How to jailbreak iOS 9.3.5 on iPad 2. First step is downloading the phoenixpwn ipa and Cydia. This compatible with all 32bits devices on iOS9.3.5 firmware version. In alternative you can jailbreak your device using a computer just need the oficial jailbreak app from here and install on your device using cydia impactor download from here. Click on the Install button, and run the installation process on your device. Once installed, you would need to trust the app by going to Settings General Device Management and then invoking the Phoenix app to get the jailbreak payload out of it. And, that’s pretty much it! Your iOS 9.3.5 has been jailbroken! Jailbreak iOS 9.3.5 Running On 32-Bit Devices Using Phoenix The semi-untethered nature of it means you’d have to re-run the jailbreak app after every reboot if you want to place the device into jailbroken state again, and it has to be re-loaded and re-signed via Cydia Impactor every week or so, depending on the sort of certificate you have.

Phoenix is semi-untethered Jailbreak for iOS 9.3.5, iOS 9.3.6 jailbreak on 32-bit devices.

Download Phoenix without a computer (Online Method) or download and sideload Phoenix IPA to your iPhone or iPad with Cydia Impactor (Computer Method)

iOS compatibility : iOS 9.3.5 , iOS 9.3.6

Device Compatibility : iPhone 4s, iPhone 5, iPhone 5c, iPod touch 5G, iPad mini, iPad 2, iPad 3rd gen, iPad 4th gen

Online Method

Online method is the easiest method to download Phoenixpwn jailbreak. It does not require a computer. PC free Phoenix Online IPA is available with Silzee online Jailbreak app exclusive on zJailbreak.

How To Full Jailbreak Ios 9.3 55 Download Free

Phoenix jailbreak not working – Phoenix jailbreak could not be installed at this time with zJailbreak. Because the Phoenix Online method uses an enterprise certificate revoked by Apple. Apple regularly does this. Therefore, phoenix jailbreak download no pc method not working with any online IPA service provider such as Appvalley, Silzee, Panda helper. So, use an alternative for Phoenix to install Jailbreak apps.

phoenix jailbreak alternative

zJailbreak – zJailbreak is the best alternative for phoenix. It is compatible with all 32-bit & 64-bit devices. It consists of many Jailbreak tweaks, Apps Themes and many more. Download from the above button.

JailbreakMe – This is another Jailbreak for iOS 9.3.5 & iOS 9.3.6. It will install Cydia automatically once the jailbreak process completes. You can use Phoenixpwn alternative. Get more information and download links from JailbreakMe page.

Otherwise, if you have any compatible for latest iOS versions and use the latest Jailbreak tools. Get information from the following pages.

Step guide for Phoenix Online method

Step 01 – Tap the above button to install zJailbreak first.

Note – Currently, Phoenix Online IPA has been revoked by Apple. It will be fixed soon! Use zjailbreak as an alternative.

Step 02 – Open the zJailbreak, and find the Silzee online JB app.

Step 03 – Tap install button.

Step 04 – Enter your device passcode, if you have set up already.

Step 05 – Tap the install button, then Click on Done.

Step 06 – Now Silzee online jb app will appear on your device homescreen.

Step 07 – Open the Silzee Online JB app and Click on the Phoenix button.

Step 08 – It will take a few seconds to install Phoenix jailbreak app to your device, and finally, Phoenix JB appears on your homescreen.

Step 09 – Run the Phoenix JB app from your homescreen.

Step 10 – Tap on the “Prepare For Jailbreak”–> “Accept” → “Proceed With jailbreak”—-> “Begin Installation” to start the Jailbreak process.

Step 11 – Finally, Cydia icon will be available on your homescreen.

Step guide for Computer Method (Windows/Mac/Linux)

Step 01 – Download the Phoenix 5.ipa and Cydia impactor using the following links.

Note – Cydia impactor works with paid Apple Developer accounts only.

Step 02 – Connect your device to the computer.

