To appreciate the achievement, one must first understand what “untethered” means in the context of jailbreaking. A jailbreak is the process of removing the sandbox restrictions imposed by iOS, granting root access to the user. This is achieved by exploiting vulnerabilities in the kernel or userland services. Jailbreaks fall into three categories: tethered, semi-tethered, and untethered.

By the time iOS 9.3.5 was released, untethered jailbreaks were becoming rarities. Apple’s introduction of KPP (Kernel Patch Protection), mandatory code signing, and the gradual hardening of the boot process made persistent, reboot-proof code execution extraordinarily difficult. The Phœnix jailbreak for 9.3.5 was one of the last publicly available untethered jailbreaks for a modern (64-bit) iOS version.

Compatible Devices: iPhone 5, iPhone 5c, iPad 4, iPad Mini 1, iPad 2, iPhone 4s. Constraint: This requires a computer to re-sign the app every 7 days (unless you have a paid developer account). The jailbreak disables after a reboot.

The most famous name associated with iOS 9.3.5 is Phoenix. Released by the renowned developer Siguza and the tihmstar team (known for "Home Depot" and "EtasonJB"), Phoenix became the defacto standard.

Phoenix is NOT untethered. It is a semi-untethered jailbreak.

Here is how it works:

If you reboot, the jailbreak vanishes. You must re-open the Phoenix app and re-run the exploit. For most users, this is acceptable. However, for the purist seeking a true untethered experience, Phoenix feels incomplete.

The hero of this story is Siguza, a German security researcher, who released the Phœnix untethered jailbreak for iOS 9.3.5 in late 2017. The core of Phœnix was not a new zero-day but a masterful exploitation of an older, misunderstood bug: CVE-2017-6979 (the “offsets” bug), combined with an additional kernel vulnerability (v0rtex). However, the key to the untethered nature lay in the persistence mechanism.

Siguza’s approach was a callback to earlier, more hardware-agnostic methods. He exploited a vulnerability in the way iOS handles resource properties (specifically in IOKit), allowing for an arbitrary read/write primitive in the kernel. But to make it untethered, he bypassed KPP not by patching the kernel directly—which KPP would detect on the next reboot—but by patching the kernel’s data structures in memory only and then forcing a specific system daemon (which runs as root) to load a dynamic library. More importantly, the jailbreak embedded a bootstrap script into the filesystem that would be executed by launchd (the init process) early in the boot cycle. This script would then re-trigger the IOKit exploit before KPP had fully armed itself.

The breakthrough was the “off-by-one” in the kernel’s task suspension logic. By carefully corrupting a single byte in a kernel map structure, Siguza could cause the kernel to skip certain security checks during the next boot. This is the hallmark of an untethered jailbreak: a tiny, persistent corruption that allows the full exploit chain to run again automatically.

Enter Siguza, a renowned security researcher and reverse engineer. He looked at the patched exploit and realized Apple hadn't fixed everything. The door was closed, but they had left a window open.

Siguza discovered that while the specific exploit Moonshine used was patched, the underlying vulnerability in the IOHIDFamily kernel extension remained viable. Apple had fixed the "trigger," but not the "gun."

For months, Siguza worked in the shadows. The goal was ambitious: to build the first truly untethered jailbreak for iOS 9.3.5. He wasn't just building a tool; he was resurrecting a dead era. He collaborated with other legends, including tihmstar and mbazaliy, to weaponize the exploit.

Important Note on Reboots: If your device runs out of battery or you restart it:

| Feature | iOS 9.3.5 (public) | |---------|---------------------| | Untethered? | ❌ No | | Semi-untethered? | ✅ Yes (Phoenix / kok3shi9) | | Tethered? | ❌ No need | | Will an untethered ever appear? | Extremely unlikely (0.1% chance) |

Treat iOS 9.3.5 as a legacy sandbox, not a daily driver. The semi-untethered tools are stable, well-tested, and perfectly adequate for their purpose: running old 32/64-bit apps, tweaks for nostalgia, or device research.

