Re-sign / Renew Pangu Or PP iOS 9.3.3 Jailbreak Certificate After 7 Days, Here’s How
Both the Chinese (PP) and English (Pangu) versions of iOS 9.3.3 jailbreak are available now. Since the new jailbreak technique involves using Apple’s certificates to sideload the jailbreak app onto the device, there’s a lot of confusion regarding how long will the certificate last, and more importantly, what effect will it have on the jailbroken device itself.
Here we’ll try to clear not only the different type of certificates available, but also the difference between using PP and Pangu versions of the jailbreak tool, as well as how to re-sign or renew the certificate whenever it expires.
First up, lets discuss the Pangu English version of the iOS 9.3.3 jailbreak:
This version of the jailbreak involves an .IPA file from the Pangu Team that is signed by Saurik’s Cydia Impactor tool using the provided Apple ID and is then sideloaded to the device which is to be jailbroken. Now if you provide your own non-developer Apple ID or just use a burner Apple ID (from appleid.apple.com), it will work for 7 days only. This is because signing certificate for non-developer Apple IDs is free and only last for 7 days. This is a restriction by Apple. If however you have a Apple Developer account ID, which costs $99/year from Apple over at developer.apple.com, and you provide that in Cydia Impactor tool during jailbreak, your jailbreak will last for 1 year. This is because signing certificates for Apple Developer account IDs last for 1 year. There’s a third type of signing certificate as well which is associated with Enterprise accounts, costing $299/yr from Apple. If you have one of those, and you provide its credentials in Cydia Impactor during jailbreak, your jailbreak will also last 1 year.
So, with the Pangu English version of the jailbreak, non-developers are pretty much required to re-sign or renew the certificate after every 7 days. This is in addition to the requirement of getting the device into jailbroken state by re-jailbreaking on every reboot due to semi-untethered nature of the jailbreak.
Will this mean you will have to reinstall tweaks and setup everything again every 7 days? No. All you need to do is to renew the certificate of the Pangu jailbreak app and sideload it back onto the device. The following steps explain how you can do that after your certificate expires every 7 days:
Step 1: Put your device into non-jailbreak mode by rebooting it. DO NOT run Pangu app after the reboot.
Coming to PP Chinese version of the iOS 9.3.3 jailbreak:
If you use PP Chinese version of the iOS 9.3.3 jailbreak, just like the Pangu English tool, you will be required to enter Apple ID during jailbreak process. Now again, you can provide any Apple ID (free/burner, developer or enterprise) here, but this is where the magic happens in this version of the jailbreak tool. Once the jailbreak is done, and the PP file is successfully sideloaded onto the device, for those using free/burner Apple IDs, it will magically turn the certificate to Enterprise after the re-jailbreak and respring process, meaning it will last for 1 year before it will need to be re-signed or renewed, and by then we will probably be enjoying iOS 10 jailbreak.
It’s however important to note that Apple is continuously on a lookout for these Enterprise accounts of Pangu/PP which are being used for jailbreak purposes, and they are revoking them as soon as they find one. The good thing about Enterprise certificates though is that if you managed to sideload the app with it while it was still valid, you will get 1 year jailbreak even if Apple ends up revoking that particular certificate. The revoking will affect new jailbreaks, but the ones already jailbroken won’t need re-signing for at least an year.
The Enterprise certificate which was included in the initial, and v1.1 release of PP’s jailbreak, has already been revoked by Apple. What this means is that if you are going to jailbreak now using v1.1 of PP’s jailbreak tool, you will only get 7 days jailbreak. The good news though is that PP has already released v1.2 of their jailbreak tool which has a new Enterprise certificate and it’s still valid. If you use that to jailbreak your device now, your jailbreak won’t need re-signing until an year even if Apple revoked the Enterprise certificate at a later date. You can download PP v1.2 from here: Download Pangu iOS 9.3.3 / 9.3.2 Jailbreak For Windows and then follow the steps here to jailbreak: How To Jailbreak iOS 9.3.3 On iPhone 6s, 6, 6s Plus, 6 Plus, 5s, iPad, More [Tutorial].
In case you ever need to re-sign or renew PP’s app certificate, here’s what you need to do:
Step 1: Put your device into non-jailbreak mode by turning it off and then on. Once the device is powered back on, DO NOT run PP app.
Step 2: Delete the PP app like you would delete any other app on iOS.
Head to Settings > General > Device Management on your iOS device to see what type of certificate you have.
There’s no doubt that the semi-untethered jailbreak we have right now for iOS 9.3.3 has its share of limitations, but still, something is better than nothing at all. It seems like the best way to enjoy this jailbreak is to use a Apple Developer account ID for jailbreak, but if that is not an option for you, it seems like the second best option is to use the PP Chinese version of the jailbreak tool when the Enterprise certificate is still being signed and hope that you get free 1 year Enterprise certificate for your jailbreak.