How to bypass iCloud Activation Lock using Checkra1n jailbreak

Today, I will show you how to use checkra1n jailbreak to bypass iCloud on any device from iPhone 5s to iPhone X. The idea is to do SSH via USB, as checkra1n uses SSH ramdisk, and delete /rename or patch the Setup.app running iCloud activation screen on your device.

This method is different from the Custom Firmware restore iCloud bypass method but the idea is the same => patch or invalidate setup.app to bypass activation screen.

Unfortunately, deleting Setup.app will force your device to get the baseband activation status to UNACTIVATED so the following services won’t work on your device:

• No SIM signal (no service issue)
• No iMessage
• No Facetime
• Not able to add new iCloud account
• Not able to use with iTunes (it will show device activation screen in iTunes)

Even if you patch setup.app config to show the completed setup process like:

<key>SetupDone</key>
<true/>
<key>SetupFinishedAllSteps</key>
<true/>

The device will still be unactivated as the lockdownd (the iOS daemon running the activation process) won’t be able to find a valid activation ticket on your device. Also, the device needs to receive a valid wildcard wicket to properly activate the baseband.

iCloud Bypass Guide [MacOS Only]

You need MacOS for this guide as Checkra1n jailbreak is compatible with mac system only at this time. This guide is just for training purposes, use it at your own risk. I am using Mac OS 10.14.6 for this guide.

Supported Devices:

• A5 – iPad 2, iPhone 4S, iPad Mini (1st generation)
• A5X – iPad (3rd generation)
• A6 – iPhone 5, iPhone 5C
• A6X – iPad (4th generation)
• A7 – iPhone 5S, iPad Air, iPad Mini 2, iPad Mini 3
• A8 – Phone 6, iPhone 6 Plus, iPad mini 4
• A8X – iPad Air 2 (not supported)
• A9 – iPhone 6S, iPhone 6S Plus, iPhone SE, iPad (2017) 5th Generation (not supported)
• A9X – iPad Pro (12.9 in.) 1st generation (not supported), iPad Pro (9.7 in.)
• A10 – iPhone 7 and iPhone 7 Plus, iPad (2018, 6th generation), iPad (2019, 7th generation)
• A10X – iPad Pro 10.5″ (2017), iPad Pro 12.9″ 2nd Gen (2017)
• A11 – iPhone 8, iPhone 8 Plus, and iPhone X

Step 1: Download Checkra1n tethered jailbreak. Then install brew and usbmuxd (open terminal app on mac and type)

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install...)"

then type

brew install usbmuxd

Step 2: Boot device into DFU mode (black screen)

Step 3: Run Checkra1n and jailbreak your device. Device should boot to normal mode after jailbreak is done.

Step 4: Run iproxy service which is a part of usbmuxd and make a tunnel from your MacBook port 2222 to the jailbroken device port 44 (you can try 22 port as well). Also, you can use many other tools to make SSH work via USB connection.

iproxy 2222 44

Step 5: Open new terminal tab (Command + T) and SSH into your device.

ssh [email protected] -p 2222

Password: alpine

Step 6: Mount the device file system as read-write so we can delete or patch the Setup.app

mount -o rw,union,update /

mv /Applications/Setup.app /Applications/Setup.bak

rm -rf /Applications/Setup.app

uicache --all  

killall backboardd