If you find someone selling an "iOS 9.3.5 untethered jailbreak" – it is a scam. No exceptions.

Untethered Jailbreak for iOS 9.3.5: A Comprehensive Guide

** Introduction **

The iOS 9.3.5 untethered jailbreak is a game-changer for iPhone and iPad users who want to take control of their devices and unlock their full potential. In this blog post, we will guide you through the process of jailbreaking your iOS 9.3.5 device, highlighting the benefits, risks, and step-by-step instructions to achieve an untethered jailbreak.

What is a Jailbreak?

A jailbreak is a process that allows you to remove software restrictions on your iOS device, giving you root access to the operating system. This enables you to install unauthorized apps, tweaks, and modifications that are not available on the App Store.

What is an Untethered Jailbreak?

An untethered jailbreak means that your device is not dependent on a computer or a specific app to function. Once you've jailbroken your device, you can reboot it without any issues, and it will still be jailbroken.

Benefits of Jailbreaking iOS 9.3.5

Jailbreaking your iOS 9.3.5 device offers several benefits, including:

Risks and Precautions

Before proceeding with the jailbreak, it's essential to understand the risks:

Step-by-Step Jailbreak Guide

To perform an untethered jailbreak on iOS 9.3.5, follow these steps:

Required tools and software:

Jailbreak Steps:

Post-Jailbreak Setup

After a successful jailbreak:

Conclusion

The iOS 9.3.5 untethered jailbreak offers a world of possibilities for iPhone and iPad users. While it comes with risks, following our guide and taking necessary precautions can ensure a smooth and successful jailbreak experience. Remember to always backup your device and be cautious when installing tweaks and apps from unknown sources.

Disclaimer

This blog post is for educational purposes only. We do not encourage or condone piracy or unauthorized software modifications. Jailbreaking your device is at your own risk. Proceed with caution and at your own discretion.

For a long time, an untethered jailbreak for iOS 9.3.5 was considered the "holy grail" for legacy 32-bit devices (like the iPhone 4S and iPad 2). While semi-untethered tools like

have existed for years, a true untethered solution—where the jailbreak persists after a reboot without needing to run an app—only recently became a widespread reality. The Modern Solution (2026)

A fully untethered jailbreak for iOS 9.3.5 and 9.3.6 was released in late March 2026. This is often achieved using a combination of a semi-untethered jailbreak and a secondary "untether" package. Carbon / EverPwnage : Tools like EverPwnage

now provide a direct untethered experience for 32-bit devices on iOS 9.3.5/6. Iocaste / jsc_untether

: This is a persistent exploit that can be installed via Cydia after using a tool like Phœnix or Carbon to make the jailbreak permanent. The Traditional Path (Semi-Untethered)

Until the recent untethered releases, the standard method was

. This method is still widely used as a "stepping stone" to the full untether.

A new FULLY untethered jailbreak for iOS 9.3.5 to 9.3.6 has just came!

no direct untethered jailbreak for iOS 9.3.5. The primary tools available, such as

, are semi-untethered, meaning you must re-run the app after every device reboot.

However, users can achieve a "fully untethered" experience by first installing a semi-untethered jailbreak and then applying specific post-installation tweaks: How to Achieve an Untethered Setup Install Phoenix : Use a tool like Sideloadly

to install the Phoenix IPA on your 32-bit device (e.g., iPhone 4S, iPad 2/3, iPad Mini 1). Run Phoenix

: Open the app on your device, tap "Prepare for Jailbreak," and follow the prompts. Once the device reboots, Cydia will be available. Apply Untether Tweak

: To make it permanent, you can search Cydia for untether packages (like the one discussed on

) that automate the "kickstart" process during boot, effectively making the jailbreak persist without manual intervention. Key Limitations 32-Bit Only

: iOS 9.3.5 was the final firmware for many 32-bit devices. If you are on a 64-bit device (like an iPhone 5s or newer), these specific tools will not work. App Compatibility

