Checkra1n Jailbreak with Checkm8
Checkra1n Jailbreak released as a beta version for public testing. Checkra1n now available for iOS 13.3 to iOS 12.3 versions and all the way iPhone 5S to iPhone X.
Previously Checkra1n jailbreak process can only be activated with the support of a Mac as Checkra1n is a semi-tethered jailbreak tool. Now Windows and Linux platform support also available with the unofficial release of ra1nstorm tool.
Cydia is the only supported package manager for Checkra1n at the moment, but as per the developers, we hope that Zebra and Installer package managers support will be available soon.
iOS security researcher axi0mX (@axi0mX) found an unpatchable lifetime jailbreak solution with pwndfu exploit called Checkm8 jailbreak and famous hacker Luca Todesco developed the Checkra1n jailbreak tool using this bootrom exploit.
axi0mX introduced this method as “EPIC jailbreak”. This is a bootrom exploit that couldn’t patch or block without a hardware replacement which is impossible with a large number of devices affected. It offers a permanent bootrom exploit for all iPhones and iPads on A5 - A11. Most of the iPhones, iPads, Apple TVs and Apple Watches could be vulnerable.
With these solid facts, Checkra1n jailbreak is the beginning of a new way of jailbreaking iDevices. This is going to be the most remarkable turning point for the jailbreak community.
Checkra1n Jailbreak Guide
-Message from Developers
- A5 - iPad 2, iPad Mini (1st generation)
- A5X - iPad (3rd generation)
- A6 - iPhone 5 , iPhone 5C
- A6X - iPad (4th generation)
- A7 - iPhone 5S
- A8 - Phone 6 , iPhone 6 Plus , iPad mini 4
- A9 - iPhone 6S , iPhone 6S Plus, iPhone SE
- A9X - iPad Pro (9.7 in.)
- A10 - iPhone 7 and iPhone 7 Plus , iPad (2018, 6th generation) , iPad (2019, 7th generation)
- A10X - iPad Pro 10.5" (2017) , iPad Pro 12.9" 2nd Gen (2017)
- A11 - iPhone 8, iPhone 8 Plus, iPhone X
Lack Supported devices
- iPad Air 2
- iPad 5th Gen
- iPad Pro 1st Gen
Support in experimental
- iPhone 5s
- iPad Mini 2
- iPad Mini 3
- iPad Air
Note: Not supported for A12 - iPhone XS, iPhone XS Max, iPhone XR and A13 - iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max
Supported iOS versions
iOS 13.2.3, iOS 13.2.2, iOS 13.2, iOS 13.1.3, iOS 13.1.2, iOS 13.1.1, iOS 13.1, iOS 13, iOS 12.4.3, iOS 12.4.2, iOS 12.4.1, iOS 12.4, iOS 12.3.2, iOS 12.3.1, iOS 12.3
Checkra1n Jailbreak now only available for MacOS. Windows and Linux support will be added in a future release.
Download Checkra1n Jailbreak
Checkra1n jailbreak beta now available for MacOS users as a dmg file. At the moment you can install Cydia package manager only. Just follow the guide below.
2 : Install Checkra1n Jailbreak beta for MacOS
3 : Connect the device into Mac and run the Checkra1n App and Start —> Next and wait
4 : When the Checkra1n Application says “Time to put your device into DFU mode” do so and follow the steps that showing in right as they said.
5 : Wait for Checkra1n jailbreak process to complete. It will add Checkra1n app on your device homescreen when jailbreak process completed.
6 : Open Checkra1n app from your device homescreen and download Cydia.
ra1nstorm for Checkra1n jailbreak on Windows/ Linux
Checkra1n officially released for macOS only and still it did not release as an officially support for Windows or Linux. But @realra1nstorm team released ra1nstorm to use Checkra1n jailbreak without Mac. ra1nstorm automatically configures an environment to run checkra1n on Windows and Linux platforms (KVM/IOMMU). ra1nstorm is developed by Ronsor Labs and it is still in beta stages.
Caution: Please be cautious. We do not take any responsibility for any damage that occurs.
-Message from Developers
Ra1nstorm installation guide (as on #tutorial in Discord)
1 : Enter the computer BIOS
2 : Navigate to an "Advanced" tab
3 : Select the "VT-d" or similar option
4 : Enable it
5 : Reboot
For Windows users
1 : Install setup.exe from Github and run it.