Step 03 – Open Cydia Impactor.

Step 04 – Drag and drop the Phoenix IPA file onto Cydia Impactor.

Step 05 – Enter your Apple ID and password sent to Apple to sign the IPA file. Then Cydia Impactor started installing the jailbreak app.

Step 06 – Now Phoenix Jailbreak app installed to your device.

Step 07 – Now verify the Phoenix Jailbreak app you have to trust the profile.

Go to Settings — > General — > Device Management — > Phoenix Jailbreak — > Verify — > Trust.

Step 08 – Now go back to the Home screen and open the Phoenix app.

Step 09 – Click on the “Prepare For Jailbreak” button to start the jailbreak.

Step 10 – Click on “Accept” and Dismiss the “Free Mixtape Available” popup message to avoid installing unwanted apps.

Step 11 – Click on “Proceed With jailbreak”—-> “Begin Installation”—->Use provided Offsets.

Step 12 – Now the jailbreak process begins and this process takes some time. “Storage Almost Full” message might pop up when installing Cydia. Click on “Done.”

Step 13 – Once jailbreak completes your device will reboot. Finally, the Cydia icon should appear on your homescreen.

Note : If Cydia is not there, repeat the above Jailbreak process until it works.

Phoenix jailbreak offsets

You need to manually specify offsets for iOS 9.3.5 & iOS 9.3.6. Phoenix v3.0 update fixes custom offsets to avoid facing issues.

Change Log

23/07/2019 – v5 update Ships with offsets for 9.3.6 now.

07 /10/2017 – v4 update fixes followings.

Adds the option to force a complete reinstall by holding down on “Kickstart Jailbreak”

Fixes two crashes when contacting phoenixpwn.com for offsets if there is an SSL error or a status code of 200 is returned, but the response body is empty.

08/08/2017 – v3 update fixes custom offsets

07/08/2017 – v2 update release to fix following issues.

Removes problematic binaries that resulted in multiple scripts breaking.

LaunchDaemons not starting after re-jailbreaking.

Mixtape Player where lyrics did not display correctly using Dark Mode.

Mixtape Player where seeking would result in graphical glitches.

“Better Not Lack” (track 12) now appears correctly in Mixtape Player.

Temporarily disable Dark Mode in Mixtape Player by firmly pressing the app icon and choosing “Mixtape Player”.

07/08/2017 – v1 Initial release

Developers

Exploit by s1guza and tihmstar.

Other Contributors – mbazaliy, qwertyoruiop, jk9357, REALKJCMEMBER

Common Phoenix errors

• Error – http-win.cpp:159

“Peer certificate cannot be authenticated with given CA certificates SSL certificate problem: self signed certificate in certificate chain”

How to fix – Go to Impactor > Xcode > Revoke Certificates or impactor > Xcode > Delete App ID. Then try installing Phoenix3.ipa

• Error – File: installer.cpp; line: 71; what_assert’

How to fix – There are 3 options to fix this. Cydia impactor works with paid certificate only. Get Paid Apple developer account. If not, use Xcode + iOS App Signer utility to sideload the jailbreak IPA. Otherwise use AltStore to sideload the jailbreak app.

• Error – SSL ERROR 133

“http-sox.cpp:133 An SSL error has occurred and a secure connection to the server can not be made”

How to fix – Force close Cydia Impactor, Launch iTunes and sync your device, Quit iTunes and re-open Cydia Impactor.

• HTTP-WIN.CPP:158

“Peer certificate cannot be authenticated with given CA certificates. SSL certificate problem: self signed certificate in certificate chain”

How to fix – uninstall your current Impactor version and o download the latest update of Cydia Impactor.

• Error – Asking for offsets when trying to re-jailbreak

How to Fix – offsets are broken in v1 and v2 update. Remove the old versions. Get V3 Phoenix update.

• Error – provision.cpp:173 error

“Please sign in with an app-sepcific passwords. You can create one at applieid.apple.com.”