: Most modern apps (like Netflix) require newer iOS versions and may not run even after jailbreaking. You can sometimes bypass this by downloading "Last Compatible Versions" from your App Store purchase history. Semi-Untethered Nature

: Without the additional untether tweak, you must open Phoenix and tap "Kickstart Jailbreak" whenever your battery dies or you restart the phone. using a computer? How To Jailbreak iOS 9.3.5 NO PC 2024! 22 Jan 2024 —

iOS 9.3.5 Untethered Jailbreak: A Comprehensive Guide

The iOS 9.3.5 untethered jailbreak is a software exploit that allows users to gain root access to their iOS devices running on iOS 9.3.5. This guide will walk you through the process, benefits, and risks associated with jailbreaking your device.

What is a Jailbreak?

A jailbreak is a process that removes software restrictions imposed by Apple on its iOS devices. This allows users to install unauthorized apps, tweaks, and modifications that can enhance the functionality and customization of their device.

What is an Untethered Jailbreak?

An untethered jailbreak is a type of jailbreak that does not require a computer to be connected to the device at all times. Once the jailbreak is installed, the device can be rebooted and will still retain its jailbroken state.

Benefits of iOS 9.3.5 Untethered Jailbreak

The iOS 9.3.5 untethered jailbreak offers several benefits, including:

Risks Associated with Jailbreaking

While jailbreaking offers several benefits, it also comes with risks, including:

How to Perform an iOS 9.3.5 Untethered Jailbreak

The iOS 9.3.5 untethered jailbreak can be performed using the following tools:

Step-by-Step Guide

Here is a step-by-step guide to perform an iOS 9.3.5 untethered jailbreak using Phoenix:

Conclusion

The iOS 9.3.5 untethered jailbreak offers users a way to gain root access to their device and install unauthorized apps, tweaks, and modifications. However, it also comes with risks, including security risks, instability, and warranty voidance. Users should carefully consider these factors before deciding to jailbreak their device.

Disclaimer

This guide is for educational purposes only. We do not encourage or support piracy or any other malicious activities. Jailbreaking your device is at your own risk. Make sure to understand the risks and benefits before proceeding.

To have a "complete review" of an iOS 9.3.5 untethered jailbreak today, it's important to clarify that true untethered jailbreaks for this specific version are extremely rare and device-dependent. Most modern solutions for this legacy firmware are actually semi-untethered, meaning you have to re-run an app to enable the jailbreak every time you reboot. The Landscape: Semi-Untethered vs. Untethered

For most users on iOS 9.3.5 (often using an iPad 2, iPad Mini 1, or iPhone 4S), the standard is the Phœnix jailbreak. While it is widely used, it is semi-untethered. A genuine "untethered" experience—where the jailbreak remains active after a full power cycle without any user intervention—is typically only achievable on iOS 9.x through specific tools like Pangu9 (for older versions) or specialized exploits like kok3shi9 for 64-bit devices. Core Benefits: Breathing Life into Old Hardware

Jailbreaking a device stuck on iOS 9.3.5 is often a necessity rather than a luxury because of how restricted the original software has become.

App Compatibility: iOS 9.3.5 is too old for the modern App Store. Jailbreaking allows you to use tweaks like Checkmate, Store! to bypass "Incompatible Version" errors and download the last working version of apps.

Performance Improvements: You can install tweaks that disable heavy system animations or background processes, making the aging A5 or A6 chips feel slightly snappier.

Customization: You can still use classic themes and icons to overhaul the UI, which is a major draw for collectors of vintage Apple hardware. Critical Challenges & Trade-offs

The Certificate Problem: Semi-untethered tools like Phœnix require a signed IPA file. Since Apple no longer supports these older devices, keeping the jailbreak app "signed" can be a hassle, often requiring a computer every 7 days unless you use specific workarounds.

Security Vulnerabilities: Using iOS 9.3.5 in 2026 means you are missing years of critical security patches. Jailbreaking further opens the filesystem, so it is recommended to only use these devices for offline media or specific legacy tasks.

