I collect old computers, and so my friends often find interesting things for my collection. My friend Paul recently gave me an old iPad 2 for my museum.
The thing is, it didn’t feel very old. I still use an iPad 3 every day as my main tablet (it still works fabulously well, apart from the bloat on modern web pages, that sometimes tend to cause Safari to grind to a halt). The donated iPad 2 ran iOS 9.3.5 (very slowly), which is basically what my iPad 3 runs (iOS 9.3.6 due to last year’s GPS bug that Apple patched).
So to be a candidate for my museum I really wanted to revert it to its original state, which would have been iOS 4. But Apple don’t allow downgrades, and all installs of iOS have to be cryptographically signed by Apple.
So I set about seeing if jailbreaking the iPad would help. Apparently not – jailbreaking on its own doesn’t bypass the iOS signing.
But I found a few references to iOS 6.1.3. It seems this was the first version of iOS to allow OTA (Over The Air) updates to iOS. So Apple allowed 6.1.3 to be manually installed via USB (so that devices running earlier versions could update, and then update to the latest version over the air).
So I tried a few versions of this – first using a Windows tool (3utools) – which failed with an obscure error, and then using iTunes on a Mac (having downloaded iPad2,1_6.1.3_10B329_Restore.ipsw from https://ipsw.me/iPad2,1) – which revealed that Apple wouldn’t sign it any longer. That corrupted the device so I was forced to reinstall 9.3.5 using iTunes.
- This exploit will most likely lead to a Userland jailbreak if it is made public. It will also allow you to downgrade to iOS 9.x if it’s compatible with iOS 10. If you have any 32-bit device running iOS 9.3.5 lying around, it’s important to not lose hope at this point. For more jailbreak scene updates, subscribe to our social channels.
- IOS 9.3.5 / iOS 9.3.6 Jailbreak. You can find all iOS 9.3.5 and iOS 9.3.6 Jailbreak solutions from this page for iPhone 4, iPad 2, iPad mini or iPad 3 device models. If you have any other latest device please refer to our iOS 14 – iOS 14.1 Jailbreak page, iOS 14.2.1 / iOS 14.2 Jailbreak page or iOS 14.3 Jailbreak page.
Doing a bit more reading, it seemed Apple had stopped signing 6.1.3 a few months ago, possibly due to a security bug in iCloud on iOS 6 that they wanted to avoid being exploited? Details were a bit vague.
Then I found some references to them still signing OTA updates to 6.1.3, just not manual updates via IPSW files. The tool Vieux promised to be able to downgrade to iOS 6.1.3 or 8.4.1. Again the description is vague, but I think it’s installing the update from the IPSW file, but persuading Apple that it’s an OTA install to fool them into signing it? I’m not exactly sure – there is never much deep technical documentation on these hacking tools – the authors seem to think everyone just wants tools that are easy to use, so don’t often explain how they work!
Vieux looked promising, but for 32bit systems like my iPad 2, it required ssh access, which requires a jailbreak!
Free iPad 2 iCloud iD Bypass iOS 9.3.5 WithOut Jailbreak Bypass Hello Screen Free Untethered Bypass iOS 12.4.8 to 13.6.1 Reboot Fix Now Free you Can Bypass iCloud id iPad 2 All serial without jailbreak just download tool and connect you ipad 2 click bypass ipad 2 enjoy:) iPad 2 Bypass iCloud Free Tool Download And Bypass. How To Jailbreak iOS 9.3.5 / 9.3.6 Without A Computer On iPhone 4S, iPhone 5, iPhone 5C, iPad 4, iPad 3, iPad 2, iPad Mini 1 & iPod Touch 5 - NEW Phoen.
So next, find a jailbreak for iOS 9.3.5. It seems there is only one that works: Phoenix. It’s an app that you ‘side load’ onto your device, and after each boot, you manually run it to activate the jailbreak. Any app loaded has to be signed by Apple, and there were various webpages promising versions of Phoenix already signed, but Apple revokes the certificate as soon as they find them, so they don’t last long.
The alternative is various tools that you can use to sign the app yourself. Anyone can sign their own app for development purposes, but the certificate only lasts 7 days. Or if you have a developer account (as I do), you get a year until you have to re-sign and re-install it.
Reading forums, it seemed many tools that previously did this (3utools, Cydia Impactor) no longer worked.
I did try a tool called iOS App Signer, which should have signed an app using my developer certificate for a full year of use, but I couldn’t get the signed app to install on the iPad, whatever certificate or settings I used. I gave up on that (but see below for a possible reason).
