How to bypass iCloud Activation Lock using Checkra1n jailbreak
Today I will show you how to use checkra1n jailbreak to bypass iCloud on any device from iPhone 5s to iPhone X. The idea is to do SSH over USB, as checkra1n is using SSH ramdisk and delete /rename or patch the Setup.app which runs the iCloud activation screen on your device.
This method is different from the Custom Firmware restore iCloud bypass method but the idea as the same => patch or invalidate the setup.app in order to bypass the activation screen.
Unfortunately, deleting Setup.app will force your device to get the baseband activation status to UNACTIVATED so the following services won't work on your device:
No SIM signal (no service issue)
No iMessage
No Facetime
Not able to add new iCloud account
Not able to use with iTunes (it will show device activation screen in iTunes)
Even if you patch setup.app config to show the completed setup process like:
The device will still be unactivated as the lockdownd (the iOS deamon running the activation process) not able to find a valid activation ticket on your device. Also device needs to receive valid wildcard wicket to properly activate the baseband.
Supported Devices:
Step 1: Download Checkra1n tethered jailbreak. Then install brew and usbmuxd (open terminal app on mac and type)
Step 2: Boot device into DFU mode (black screen)
Step 3: Run Checkra1n and jailbreak your device. Device should boots to normal mode after the jailbreak is done.
Step 4: Run iproxy service which is a part of usbmuxd and make a tunnel from your MacBook port 2222 to jailbroken device port 44 (you can try 22 port as well). Also, you can use many other tools to make SSH works over USB connection.
Step 5: Open new terminal tab (Command + T) and SSH into your device.
Step 6: Mount the device file system as read-write so we can delete or patch the Setup.app
source: checkm8.info
This method is different from the Custom Firmware restore iCloud bypass method but the idea as the same => patch or invalidate the setup.app in order to bypass the activation screen.
Unfortunately, deleting Setup.app will force your device to get the baseband activation status to UNACTIVATED so the following services won't work on your device:
No SIM signal (no service issue)
No iMessage
No Facetime
Not able to add new iCloud account
Not able to use with iTunes (it will show device activation screen in iTunes)
Even if you patch setup.app config to show the completed setup process like:
<key>SetupDone</key>
<true/>
<key>SetupFinishedAllSteps</key>
<true/>
The device will still be unactivated as the lockdownd (the iOS deamon running the activation process) not able to find a valid activation ticket on your device. Also device needs to receive valid wildcard wicket to properly activate the baseband.
iCloud Bypass Guide [MacOS Only]
You need MacOS for this guide as Checkra1n jailbreak is compatible with mac system now at this time. This guide is just for training purposes, use it at your own risk. I am using Mac OS 10.14.6 for this guide.Supported Devices:
- A5 - iPad 2, iPhone 4S, iPad Mini (1st generation)
- A5X - iPad (3rd generation)
- A6 - iPhone 5, iPhone 5C
- A6X - iPad (4th generation)
- A7 - iPhone 5S, iPad Air, iPad Mini 2, iPad Mini 3
- A8 - Phone 6, iPhone 6 Plus, iPad mini 4
- A8X -
iPad Air 2 (not supported) - A9 - iPhone 6S, iPhone 6S Plus, iPhone SE, iPad (2017)
5th Generation (not supported) - A9X -
iPad Pro (12.9 in.) 1st generation (not supported), iPad Pro (9.7 in.) - A10 - iPhone 7 and iPhone 7 Plus, iPad (2018, 6th generation), iPad (2019, 7th generation)
- A10X - iPad Pro 10.5" (2017), iPad Pro 12.9" 2nd Gen (2017)
- A11 - iPhone 8, iPhone 8 Plus, and iPhone X
Step 1: Download Checkra1n tethered jailbreak. Then install brew and usbmuxd (open terminal app on mac and type)
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"then type
brew install usbmuxdIf you have fresh Mac OS install the building process can take a while so be pasient and dont interrupt the process.
Step 2: Boot device into DFU mode (black screen)
Step 3: Run Checkra1n and jailbreak your device. Device should boots to normal mode after the jailbreak is done.
Step 4: Run iproxy service which is a part of usbmuxd and make a tunnel from your MacBook port 2222 to jailbroken device port 44 (you can try 22 port as well). Also, you can use many other tools to make SSH works over USB connection.
iproxy 2222 44DON'T CLOSE the iproxy terminal window else it will terminate the TCP connection.
Step 5: Open new terminal tab (Command + T) and SSH into your device.
ssh root@localhost -p 2222Password: alpine
Step 6: Mount the device file system as read-write so we can delete or patch the Setup.app
mount -o rw,union,update /Step 7: Rename Setup.app to any other filename like Setup.bak
mv /Applications/Setup.app /Applications/Setup.bakYou can also completely delete the Setup.app using this command
rm -rf /Applications/Setup.appStep 8: Delete Setup.app activation screen cache (else it will be shown on device screen). This process can take a while and device will respring.
uicache --allStep 9: Terminate all system processes related to Springboard
killall backboarddiCloud Activation screen bypass done. Don't forget to support checkra1n developers as they put so much affords to bring us jailbreak and iCloud freedom.
source: checkm8.info
tried. and doesnot work. Especialy deleting the setup.app file. this will render your phone useless. a paperweight
ReplyDelete