App Ecosystem: Even with a jailbreak, many modern services (like YouTube or Netflix) may fail because their APIs have changed server-side, meaning the app opens but can't load data. Community Perspectives Final Verdict

An iOS 9.3.5 jailbreak is a highly recommended project for anyone wanting to keep an old 32-bit device functional. While it is rarely a "true" untethered experience, the semi-untethered tools available are stable and provide the only way to bypass the modern App Store's version blocks. If you'd like to proceed, I can help you: Identify if your specific device is 32-bit or 64-bit.

Find the correct tool (Phœnix, kok3shi9, etc.) for your hardware. Troubleshoot signing errors when installing the jailbreak.

The release of iOS 9.3.5 marked a significant turning point in the history of iPhone customization. As the final software update for several iconic 32-bit devices, it became the "end of the road" for hardware like the iPhone 4s and iPad 2. For the jailbreak community, this version represented a final challenge to unlock these legacy devices permanently. The Search for the Untethered Holy Grail

In the world of iOS exploitation, an untethered jailbreak is the gold standard. It allows a device to remain in a jailbroken state even after a reboot, requiring no external computer or app re-activation. For iOS 9.3.5, the journey to achieving this was long and complex. Initially, users relied on semi-untethered tools like Phoenix, which required re-running an app every time the battery died. However, the community eventually saw the release of the Kok3shi9 and later the Daibutsu jailbreaks, which provided a more stable experience for 32-bit users. Technical Vulnerabilities and Exploits

The breakthrough for iOS 9.3.5 relied on a series of critical vulnerabilities, most notably the Trident exploits. These were a set of three zero-day vulnerabilities originally discovered being used in the wild for targeted surveillance. The exploits targeted the kernel and Safari's WebKit engine, allowing for arbitrary code execution. Developers repurposed these high-level security flaws to bypass Apple’s "Code Signing" and "Root" protections, giving users full control over the file system. The Impact on Legacy Hardware

The availability of a jailbreak for iOS 9.3.5 breathed new life into aging hardware. Because these devices were no longer receiving performance updates, they often felt sluggish. Jailbreaking allowed users to:

Downgrade Firmware: Using tools like OdysseusOTA or CoolBooter, users could revert to older, faster versions of iOS like 6.1.3.

Customization: Standard tweaks like WinterBoard and Cylinder allowed users to modernize the UI or embrace nostalgia.

Functional Longevity: Users could install "Fixes" for apps that no longer supported older iOS versions, extending the utility of the device as a dedicated music player or e-reader. The End of an Era

iOS 9.3.5 was one of the last versions where 32-bit architecture was the primary focus of the jailbreak scene. As Apple transitioned fully to 64-bit chips and introduced more robust security measures like KPP (Kernel Patch Protection), the era of easy, untethered jailbreaks began to fade. Today, the iOS 9.3.5 jailbreak stands as a monument to the persistence of developers who refused to let perfectly good hardware be locked away by software limitations. Safety and Modern Considerations

While jailbreaking iOS 9.3.5 is now considered stable, it is not without risks. Users must be cautious of downloading tweaks from "pirate" repositories, which can contain malware. Furthermore, because the vulnerabilities used to jailbreak the device are the same ones used by malicious actors, a jailbroken device on such an old firmware is inherently less secure than a modern one. For enthusiasts, however, the trade-off for total digital freedom remains a price worth paying.

Let me know your hardware model and I can provide specific instructions.

The Legacy of the iOS 9.3.5 Untethered Jailbreak: A Deep Dive

For many Apple enthusiasts, the era of iOS 9 represents a turning point in the history of mobile customization. Specifically, the quest for an iOS 9.3.5 untethered jailbreak became a legendary pursuit within the community. While modern jailbreaking has shifted toward "semi-tethered" solutions, the desire for a permanent, reboot-proof exploit remains the gold standard for power users. Understanding the Landscape of iOS 9.3.5

Released in August 2016, iOS 9.3.5 was a critical security update designed to patch the "Pegasus" spyware vulnerabilities. For users of older hardware—like the iPad 2, iPad 3, iPhone 4S, and iPod Touch 5G—this version was the final stop. Since these 32-bit devices cannot upgrade to iOS 10 or later, jailbreaking became the only way to keep them functional and modern. Tethered vs. Untethered: What’s the Difference?