How to fix – just create a new Apple ID and password and try again. If not solve, try disabling two-factor authentication and make an attempt using your existing Apple ID password.

• 8
• 9
• 17

We updated iOS Forensic Toolkit to bring two notable improvements. The first one is the new acquisition option for jailbreak-free extractions. The new extraction mode helps experts save time and disk space by pulling only the content of the user partition while leaving the static system partition behind. The second update expands jailbreak-free extraction all the way back to iOS 9, now supporting all 64-bit devices running all builds of iOS 9.

Extracting user data

In addition to the complete file system extraction, which gives you a copy of all files and folders in the user partition and also the content of the OS system partition, we are now offering a simplified extraction option. In this simplified extraction mode, iOS Forensic Toolkit will only copy parts of the file system that belong to the user data, skipping the OS system partition entirely.

Why skip the system partition during the extraction? The content of the system partition is far less relevant for the investigation compared to user data. The data in the system partition consists of read-only executable files, system libraries and other things that are required for the operating system to run. System logs? These are parts of the user data, and will be extracted along with the rest of the data when using the new simplified option.

Why would you want the system partition? If the iOS device was ever jailbroken, the content of the system partition could be modified, and you could see the traces of the jailbreak, even if the jailbreak was removed later on. Other than this, there is no point in extracting the system partition as the data does not vary across devices of the same model running the same version of iOS.

The benefits of simplified extraction? For small-capacity iPhones, the new option can speed up the extraction two to three times compared to full device extraction. Higher capacity devices offer comparatively lesser time savings, yet the user-targeted set is still easier to analyze.

To extract user data only using agent-based extraction method:

1. Press 1 to sideload the agent onto the device
2. Press 2 to extract and decrypt the keychain if needed (highly recommended!)
3. Press 4 to extract the file system image (user data only)
4. Press 5 to remove the extraction agent from the device

iOS 9 extraction without a jailbreak

Originally released in September 2015 with the iPhone 6s and 6s Plus, iOS 9 was backported to a massive number of older devices. The 64-bit iPhone models capable of running iOS 9 range from the iPhone 5s to iPhone 6s and 6s Plus, as well as the iPhone SE (original 4-inch model). While one is hardly likely to encounter an iOS 9 device in the wild, forensic labs still have a backlog of devices running, specifically, iOS 9.3.4 and 9.3.5, the two versions of iOS 9 that lack a working jailbreak. In this iOS Forensic Toolkit update, we brought support for jailbreak-free extraction for the entire range of 64-bit devices capable of running all versions of iOS 9 up to and including iOS 9.3.5. Let’s see what it takes to extract an older iPhone without a jailbreak.

Why supporting iOS 9 in 2020?

iOS 9 was available on three SoC generations used in 64-bit devices ranging from the iPhone 5s all the way to the iPhone 6s, 6s Plus and the first model of the iPhone SE. While many users regularly update their OS, many others don’t, and some users just keep their iPhones on whatever iOS version was installed in the factory. This means a not insignificant chunk of iPhone 6s and iPhone SE devices processed in forensic labs are still running the original version of iOS 9 (or 9.3 in the case of the iPhone SE).

iOS 9 jailbreaks

Since iOS 9 is already old, there are plenty of jailbreaks for almost the entire range. However, exactly because it is that old, there are multiple caveats with many of these jailbreaks. With iOS 9 jailbreaks, there are issues with Kernel Patch Protection (KPP). The nature of public jailbreaks at the time required KPP Bypass, a technique that was used by both Pangu9 jailbreaks, Yalu+mach_portal, Yalu+extra_recipe, Yalu102, and Saïgon jailbreaks targeting the many versions of iOS. This technique was one of the reasons making iOS 9 jailbreaks less than perfectly stable, difficult and sometimes plain out dangerous to install.

