For a long time, iOS 9.3.5 was limited to semi-untethered jailbreaks, requiring you to re-run an app every time your device rebooted. However, as of March 2026, a full untethered jailbreak is now available for these legacy devices using a combination of the Phoenix tool and the iocaste untether. Core Components
The Exploit (Phoenix): A semi-untethered tool that supports all 32-bit devices on iOS 9.3.5–9.3.6.
The Untether (iocaste): A recent package from the lukezgd repository that converts the semi-untethered state into a permanent, fully untethered one. Supported 32-bit Devices
This method is exclusively for 32-bit (A5 and A6 chip) devices: iPhone: Go to product viewer dialog for this item. Go to product viewer dialog for this item. iPad: 2, 3, 4, Mini (1st Gen) Go to product viewer dialog for this item. iPod Touch: 5th Generation
These video guides provide step-by-step instructions for both the initial jailbreak process and applying the untether:
For years, users on iOS 9.3.5 and 9.3.6 were limited to semi-untethered jailbreaks, such as Phoenix, which required re-activating the jailbreak via an app after every reboot. However, as of March 2026, a fully untethered jailbreak has been released, allowing the device to remain jailbroken persistently without user intervention during startup. The Evolution of iOS 9.3.5 Jailbreaking
Historically, iOS 9.3.5 was the final update for many 32-bit legacy devices, including the iPhone 4s, iPad 2, iPad 3, and iPod Touch 5.
The Semi-Untethered Era (Phoenix & p0laris): For a long time, the primary tool was Phoenix. It required sideloading an IPA file using a computer or third-party app stores. Because these apps were signed with free developer certificates, they often expired every seven days, requiring users to re-sign and re-install the tool if the device rebooted after that window.
The Untethered Breakthrough (2026): Community developers recently achieved a full untether for these versions. This development is significant for the "Legacy Jailbreak" community, as it removes the reliance on expiring certificates and manual "kickstarting". Comparison of Jailbreak Types
Understanding the difference between these methods is key for legacy device maintenance: Phoenix / p0laris (Semi-Untethered) New 2026 Untether Persistence Lost upon reboot; requires "Kickstart" Remains active permanently Ease of Use High maintenance (7-day re-signing) Install once and forget Boot Time Normal, then manual activation Automatically applies patches at boot Practical Utility for Legacy Devices ios 9.3.5 untethered jailbreak
Jailbreaking remains the only viable way to keep these aging devices functional in a modern ecosystem. Roblox Mobile System Requirements
Current supported devices The Roblox application requires iOS 13 / iPadOS 13 or higher. Roblox Support
For years, an untethered jailbreak for iOS 9.3.5 was the "Holy Grail" for legacy device owners. While popular tools like Phœnix provided a solution, they were semi-untethered, meaning you had to re-run an app every time your device rebooted.
However, the "long story" has recently reached its conclusion with new developments for both 32-bit and 64-bit devices. The 32-Bit Devices (iPhone 4S, iPad 2/3, mini 1, iPod 5)
For the longest time, users had to choose between staying on a semi-untethered jailbreak or downgrading to iOS 8.4.1 to get a true untether.
The Modern Solution: Tools like EverPwnage and iocaste now offer a way to achieve a fully untethered jailbreak on iOS 9.3.5/9.3.6.
How it works: These tools often use a "migrator" or a custom package that applies an untether exploit (like those developed by staturnz) to an existing semi-untethered setup, allowing the jailbreak to persist through reboots. The 64-Bit Devices (iPhone 5s and newer)
The story for 64-bit devices was much bleaker for nearly a decade, as most exploits were focused on the older 32-bit architecture.
Kok3shi9: Released by SakuRα Development, kok3shi9 initially provided a semi-untethered jailbreak for 64-bit devices on iOS 9.3.2–9.3.5. For a long time, iOS 9
The Untether Breakthrough: As of late 2024, an untethered package was released for kok3shi9. This uses a jsc_untether exploit to keep 64-bit devices permanently jailbroken, finally ending the era of re-running apps after every power cycle. Why "Untethered" Matters
Unlike "tethered" jailbreaks (which require a PC to boot) or "semi-untethered" (which require an app to re-enable), a fully untethered jailbreak patches the kernel automatically during the boot process. This is highly valued for legacy devices used as dedicated music players, retro consoles, or smart home controllers, where reliability is key.
Do you have a specific device model (e.g., iPad mini 1 vs. iPhone 5s) you are looking to jailbreak so I can provide the exact tool for your hardware?
no direct untethered jailbreak for iOS 9.3.5. The primary tools available, such as
, are semi-untethered, meaning you must re-run the app after every device reboot.
However, users can achieve a "fully untethered" experience by first installing a semi-untethered jailbreak and then applying specific post-installation tweaks: How to Achieve an Untethered Setup Install Phoenix : Use a tool like Sideloadly
to install the Phoenix IPA on your 32-bit device (e.g., iPhone 4S, iPad 2/3, iPad Mini 1). Run Phoenix
: Open the app on your device, tap "Prepare for Jailbreak," and follow the prompts. Once the device reboots, Cydia will be available. Apply Untether Tweak
: To make it permanent, you can search Cydia for untether packages (like the one discussed on The Future of the 9
) that automate the "kickstart" process during boot, effectively making the jailbreak persist without manual intervention. Key Limitations 32-Bit Only
: iOS 9.3.5 was the final firmware for many 32-bit devices. If you are on a 64-bit device (like an iPhone 5s or newer), these specific tools will not work. App Compatibility
: Most modern apps (like Netflix) require newer iOS versions and may not run even after jailbreaking. You can sometimes bypass this by downloading "Last Compatible Versions" from your App Store purchase history. Semi-Untethered Nature
: Without the additional untether tweak, you must open Phoenix and tap "Kickstart Jailbreak" whenever your battery dies or you restart the phone. using a computer? How To Jailbreak iOS 9.3.5 NO PC 2024! 22 Jan 2024 —
Could a true untether ever be released? Technically, yes. There are likely undisclosed kernel vulnerabilities lingering in iOS 9.3.5 that could be chained with a persistent code-signing bypass. However, with Apple deprecating 32-bit support entirely in macOS and iOS, the likelihood of a developer spending dozens of hours to package that exploit is near zero.
The community has moved on. The last great untethered jailbreaks were for iOS 9.1 (Pangu) and iOS 8.4.1 (Etason). For iOS 9.3.5, the "Holy Grail" remains a myth.
If you are sitting on an iPhone 4s, 5, or 5c running iOS 9.3.5, here is your realistic path:
iOS 9.3.5 was a nightmare for reverse engineers for two primary reasons. First, it patched the Trident vulnerabilities: a WebKit vulnerability to achieve remote code execution, a memory corruption issue in the kernel to break the sandbox, and an information leak to bypass KASLR (Kernel Address Space Layout Randomization). Second, it incorporated all prior mitigations, including KPP, which actively checks for unauthorized modifications to the kernel core.
Most researchers had moved on to iOS 10, leaving a perception that 9.3.5 was abandoned and unbreakable. The challenge was not merely finding a vulnerability—it was finding a suite of vulnerabilities that could bypass KPP and survive a reboot. An untethered jailbreak requires a persistent exploit: one that can modify a system file (often the dyld_shared_cache or a launch daemon) so that the exploit is re-executed during the boot sequence, before the kernel has fully locked down.