To understand why the iOS 9.3.5 untethered jailbreak is so sought after, you have to look at the mechanics:

Tethered: Requires a computer to boot the device into a jailbroken state every time it restarts.

Semi-Untethered: Allows the device to boot normally, but you must run an app (like Phoenix) on the device to re-enable jailbreak features after a reboot.

Untethered: The "Holy Grail." Once installed, the jailbreak persists through reboots automatically. No apps to run, no computers needed.

The Reality: Is there a true Untethered Jailbreak for 9.3.5?

The short answer is: Not in the traditional sense for all devices.

The most famous tool for this firmware is Phoenix. Developed by Siguza and tihmstar, Phoenix is technically a semi-untethered jailbreak. While it provides full access to Cydia and the root filesystem, you have to tap "Prepare for Jailbreak" every time your battery dies or you restart the device.

However, for the dedicated community, there are workarounds. Using a tool called "UntetherHomeDepot" or specific "untether" packages from Cydia repositories, some users have successfully converted their semi-untethered environments into fully untethered ones on 32-bit devices. How to Jailbreak iOS 9.3.5 (The Phoenix Method)

If you are looking to breathe new life into an old device, here is the standard process:

Backup Your Data: Always use iTunes or iCloud before attempting an exploit.

Download the Phoenix IPA: Visit the official Phoenix website to get the latest IPA file.

Sideload the App: Use a tool like Sideloadly or AltStore (if compatible) to install the IPA onto your iPhone or iPad using your Apple ID.

Trust the Developer: Go to Settings > General > Device Management and trust your certificate.

Run Phoenix: Open the app and tap "Prepare for Jailbreak." The device will respring, and Cydia will appear on your home screen. Why Jailbreak iOS 9.3.5 Today?

You might wonder why anyone bothers with a decade-old operating system. The reasons are surprisingly practical:

App Compatibility: Many apps no longer support iOS 9. Jailbreak tweaks like LowerInstall allow you to download versions of apps that would otherwise be restricted.

Performance Boosts: Tweaks can disable system animations and "bloatware," making an old iPad 2 feel significantly snappier.

Legacy Gaming: Use your device as a dedicated retro gaming station with emulators like RetroArch or Happy Chick.

Customization: Classic themes (WinterBoard/Anemone) allow you to change the look of the OS in ways Apple still doesn't permit. A Note on Security

Jailbreaking removes the "walled garden" security layers of iOS. Since iOS 9.3.5 is no longer receiving security patches from Apple, a jailbroken device is technically more vulnerable. It is highly recommended to change your root password via Terminal immediately after jailbreaking to prevent unauthorized access. Final Thoughts

While a native, "out-of-the-box" iOS 9.3.5 untethered jailbreak never became as mainstream as the exploits for iOS 6 or 7, the combination of Phoenix and community-made untether scripts has made it a reality for those willing to do the work. It remains the best way to save 32-bit Apple hardware from the junk drawer.

The story of an untethered jailbreak for iOS 9.3.5 is a digital legend, a tale of a cat-and-mouse game played at the highest level, involving espionage, tragic timing, and a community refusing to let hardware die.

Here is the story of how the "Phoenix" rose from the ashes.

In late 2017, whispers began on Reddit and Twitter. A developer known as S0rryMyBad (also known as Jacky C) demonstrated a true untethered jailbreak for iOS 9.3.5 running on an iPhone 4s. The community went wild.

The exploit supposedly used a race condition in the XNU kernel combined with a persistent code-signing bypass. For approximately two weeks, the dream was alive.

However, the developer never released the tool publicly. Citing "undisclosed security research" and potential resale value to bounty programs, the untether remained behind closed doors. To this day, no public, one-click untethered jailbreak for iOS 9.3.5 exists.