p0laris Jailbreak for iOS 9.3.5 and iOS 9.3.6

iOS 9 is an old firmware that can be a great playground for future jailbreak developers. Especially now, when p0laris app was released to the public. The new open-source jailbreak tool for all 32-bit devices running iOS 9 teaches you how to exploit the system.

p0laris Jailbreak Download v1.0.1

What is p0laris?

p0laris is a new jailbreak app for iOS 9 published in 2022 by @spv. The most important feature of this jailbreak tool is that it was released as an open-source project, will full source code available through GitHub. p0laris can be sideloaded on your device with Sideloadly or AltStore.

To jailbreak your iPhone p0laris app, use the phoenix kernel exploit. Therefore, p0laris jailbreak supports all versions of iOS 9.x including the latest releases on 32-bit devices such as iOS 9.3.5 and iOS 9.3.6. It's a semi-untethered jailbreak, and it will stop working after restart.

Because p0laris jailbreak was released as an open-source project, you can learn from it how to create and develop your own jailbreak tools. It uses some code from doubleH3lix for permission and springboard fixing, and the kernel exploit from Phoenix jailbreak by @s1guza and @tihmstar.

Phoenix itself inspires the minimalistic graphical interface of p0laris jailbreak. After jailbreaking your iPhone or iPad by default, it installs Cydia 9.0. Using this old-school package manager you will access apps, tweaks, themes, and other packages from Cydia Repos.

p0laris jailbreak should also deliver an untether in the near future. When @spv will manage to achieve it, the jailbreak will be the first to deliver an untethered jailbreak for iOS 9 (it will work after restarting the device). The developer is also planning to add support for iOS 10 devices.

The developer released the first version of wip untether for p0laris jailbreak on 21 Jun 2022. Current offsets are included for iPhone4,1 on 9.3.6 (13G37) and iPod5,1 on 9.3.5 (13G36). iOS 9 untether may work on other devices and/or firmware, but that's unlikely.

This open-source iOS 9 untether is still a work-in-progress. It gets ROP in racoon, then gets JS code exec with RWC primitives (arbitrary r/w, currently up to 26-arg call primitive). The untether works with p0laris, but you can also run it successfully on Phoenix jailbreak.

p0laris jailbreak source code was released under the LGPL-2.1 license. If you are interested to learn how the jailbreak works, feel free to navigate to the official GitHub Repository offering access to the code. The latest changes to the source code were committed on 19 May 2022.

The project was written in the following languages: 77.6% C, 19.7% Objective-C, and 2.7% C++. To compile to code, it's required to run a macOS with the latest version of Xcode tool. In the p0laris repo, you can find also the source code for the latest releases of iOS 9 untether.

The latest build of p0laris jailbreak should allow migration from Home Depot or phoenix.

Supported devices

• iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus.
• iPhone SE.
• iPhone 5s, iPhone 5c, iPhone 5.
• iPhone 4s.
• iPad Pro (12.9-inch).
• iPad Pro (9.7-inch).
• iPad Air 2, iPad Air.
• iPad 4th generation, iPad 3rd generation, iPad 2.
• iPad mini 4, iPad mini 3, iPad mini 2, iPad mini.

Download p0laris Jailbreak

p0laris jailbreak was released for iOS 9 as an IPA package that can be installed on your iPhone or iPad with Sideloadly or AltStore. Those Desktop tools allow you to sign the IPA file with your own certificate and sideload the jailbreak app on your iDevice.

p0laris IPA can be installed on all supported iOS 9 devices using Sideloadly, the best working Cydia Impactor alternative. For the purpose of this article, we will use Sideloadly as the IPA installation tool. It works on macOS and Windows. Linux's users can instead try AltStore.

Step 1. Download p0laris Jailbreak IPA (link available at top of this page).

Step 2. Open Sideloadly application.

Step 3. Connect your iPhone or iPad to the computer via USB.

Step 4. Drag and drop the p0laris IPA to the Sideloadly window.

Step 5. Enter your Apple ID to sign IPA file.

Step 6. Click the Start button to install the p0laris jailbreak app on your iDevice.

Step 7. Provide the password for your Apple ID.

To make this process even easier we included on top of this page quick URL links allowing you to download, sign and install the p0laris Jailbreak v1.0.1 IPA file with just one click through your favorite tools such as Sideloadly, ReProvision, or AltStore. Because p0laris IPA was signed by your own certificate it's required to trust it to open app on your device.

Step 8. Open the Settings app from the Home Screen.

Step 9. Navigate to General → VPN & Device Management.

Step 10. Click on the developer app with your e-mail.

Step 11. Tap on Trust to allow the application to run.

iOS 9 untether install steps

@spv iOS 9 untether is a work-in-progress in a really early stage. The exploit was tested to run with an iPhone4,1 on iOS 9.3.6 (13G37). If you don't know what are you doing or you don't know how to compile the code, wait for the stable release via the official repository.

1. Jailbreak your device with p0laris (or Phoenix).
2. Install required dependencies such as GCC, git, etc.
3. Open the terminal app on your system.
4. Run: git clone https://github.com/p0larisdev/untether.git
5. Open the folder: cd untether
6. Execute: ./build_native.sh
7. Execute: ./install_native.sh
8. Execute: /usr/libexec/dhcpd -q -cf old_exp.conf (run the racoon exploit once)
9. or instead /usr/libexec/dhcpd -q -cf exploit.conf (run the racoon exploit forever)
10. Enter Ctrl+C when it exits to finish.

What's new

• The first release of the iOS 9 untether for p0laris and Phoenix.
• The initial release of the p0laris Jailbreak app.

Written by

Kuba Pawlak

Kuba has over 20 years of experience in journalism, focusing on jailbreak since 2012. He has interviewed professionals from various companies. Besides journalism, Kuba specializes in video editing and drone flying. He studied IT at university before his writing career.

Post a comment