Then I found a couple of tools AltServer and AltDeploy. They seem similar. AltDeploy just signs an app with a 7 day certificate based on an iTunes account and installs it to your device. AltServer does the same, but then runs a server on your computer so your jailbroken device connects to your computer via wifi, and requests a new version before the 7 days run out.
Both of them install a rather dodgy plugin. It might make sense, but the developers don’t explain why. It’s a plugin to the Mail app on your Mac, which they say has to be installed, and Mail running, for the app signing to work (they say it’s something to do with requesting your iTunes credentials). A bit more explanation wouldn’t go amiss. I eventually allowed it access (since I don’t use Apple’s Mail app for my email anyway, so there’s nothing useful to hack there).
I then used AltDeploy to sign the Phoenix app. This also failed, but this time I got an error that I could search for (a bad app display name). It seems the Phoenix app uses extended characters in the app name (to join the o and e characters together). The app signing didn’t like that. Perhaps that’s also why iOS App Signer didn’t work? I didn’t go back to check.
Anyway, this issue suggested changing the Phoenix5.ipa filename to .zip, expanding it, opening the Payload folder, showing the package contents, editing Info.plist, changing the Bundle Display Name to remove the dodgy character, saving, re-zipping the Payload folder, and renaming back to .ipa. Then the signing worked, and I had the Phoenix jailbreak app on my iPad!
I followed the instructions to activate it, then kickstart it, then opening Cydia and installing ssh.
Next get the dependencies for Vieux:
I could then plug in the iPad via USB and downgrade:
(When prompted you have only 10 seconds to unplug the USB lead and reconnect it!)
After I did that, I had a factory-reset device running iOS 6.1.3. It seems to be stock iOS, signed by Apple with no jailbreak (although I believe there are iOS 6 jailbreaks that could be installed). But I want it nice and clean, for my museum :-)
Here’s some useful links for what I used that worked:
- AltDeploy: https://github.com/pixelomer/AltDeploy
- Tutorial for AltDeploy: https://kubadownload.com/news/altdeploy-sign-ipa-files
- Tutorial for using AltDeploy to install Phoenix: https://kubadownload.com/news/phoenix-jailbreak
- Phoenix jailbreak: https://phoenixpwn.com/
- How to fix the app name issue in Phoenix: https://github.com/pixelomer/AltDeploy/issues/56
- Vieux tool to downgrade iOS: https://github.com/MatthewPierson/Vieux
- Downloads for old versions of iOS (ignore the warnings about not being able to sign them if using Vieux for iOS 6.1.3/8.4.1/10.3.3 on compatible devices as it will take care of the signing): https://ipsw.me/
Check out that retro skeuomorphic design! It’s not quite the original iOS 4, but visually it’s almost the same, as the flat design didn’t come in till iOS 7.
And now it truly is a museum piece :-D
Phoenix Pwn Jailbreak iOS 9.3.5
To install the Phoenix Pwn Jailbreak iOS 9.3.5 simply tap the icon and you’ll be redirected to the ipa download.
Phoenix Pwn Jailbreak iOS 9.3.5
Note: If the link provided doesn’t work let me know in the forum section.
2. Next you’ll need to download the latest version of Cydia Impactor as well.
3. With both the PhoenixPwn ipa and Cydia Impactor downloaded, connect the device to your computer, launch Impactor, and drag and drop the ipa into the Impactor application.
4. Login using a valid Apple ID and wait for it to sign and install the application.
5. Once it’s done and installed on your device, go into Settings > General > Device management & trust the certificate
6. Now you can launch the Phoenix Pwn Jailbreak iOS 9.3.5 jailbreak application.
Jailbreak Ipad 2 With Computer
7. Next you’re going to tap “Prepare for Jailbreak,” read the TOS, and hit “Accept.” Once you’re prompted for the free mixtape tap dismiss and “Proceed With Jailbreak” at the bottom, “Begin Installation,” then “Use Provided Offsets,” and wait.
Note: If your device crashes just try it again. Don’t worry about the “Storage Almost Full” prompt. Also make sure your device is supported.
8. After your device reboots Cydia should be installed. Open it up and it should crash. Now we can move on to the next step.
9. Finally, open up Cydia and everything should be working!
Note: This is a semi-untethered jailbreak and only supports 32bit devices on iOS 9.3.5.
iPhone 4s, 5 & 5c
iPad 2 & 3, Mini 1
Untethered Ios 9.3.5 Jailbreak Tool
How To Jailbreak Ipad 2 Ios 9.3 5.0
iPod 5