All iOS 9.3.x semi-untethered jailbreak

What is this?

This is a tool for iOS 9.3.x semi-untethered jailbreak

Supported devices

64-bit devices

iPhone 5s, iPhone 6, iPhone 6 Plus

iPhone 6s, iPhone 6s Plus, iPhone SE

iPad Air, iPad Air 2

iPad Pro 12.9-inch, iPad Pro 9.7-inch

iPad mini 2, iPad mini 3, iPad mini 4

iPod touch 6G

32-bit devices (9.3.5/9.3.6)

iPhone 4s, iPhone 5, iPhone 5c

iPad 2, iPad 3, iPad 4

iPad mini

iPod touch 5G


latest version (stable)

IPA Version

v3.0.0 [3A154a] (Released 2022/08/04)



Download IPA


!!!!!! All at your own risk !!!!!!

Use this version if you are signing this ipa file with the iOS App Signer: iOS App Signer v1.13.


2021/03/17 06:00 (JST): [v1.0 beta 1] Initial release.

2021/03/23 20:15 (JST): [v1.0 beta 2] Support Cydia install, enable tfp0 patch, Make pegasus kernel exploit available for some devices.

2021/05/05 03:00 (JST): [v1.0 beta 3] Fixed the behavior of the Install Cydia button, Add kernel patch.

2021/12/04 08:45 (JST): [v2.0 beta 1] Fixed amfi shellcode, Added __got hook style option.

2021/12/06 00:30 (JST): [v2.0 beta 2] Fixed minor bugs.

2022/04/30 01:00 (JST): [v2.1.0] Re-added Cydia installation, Improved loading of JB daemons, Added 32-bit support (initial).

2022/04/30 07:30 (JST): [v2.1.1] Fixed find_allproc for A6 devices.

2022/05/02 01:00 (JST): [v2.1.2] Fixed daemon loading problems. Support for A9 devices (but note that it is forever untested).

2022/05/16 03:20 (JST): [v2.2.0] Fixed for aarch64 9.3.4-9.3.5 jailbreak.

2022/05/18 05:35 (JST): [v2.2.1] Added additional options (disable legacy patch, disable reload, enable kpp etc..)

2022/08/04 05:24 (JST): [v3.0.0] Revamped UI, Improvement of jailbreak flow, Implemented cl0ver exploit on all A7/A9 9.3.4 devices (untested)

kok3shi with pongoOS

You can also use pongoOS (the bootloader used by checkra1n) to Jailbreak your 64-bit device via checkm8 exloit.

How to use? (kok3shi module)

Download: pongoOS module

module Version

v1.0 (Released 2022/06/29)



Download module

old versions

Here it is.


Siguza, tihmstar : PhoenixNonce (kernel exploit)

Siguza : cl0ver (kernel exploit)

qwertyoruiopz : KPP bypass technique, kernel patches

xerub : patchfinder64

FriedApple Team : patchfinder64, KPP bypass technique

Pangu Team : __DATA.__got hook method

(c) sakuRdev/dora2ios