Sounds bad enough? You haven’t tried installing OpenSSH on any of these jailbreaks without compromising the device by opening an Internet connection. Adding salt to injury, no public jailbreak was ever released for the two last versions of iOS 9: 9.3.4 and 9.3.5.

Using an acquisition agent removes the guesswork and risks associated with jailbreaking, making the acquisition process simple and straightforward.

Devices compatible with iOS 9

iOS 9 was supported on the following iPhone devices:

• iPhone 5S (iOS 9.0-9.3.5)
• iPhone 6 & 6 Plus (iOS 9.0-9.3.5)
• iPhone 6s & 6s Plus (iOS 9.0-9.3.5)
• iPhone SE (1st gen) (iOS 9.3-9.3.5; the iPhone SE uses the same SoC as the iPhone 6s, but was released at a later date with iOS 9.3 on board)

The following iPad models are using compatible SoC and capable of running iOS 9:

• iPad Air (iOS 9.0-9.3.5)
• iPad Air 2 (iOS 9.0-9.3.5)
• iPad Mini 2 (iOS 9.0-9.3.5)
• iPad Mini 3 (iOS 9.0-9.3.5)
• iPad Mini 4 (iOS 9.0-9.3.5)
• iPad Pro 9.7 (1st Gen) (iOS 9.3-9.3.5)
• iPad Pro 12.9 (1st Gen) (iOS 9.1-9.3.5)

As already mentioned, public jailbreaks were only available for iOS 9.0 through 9.3.3. No public jailbreaks are available for iOS 9.3.4 and 9.3.5. Elcomsoft acquisition agent supports all versions of iOS 9 including the two last versions by backporting an exploit that was discovered at a much later date.

Notably, iOS 9 was also available for the iPhone 4s (it’s the last major iOS release for this phone) and iPhone 5/5c models (these can also run iOS 10). However, instead of agent-based extraction, we are planning a much better solution for the 5 and 5c, including the passcode recovery option.

Jailbreak Ios 9.3.2

What about iOS 9.3.6? This specific version of iOS was released late in July, 2019. Only available on a handful of 32-bit hardware such as the iPhone 4S and cellular models of the iPad Mini (1st generation), iPad 2 (CDMA model), and cellular models of the iPad 3, the purpose of this release was to address an issue with GPS location performance causing the system date and time to be incorrect. Since this release is specific to old, 32-bit devices, it is not supported on newer 64-bit hardware, and, as such, is not supported in iOS Forensic Toolkit.

Prerequisites

There are no iOS 9 specific requirements to perform file system extraction or keychain decryption. You will need iOS Forensic Toolkit 6.30 or newer, and you must be able to unlock the iPhone you are extracting (the screen lock passcode must be known or empty). Note that we do not recommend removing the screen lock passcode as some information may go missing if you do so.

Similar to other cases, agent-based extraction requires the use of an Apple Developer Account. We wrote a comprehensive article about that: Why Mobile Forensic Specialists Need a Developer Account with Apple.

File System Extraction Limitations and Future Work

How To Jailbreak Ios 9.3 5 With 3utools

The recent updates had changed the compatibility table.

How To Jailbreak Ios 10.3.3

If you look carefully, you may notice that some systems lack the ability to extract the keychain when using jailbreak-free extraction. These include:

• iOS 12.3-12.4.8 (iPhone 5s, iPhone 6 and 6 Plus)
• iOS 13.3.1-13.4.1 (all device models capable of running these iOS builds)

9.3.5 Ios Jailbreak

For these combinations, we’ve used a very robust exploit covering most versions of iOS up to 13.4.1. However, this exploit does not provide the full capabilities of the root account, making the keychain inaccessible. In addition to the keychain, this exploit does not enable access to certain folders, most notable being the omission of the /private/var/root folder containing location data. We are working on integrating the latest exploits to decrypt the keychain and access previously locked folders in all versions of iOS including iOS 13.3.1-13.5.

• 8
• 9
• 17