How to jailbreak an iDevice using Checkra1n: Difference between revisions

From Computernewb Wiki
Jump to navigation Jump to search
computernewb>Swordlink1
No edit summary
 
m (1 revision imported)
 

Latest revision as of 22:43, 17 May 2022

WARNING!
Computernewb Wiki is not responsible for bricked devices, voided warranties, and other things that may happen when following this guide!


NOTE: This is a semi-tethered jailbreak, meaning that when the device reboots or dies, the jailbreak is inactive until it is "re-jailbroken" by checkra1n. However, you can still use the phone fine. Follow the steps in Instructions besides the parts about Cydia installation each time you reboot to make sure your phone is jailbroken again.

This guide will teach you how to jailbreak an iPhone, iPad, or iPod Touch using the Checkra1n tool. Checkra1n is unique in that it uses an exploit in the EEPROM boot chip (or bootrom) known as checkm8 that can't be patched with software updates. This allows for a "pwned DFU" mode where the iDevice can be downgraded without regards to SHSH blobs, verbose booted, and more. Most importantly, it can be jailbroken!

In addition to the computer, you will need a Lightning to regular USB cable. You might happen to have this from an older iPhone; if you don't, just buy one from Apple.

Compatibility

Target device

First, you need to know if your iDevice is susceptible to the checkm8 exploit. Checkra1n requires not just a checkm8 susceptible device, but a 64-bit processor. Checking for this is easy; if your iDevice is one of the following models, it is able to work with checkra1n.

iPhone

  • iPhone 5s
  • iPhone 6
  • iPhone 6+
  • iPhone 6s
  • iPhone 6s+
  • iPhone SE, 1st generation
  • iPhone 7
  • iPhone 7+
  • iPhone 8 (*)
  • iPhone 8+ (*)
  • iPhone X (*)

iPad

  • iPad Mini, 2nd generation
  • iPad Mini, 3rd generation
  • iPad Air, 1st generation
  • iPad Mini, 4th generation
  • iPad Air, 2nd generation
  • iPad, 5th generation
  • iPad Pro, 1st generation (12.9 inch)
  • iPad Pro, 1st generation (9.7 inch)
  • iPad, 6th generation
  • iPad, 7th generation
  • iPad Pro, 2nd generation (12.9 inch)
  • iPad Pro, 2nd generation (10.5 inch)

iPod Touch

  • iPod Touch, 6th generation
  • iPod Touch, 7th generation

(*) With a caveat: The SEP chip requires a workaround for A11 devices, meaning that passcodes, Face ID, and Touch ID need to be turned off.

Injecting device

The computer used for injecting Checkra1n needs to fulfill certain requirements:

  • Must be running macOS or Linux
  • Must have a USB port

I don't use Linux and don't have a Mac. How do I run this?

It's simple! If you have a USB flash drive, you can make a bootable USB with checkra1n using a checkn1x ISO and a USB writing program called Rufus. You must have at least two USB ports to use this approach. Otherwise, the only way to get checkra1n on your device is to install Linux.

First, download Rufus and the checkn1x ISO. Launch Rufus with administrator privileges. Make sure you have your USB drive plugged in. Then, change the following options:

  • Device to the disk letter of your USB drive
  • Boot selection to the checkn1x ISO
  • Volume label to "checkn1x"

Press the START button, and wait for the USB drive to finish being flashed. Go into your BIOS and disable Secure Boot if you see it, and change the boot order to USB first. Make sure your USB drive is plugged in and then save and reboot. You should boot into checkn1x, and you should be looking at the start menu of checkra1n for Linux. Once you have finished, make sure to change your boot order back to your boot drive. (or you know, just use a vm)

I use Linux or macOS. What should I do?

Linux
  • Download checkra1n from here.
  • Go into a terminal, type in cd Downloads, and type in chmod +x checkra1n. Checkra1n is now ready to run. Keep this terminal open for the next steps!
macOS
  • Download checkra1n from here.
  • Checkra1n should already be runnable.

Instructions

  • If you are using the checkn1x approach, you should boot to checkra1n.
  • If you are using Linux, run the tool by typing ./checkra1n into the terminal from the last step.
  • If you are using macOS, run the tool through Finder.

Grab the Lightning to USB cable. Plug the USB end into the computer and the Lightning end into the device. Checkra1n should hopefully notice the device. If you are jailbreaking an A11 device (iPhone 8, iPhone 8+, or iPhone X), you must turn off the passcode, Face ID, and Touch ID and enable Skip A11 BPR check (if it isn't initially visible, find the Options tab and enter it). Press Start and then Next. Your iDevice should boot into recovery mode.

Next, read the instructions to put your iDevice into DFU mode. Press Start and then hold the buttons for the amount of time required. Once checkra1n notices your iDevice is in DFU mode, it will put it into pwned DFU mode using the exploit and begin to jailbreak it.

Even after the iDevice has finished booting, don't unplug it. Make sure that the checkra1n app has appeared before unplugging it from the computer. Try adding a bookmark to the home screen and removing it to get the app to show up.

Now, you can install Cydia. Open the checkra1n app and select Cydia. Press Install Cydia, and wait for it to completely install. The app should close once Cydia is finished installing, and then you can go into Cydia and install some tweaks. Enjoy your freedom!

Troubleshooting

  • If your jailbreak apps don't work, you rebooted and the jailbreak became inactive. Follow the steps in the Instructions section besides the parts pertaining to Cydia installation.
  • If installing a tweak on Cydia gives you an error, try the instructions here first. If that won't work, go into the checkra1n app and try reinstalling Cydia by pressing the Cydia button and then pressing Reinstall Cydia. If that doesn't work or you can't reinstall Cydia, press the Restore RootFS button in the checkra1n app and then jailbreak again with your computer. If that doesn't work, try SSHing into your iDevice and fixing it from there, using tweaks already on your device to try to fix it, or ultimately performing a DFU restore.