- This will wipe the device and erase all data.
- This guide was done with Windows. Some of the tools failed while running a Windows virtual machine.
- This guide expects you to know how to work with an iOS device already.
- If you use 2-factor authentication on your Apple account, you will need to generate an app-specific password to use with Cydia Impactor. You can do that here: https://appleid.apple.com/
- If you have already used Cydia Impactor with Phoenix, the existing certificate will need to be revoked. You can do this by clicking Xcode -> Revoke Certificate in Cydia Impactor.
iOS 6.1.3 for iPhone 4S ~965 MB, direct from Apple's servers.
Cydia Impactor - this is used to loads IPAs onto iOS by signing them with your Apple ID.
Phoenix v2 - this is used to jailbreak iOS 9.3.5.
Beehind v0.5 - this is used to pre-jailbreak iOS 6.1.3 and then downgrade your device to it.
Section 1, Update & Wipe your iPhone:
1) Connect the iPhone to your computer.
2) Power it down.
3) Enter DFU mode.
4) Restore in iTunes.
After your phone finishing restoring, go through the initial iOS setup, including connecting to WiFi. Make know of your iPhone's IP address (Settings > WiFi, then tap the "i"). This will be used in Section 6 below.
Section 2, Install Phoenix on 9.3.5:
1) Run Cydia Impactor on your computer.
2) Drag the Phoenix IPA file to the Cydia Impactor window.
3) Enter your Apple credentials.
4) Wait for Cydia Impactor to sign and install Phoenix.
Section 3, Use Phoenix to Jailbreak:
1) Go to Settings -> General > Device Management
2) Trust your developer account.
3) Go back to the home screen, tap Phoenix to launch it.
4) Tap through the the multiple windows and dialogs ("Prepare for Jailbreak", "Accept", "Dismiss", "Proceed With Jailbreak", "Begin Installation", and "Use Provided Offsets") to start the jailbreak process, then wait for your device to respring.
I had to repeat step 4 a few times before Cydia would install or run. So you may need to re-open Phoenix and go through the "Prepare for Jailbreak" or "Kickstart Jailbreak" process a few times before you can actually run Cydia.
Section 4, Cydia and OpenSSH:
1) Once your device is in a jailbroken state, run Cydia. On first launch, Cydia may seem to hang for a while before crashing. This is apparently normal. Just re-open it.
2) If you are prompted for an "Essential Upgrade", just tap on Ignore, as we will be wiping away this install.
3) Search for and install OpenSSH.
Section 5, Building an IPSW:
1) Extract Beehind.exe to a folder on your computer.
2) Run the Beehind.exe program as an administrator.
3) On its first screen "IPSW Creator", click "Choose" and browse to where you downloaded the iOS 6.1.3 IPSW.
4) Select the options Jailbreak and Install Cydia.
5) Click "Build the IPSW!" and wait while it does its work.
Section 6, Pwnded DFU:
1) Make sure you are on the "Kloader Mode" screen in Beehind (it should have changed to this after finishing the previous section, but you can also manually change to it by clicking "Change Mode" > "Kloader Mode").
Beehind will run the tools to enter pwned DFU and install the 6.1.3 IPSW
2) Make sure the iBBS image is selected (this should have been automatically selected after the previous section completed).
3) Enter the WiFi IP address of your iPhone.
4) Click the "Enter Pwned DFU Mode" button.
Section 7, Downgrade:
1) Click the "..." button and browse to the IPSW made in Section 5.
2) Click "Restore!"
Section 8, Cydia Repositories:
With iOS 6.1.3 and Cydia installed, I noticed that its repository list was empty! I also could not manually add any repository.
To fix this, power off the device, and then power it back on. Once your device powers back on, load Cydia again, and you should see all of its repositories. Make sure to tap Refresh to do an update check.