Today, I will show you how to use checkra1n jailbreak to bypass iCloud on any device from iPhone 5s to iPhone X. The idea is to do SSH via USB, as checkra1n uses SSH ramdisk, and delete /rename or patch the Setup.app running iCloud activation screen on your device.
This method is different from the Custom Firmware restore iCloud bypass method but the idea is the same => patch or invalidate setup.app to bypass activation screen.
Unfortunately, deleting Setup.app will force your device to get the baseband activation status to UNACTIVATED so the following services won’t work on your device:
Even if you patch setup.app config to show the completed setup process like:
<key>SetupDone</key> <true/> <key>SetupFinishedAllSteps</key> <true/>
The device will still be unactivated as the lockdownd (the iOS daemon running the activation process) won’t be able to find a valid activation ticket on your device. Also, the device needs to receive a valid wildcard wicket to properly activate the baseband.
iCloud Bypass Guide [MacOS Only]
You need MacOS for this guide as Checkra1n jailbreak is compatible with mac system only at this time. This guide is just for training purposes, use it at your own risk. I am using Mac OS 10.14.6 for this guide.
Step 1: Download Checkra1n tethered jailbreak. Then install brew and usbmuxd (open terminal app on mac and type)
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install...)"
brew install usbmuxd
Step 2: Boot device into DFU mode (black screen)
Step 3: Run Checkra1n and jailbreak your device. Device should boot to normal mode after jailbreak is done.
Step 4: Run iproxy service which is a part of usbmuxd and make a tunnel from your MacBook
port 2222 to the jailbroken device
port 44 (you can try 22 port as well). Also, you can use many other tools to make SSH work via USB connection.
iproxy 2222 44
Step 5: Open new terminal tab (Command + T) and SSH into your device.
ssh [email protected] -p 2222
Step 6: Mount the device file system as read-write so we can delete or patch the Setup.app
mount -o rw,union,update /
mv /Applications/Setup.app /Applications/Setup.bak
rm -rf /Applications/Setup.app
Step 9: Terminate all system processes related to Springboard
iCloud Activation screen bypass is done.
Don’t forget to support checkra1n developers as they put so much efforts to bring us jailbreak and iCloud freedom.
Checkm8 is a reliable tool for remote iCloud Activation Lock Screen removal on iPhone & iPad running on iOS 12.4 up to iOS 14
Checkm8 is ready to remove a passcode and unlock Disabled iPhone & iPad running on iOS 13 up to iOS 14
Easily Bypass Mac Activation Lock Screen on your computer even if you forgot the correct Apple ID and password.
FixM8 Utility designed for reset iPhone or iPad without Apple ID (iCloud) password, updating iOS and iTunes to factory settings.