2 : Choose 64gb or more if you like
3 : Once it's installed, reboot
4 : While booting, open boot manager
5 : Select xubuntu
For Ubuntu users
6 : Proceed through the setup
7 : Once you're in ubuntu, right click the desktop and open terminal
8 : Type "/host/ra1nstorm/ra1nstorm.run" in order to begin ra1nstorm setup
9 : Keep clicking next
10 : Click “see instructions” and stop when you see this
11 : When you’re in Clover, hit enter to boot to macOS
12 : Click “Disk Utility”
13 : Select the largest QEMU partition (34.36GB), name it what you want and click click erase
14 : Quit Disk Utility to go back to macOS utilities and select “Reinstall macOS”
15 : Plug in your iDevice to your computer
16 : After macOS has finished installing and you see the screen to select your country, you can now click “I Have Finished Setup”
17 : Select the largest QEMU partition (34.36GB), name it what you want and click click erase
18 : After rebooting, proceed the macOS setup
19 : Install Checkra1n (follow above guide)
That's it. You are done!
Success of Checkm8
Checkra1n released for Apple TV 4th Gen
Checkra1n 0.9.1 beta fixes multiple bugs
- An issue where the loader app would crash when installing Cydia on iPads
- A crash when the macOS language was set to anything other than English
- An issue where iPad Minis would not work with the GUI
- An issue with the scp binary not working as expected
And also as official checkra1n jailbreak site says this improves clarity of some errors, specifically the -20 error (offers guidance to how to resolve)
Checkra1n jailbreak currently available for MacOS
The Developer Jamie Bishop said that upcoming Checkra1n jailbreak only available for MacOS only. And also Windows and Linux support will be added in the future. Jamie is one of the most famous developers in Checkra1n building community and he was with Electra team before.
iOS 13.2 jailbreak with Checkra1n Jailbreak
Security Researcher Luca Todesco (qwertyoruiop) teased several package managers on upcoming Checkra1n jailbreak. It shows an iPod running on iOS 13.2. It ensure main package managers including Cydia, Installer and Zebra will be there for choose in upcoming Checkra1n jailbreak.
Checkm8 nonce setter iPhone X support added
MatthewPierson (matty) released nonce-setter iOS downgrader based on checkm8 compatible devices earlier. Now he is successfully added support for iPhone X devices for downgrading purpose on his Checkm8 nonce setter. And also he said that the new upgrade is automated and simpler than previous.
Checkra1n will come up with Cydia and Zebra
Checkra1n jailbreak team published screenshots that showing about Checkra1n jailbreak app installed with two different package managers. We can see Cydia as well as Zebra package managers will be there. Checkra1n jailbreak will be more stable and most probably it will be semi-tethered. So now we have to be patient a little more. Stay with us for latest updates.
And for those who are not using Mac, will be able to use Checkra1n jailbreak with any platform as Checkra1n developers are working on it.
Nope! We’re aiming to support all three major platforms.— Jamie Bishop (@jamiebishop123) October 27, 2019
Downgrade from iOS 13.1.3 to iOS 13.1
Again on the stage with downgraded iPad (6th generation) from iOS 13.1.3 to iOS 13.1. And the coolest iOS 13.1 is an unsigned version right now. MatthewPierson (@mosk_i) captured this downgrade process steps that he tried with his Checkm8 based nonce setter.
Downgrade from iOS 12.4.2 to iOS 11.4.1
MatthewPierson (@mosk_i) posted some screenshots of iPhone 5S downgrading from iOS 12.4.2 to iOS 11.4.1 using his Checkm8 based nonce setter. For iPhone 5S, iOS 12.4.2 is the final version that allow to upgrade.
