’s website on Christmas Eve, successfully tested with iOS 10.3.3 on the N42AP (iPhone5,2). Users found it to be compatible with other A6 devices on the same version, while some also reported problems when attempting to use it on older iOS 10 versions.[3]

Being the last version offered for the A6 devices, iOS 10 was considered by some users to be slower and less usable than older versions, making downgrading one of the main use cases for this jailbreak. Like some other jailbreaks, h3lix does not enable task_for_pid(0), but tihmstar announced that it does have the equivalent host_get_special_port(4) instead.[4] For kloader-based downgrades to work, kloader must be recompiled using host_get_special_port(4) instead.

Version Change Log

Version Date Changes
RC1 24 December 2017 initial release
RC2 25 December 2017 fixed JavaScript bug
RC3 31 December 2017
  • added support for iOS 10.2
  • only running exploit if system was up for at least 80 sec
  • running uicache manually form the app clears Cydia caches
RC4 1 January 2018 fixed crash on patching amfi on iOS 10.0.2
RC5 4 January 2018 fixed a bug related to programs requiring JIT
RC6 23 July 2018 added support for 10.3.4

See also

References