Today, I will show you how to use checkra1n jailbreak to bypass iCloud on any device from iPhone 5s to iPhone X. The idea is to do SSH via USB, as checkra1n uses SSH ramdisk, and delete /rename or patch the Setup.app running iCloud activation screen on your device.
This method is different from the Custom Firmware restore iCloud bypass method but the idea is the same => patch or invalidate setup.app to bypass activation screen.
Unfortunately, deleting Setup.app will force your device to get the baseband activation status to UNACTIVATED so the following services won’t work on your device:
Even if you patch setup.app config to show the completed setup process like:
<key>SetupDone</key> <true/> <key>SetupFinishedAllSteps</key> <true/>
The device will still be unactivated as the lockdownd (the iOS daemon running the activation process) won’t be able to find a valid activation ticket on your device. Also, the device needs to receive a valid wildcard wicket to properly activate the baseband.
iCloud Bypass Guide [MacOS Only]
You need MacOS for this guide as Checkra1n jailbreak is compatible with mac system only at this time. This guide is just for training purposes, use it at your own risk. I am using Mac OS 10.14.6 for this guide.
Step 1: Download Checkra1n tethered jailbreak. Then install brew and usbmuxd (open terminal app on mac and type)
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install...)"
brew install usbmuxd
Step 2: Boot device into DFU mode (black screen)
Step 3: Run Checkra1n and jailbreak your device. Device should boot to normal mode after jailbreak is done.
Step 4: Run iproxy service which is a part of usbmuxd and make a tunnel from your MacBook
port 2222 to the jailbroken device
port 44 (you can try 22 port as well). Also, you can use many other tools to make SSH work via USB connection.
iproxy 2222 44
Step 5: Open new terminal tab (Command + T) and SSH into your device.
ssh [email protected] -p 2222
Step 6: Mount the device file system as read-write so we can delete or patch the Setup.app
mount -o rw,union,update /
mv /Applications/Setup.app /Applications/Setup.bak
rm -rf /Applications/Setup.app
Step 9: Terminate all system processes related to Springboard
iCloud Activation screen bypass is done.
Don’t forget to support checkra1n developers as they put so much efforts to bring us jailbreak and iCloud freedom.
We value our customers and offer beneficial partnerships to wholesale and small businesses. We are happy to work with repair shops, workshops, GSM repair, etc. We offer flexible pricing on our services and software to our partners. At the moment, we are supporting some of the most popular GSM-services, including GMS Fusion and DHRU. We develop client's systems and connect reseller websites to our services through API connections or online.