Checkra1n development is still ongoing
Checkra1n team published a post with Checkra1n jailbreak tool with it’s checkmate icon displaying on iPhone home screen. Somehow still this development is yet to be released.
qwertyoruiop also said that Checkra1n jailbreak released date is not fixed yet.
all in due time; development of the project is still ongoing, so not everything is defined yet.— qwertyoruiop (@qwertyoruiopz) October 19, 2019
Checkra1n jailbreak will give faster and smoother jailbreaking experience
Luca Todesco (qwertyoruiop) announced about new upcoming Checkra1n jailbreak is going to be seamless experience and it’s whatever you want it to be. So it's still in developing stage and most of jailbreak developers are behind the scene.
checkra1n is designed to be a seamless experience; a lot of work is being put into this by the team in order to ensure a fast and smooth jailbreaking experience. it blows my mind how quick to run this is during development cycles. very glad about how this is turning out to be.— qwertyoruiop (@qwertyoruiopz) October 19, 2019
Checkm8 based nonce setter released
MatthewPierson (matty) released nonce-setter iOS downgrader for checkm8 compatible devices. This doesn’t need any compatible version but needs to be compatible with checkm8 and Linus Henze's Signature Check Remover. See more instructions for set nonce and downgrade on Github.
Support devices includes:
- iPhone 5s, iPhone 7, iPhone 7 Plus, iPad Air 1, iPad Mini 2, iPad 6th Gen (2018), iPad Mini 3, iPad 7th Gen (2019), iPod Touch 7th Gen (2019)
[Release]checkm8 based nonce setter for compatible devices. Device support is listed in readme, will update for the remainder that are listed in the readme. This script is basically useless unless a signed iOS 13 SEP and Baseband is compatible with iOS 12https://t.co/LOFROdX2X3— matty (@mosk_i) October 15, 2019
Checkra1n demoed on A8 - A11
Checkra1n jailbreak team published a video with t7000, s8000, t8010, t8015 devices means A8, A9, A10 and A11 devices verbose boot with Checkm8. These devices running on iOS 12.x and iOS 13.
t7000, s8000, t8010, t8015, t8015 on a mix of 12.x and 13 pic.twitter.com/Gw9qkalNKN— checkra1n (@checkra1n) October 16, 2019
iOS 10.3.3 downgrade script for iPhone 5s using Checkm8
Matthew Pierson, matty(@mosk_i) released iOS 10.3.3 downgrade script using Checkm8. Also, he said that it probably has bugs but should work for all. So for this no need previously saved SHSH. This is a new method and it is untethered.
10.3.3 OTA #downgrade Script for the iPhone 5s using #checkm8 is out!— matty (@mosk_i) October 11, 2019
Probably still has bugs but should work for most people.
PLEASE READ THE https://t.co/tNHhhWlotp BEFORE YOU ASK ME ANY QUESTIONS.https://t.co/ngdIsCuIUJ
Supported: All A7 devices including iPhone 5s (6,1 and 6,2), iPad Air (iPad4,1 iPad4,2 and iPad4,3) , iPad Mini 2 (iPad4,4 and iPad4,5) and MacOS Mojave
Not Supported: iPad4, iPhone 6 and recommend for MacOS Catalina
Prerequests (as on Github):
- The files from this repo
- iOS 10.3.3 IPSW from ipsw.me
- All the above in the same folder
- An iPhone 5s (6,1 or 6,2) or iPad Air (iPad4,1 iPad4,2 and iPad4,3) or iPad Mini 2 (iPad4,4 and iPad4,5)
- A Terminal window open
- A few braincells (VERY IMPORTANT)
- Commonsense (RARE BUT ALSO VERY IMPORTANT)
Checkra1n jailbreak on Apple TV
The upcoming Checkra1n jailbreak team (@checkra1n) posted their first tweet with an image showing Checkra1n on an Apple TV. So it means most of the iPhones, iPads, iPods, iWatches and now Apple TVs are vulnerable to this exploit and this time is going to be remarkable. However we have to be patience until eta son public release.
Seems Checkra1n jailbreak tool develop by qwertyoruiop (Luca Todesco). We can catch a lovely point from this. There is a text in booting series showing,
“Proudly written in nano”
And the coolest in qwertyoruiop’s twitter account caption,
Checkra1n jailbreak will be available up to iOS 13 jailbreak
According to the developer of Checkm8 exploit, Checkra1n jailbreak tool with Checkm8 will be available soon for iOS 13 and below versions.
