Houdini uses the triple_fetch sandbox escape discovered by Ian Beer, which also formed a key part of Saïgon, to perform certain cosmetic changes and tweaks which are normally impossible without jailbreaking. However, without modifying the kernel or having full filesystem privileges, it is unable to pull off some of the fancier tricks that a fully-fledged tool provides. This is its strength and weakness; without tampering with those elements it can fly under the radar and we actually get a release, but without them it also cannot provide the full experience. It is an interesting hybrid which we haven’t really seen before.
Another upside of working in this way is a wider support list than would otherwise be possible. Saïgon was limited in support to devices and firmwares covered by the lowest common denominator of its component bugs, but Houdini, using triple_fetch, covers all 64-bit devices, from iOS 10.0-10.3.2. It seems that dodging the kernel protection and file system access allows at least for a wide compatibility. Houdini makes changes to various caches and preference settings without directly writing to or executing on the root filesystem, and without running the sort of code which a jailbreak would normally have to.
The Houdini website, whose download link was dead when I was wondering about it at the time of making the podcast, is now live, and you can grab a beta version of the Houdini .ipa to try for yourself. If you’re interested, feel free to check it out. However, exercise caution. This is a beta, and the following disclaimer applies:
Let me know your experiences with Houdini. Is it stable? Does it work on your device? Does it survive a reboot and what options does it have?
