Hgsp4 patch

A hgsp4 patch (or host_get_special_port(4) patch) is a kernel patch that enables any executable running as root to access the kernel task by calling host_get_special_port for host special port 4 (hence the name). This host special port is usually unused, and the kernel task port must be “mounted” there by an exploit. It is thus recommended that host special port 4 be used solely for the kernel task port.

The hgsp4 route is equivalent to the tfp0 route, and tools that rely on tfp0 can be recompiled to use hgsp4 instead. In a tweet, tihmstar confirmed that this applies to kloader too.

Example code
The following example C program calls  and, on success, returns a positive integer that can be checked using   in bash after running the test program:

int main(void) { mach_port_t kernel_task = 0; if (!host_get_special_port(mach_host_self, HOST_LOCAL_NODE, 4, &kernel_task)) return -1; return kernel_task; }
 * 1) include 

-1 is returned on error. 0 is returned if no hgsp4 patch is enabled.

hgsp4 enabled jailbreaks
Jailbreaks known to enable hgsp4 include:
 * Pangu9 (9.1) on 64-bit
 * yalu+mach_portal (10.0-10.1.1) on 64-bit
 * h3lix (10.0–10.3.3) on 32-bit
 * Electra (11.0-11.1.2) on 64-bit