You may remember us reporting on the most recent jailbreak to be released, Saïgon. Well, its developer Abraham Masri is back, with something inventive we haven’t seen before. Perhaps best described as a “semi-jailbreak”, his tool Houdini achieves some of the effects of a jailbreak, whilst avoiding the hardest challenges and pitfalls which constructing the full package would bring.
If you’ve listened to Sébastien and myself on the most recent episode of Let’s Talk Jailbreak you’ll have heard us speculate already as to what Houdini could be, as its mysterious web page was discovered prior to its release. We were mostly wrong in our deductions, though we were correct in thinking that Houdini would make use of a subset of the Saïgon bugs to create a more limited kind of tool.
Houdini uses the triple_fetch sandbox escape discovered by Ian Beer, which also formed a key part of Saïgon, to perform certain cosmetic changes and tweaks which are normally impossible without jailbreaking. However, without modifying the kernel or having full filesystem privileges, it is unable to pull off some of the fancier tricks that a fully-fledged tool provides. This is its strength and weakness; without tampering with those elements it can fly under the radar and we actually get a release, but without them it also cannot provide the full experience. It is an interesting hybrid which we haven’t really seen before.
Another upside of working in this way is a wider support list than would otherwise be possible. Saïgon was limited in support to devices and firmwares covered by the lowest common denominator of its component bugs, but Houdini, using triple_fetch, covers all 64-bit devices, from iOS 10.0-10.3.2. It seems that dodging the kernel protection and file system access allows at least for a wide compatibility. Houdini makes changes to various caches and preference settings without directly writing to or executing on the root filesystem, and without running the sort of code which a jailbreak would normally have to.
The Houdini website, whose download link was dead when Sébastien and I were wondering about it at the time of making the podcast, is now live, and you can grab a beta version of the Houdini .ipa to try for yourself. If you’re interested, feel free to check it out. However, exercise caution. This is a beta, and the following disclaimer applies:
“This is not meant to be a jailbreak replacement nor is this a full jailbreak. It will never be. Although it is safe to use, I am not responsible for any mess up. Also, some features might not work in beta.”
It is not clear how nicely this will play if you already have a jailbreak on your iOS 10 device; I personally would avoid it just in case. It would not be worth losing an existing jailbreak which can already provide all of Houdini’s functionality just to test out this beta. If however you are stuck on iOS 10.x without a jailbreak, this might satisfy your cravings for a while. If you’d like to see a demonstration of Houdini in action, have a gander at the video below:
https://www.youtube.com/watch?v=47qcGsslwA0
All 64-bit devices including iPhone 7 and iPhone 7 Plus are supported, on all iOS 10 versions except for iOS 10.3.3. If you want to slip the chains of imprisonment and take back the look of your device, Houdini’s your man. Hopefully the included support and options will widen as it moves out of beta. It can be installed by downloading the .ipa from the website and side-loading with Cydia Impactor, as detailed from Step 3 onwards in this article. Replace mentions of extra_recipe.ipa with Houdini.ipa.
Let me know your experiences with Houdini. Is it stable? Does it work on your device? Does it survive a reboot and what options does it have?