Luca Todesco demoed Checkm8-iousb on iOS 13.1.2 and iOS 12.4
Yalu jailbreak developer Luca Todesco demoed a booting of iPhone SE running on iOS 13.1.2 and iPhone X running on iOS 12.4 with Checkm8-iousb. And he said that it works across most devices and versions.
demo of booting two devices (SE on 13.1.2 and X on 12.4) with checkm8-iousb. all patches are being done dynamically and it works across most devices/versions across 12 and 13 pic.twitter.com/xJEoq3h3WE— qwertyoruiop (@qwertyoruiopz) October 9, 2019
Also, it will be available as soon as possible when they fix bugs.
it will be released as soon as we fix a couple known bugs.— qwertyoruiop (@qwertyoruiopz) October 9, 2019
iPhone X verbose boot updated
Updated iPhone X verbose boot on iOS 13.1.1 or iOS 13.1.2. And also he said that Checkm8 jailbreak will not make any permanent changes to the device.
UPDATE: You can now verbose boot your own iPhone X on iOS 13.1.1 or 13.1.2! #checkm8— axi0mX (@axi0mX) October 1, 2019
My jailbreak will not make any permanent changes to your device, so it is 100% safe to try. Download the latest ipwndfu, enter DFU Mode, and run:
./ipwndfu -p --boothttps://t.co/Wl5EFvhmyq
iPhone X is already jailbroken
axi0mX published a video that showing verbose boot running on an iPhone X within 2 seconds after DFU mode.
HACKED! Verbose booting iPhone X looks pretty cool. Starting in DFU Mode, it took 2 seconds to jailbreak it with checkm8, and then I made it automatically boot from NAND with patches for verbose boot. Latest iOS 13.1.1, and no need to upload any images. Thanks @qwertyoruiopz pic.twitter.com/4fyOx3G7E0— axi0mX (@axi0mX) September 29, 2019
Is bootrom Exploit a Threat?
Checkm8 exploit works on memory. So anything you have done in exploited state will come back to your device an unexploited state after a reboot.
The iPhone 5c— that didn't have Secure Enclave. So in that case, this vulnerability would allow you to very quickly get the PIN and get access to all the data. But for pretty much all current phones, from iPhone 6 to iPhone 8, there is a Secure Enclave that protects your data if you don't have the PIN.
My exploit does not affect the Secure Enclave at all. It only allows you to get code execution on the device. It doesn't help you boot towards the PIN because that is protected by a separate system. But for older devices, which have been deprecated for a while now, for those devices like the iPhone 5, there is not a separate system, so in that case, you could be able to [access data] quickly [without an unlock PIN]. -axi0mX
Checkm8 jailbreak is not a jailbreak tool. Still, this is in beta stages that can use a bootrom exploit. So it doesn’t install Cydia to your iDevice. However, Unc0ver jailbreak with Cydia installation or Chimera jailbreak with Sileo installation will arrive as both teams give their full effort for jailbreak the latest iOS 13, iOS 13.1 and iOS 13.2 versions.
2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.— axi0mX (@axi0mX) September 27, 2019
Fake Checkm8 based Checkra1n jailbreak
Still Checkra1n jailbreak doesn’t released to the public as a tool. It will be released in the near future as soon as the Checkra1n developers done their stuff. Most of the famous developers in jailbreak community including axi0mX, qwertyoruiopz, Siguza, ih8sn0w are behind the scene with giving their contribution to make this most awaiting jailbreak to reality.
Note: Regarding this upcoming jailbreak fake/ scam developments are trying to install malicious mobile configs and gain click fraud. Do not trust them.
According to this scam website said that they provide Checkra1n jailbreak for A5 - A13 bionic chips. Also said that Chera1n jailbreak no need of PC to jailbreak from their website and available for iOS 12.4.2 to iOS 13.1.3. But in reality Checkra1n still for A5 - A11 devices. They have mobile configuration file to download Checkra1n jailbreak. Provide fake jailbreak process and finally take you to download apps.
This scam site detect your iOS device and version and provide fake Checkra1n jailbreak process to install configuration file. Finally take you to install apps to complete jailbreak process. This provide survey scam jailbreak. Do not trust.
Checkra1n jailbreak official website also updated with warning of these kind of malicious websites and inform you to be aware. Warning says,
The only official domains are https://checkra1n.com, https://checkra.in, https://checkra1n.io, https://checkra1n.dev, https://checkra1n.net Please make sure to avoid other similar-looking domain names as there are known-malicious sites on some