Today, I will show you how to use checkra1n jailbreak to bypass iCloud on any device from iPhone 5s to iPhone X. The idea is to do SSH via USB, as checkra1n uses SSH ramdisk, and delete /rename or patch the Setup.app running iCloud activation screen on your device.
This method is different from the Custom Firmware restore iCloud bypass method but the idea is the same => patch or invalidate setup.app to bypass activation screen.
Unfortunately, deleting Setup.app will force your device to get the baseband activation status to UNACTIVATED so the following services won’t work on your device:
Even if you patch setup.app config to show the completed setup process like:
<key>SetupDone</key> <true/> <key>SetupFinishedAllSteps</key> <true/>
The device will still be unactivated as the lockdownd (the iOS daemon running the activation process) won’t be able to find a valid activation ticket on your device. Also, the device needs to receive a valid wildcard wicket to properly activate the baseband.
iCloud Bypass Guide [MacOS Only]
You need MacOS for this guide as Checkra1n jailbreak is compatible with mac system only at this time. This guide is just for training purposes, use it at your own risk. I am using Mac OS 10.14.6 for this guide.
Step 1: Download Checkra1n tethered jailbreak. Then install brew and usbmuxd (open terminal app on mac and type)
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install...)"
brew install usbmuxd
Step 2: Boot device into DFU mode (black screen)
Step 3: Run Checkra1n and jailbreak your device. Device should boot to normal mode after jailbreak is done.
Step 4: Run iproxy service which is a part of usbmuxd and make a tunnel from your MacBook
port 2222 to the jailbroken device
port 44 (you can try 22 port as well). Also, you can use many other tools to make SSH work via USB connection.
iproxy 2222 44
Step 5: Open new terminal tab (Command + T) and SSH into your device.
ssh root@localhost -p 2222
Step 6: Mount the device file system as read-write so we can delete or patch the Setup.app
mount -o rw,union,update /
mv /Applications/Setup.app /Applications/Setup.bak
rm -rf /Applications/Setup.app
Step 9: Terminate all system processes related to Springboard
iCloud Activation screen bypass is done.
Don’t forget to support checkra1n developers as they put so much efforts to bring us jailbreak and iCloud freedom.
In the event of supervision on your iPad or iPhone you surely will be looking for ways to get rid of it or disable restricted […]
Any user can face an iPhone Activation Lock issue at some point. More chances for this problem to come up is when you buy in […]
Probably, each and every iPhone user worldwide heard of jailbreaking and unlocking at least once. Did you ever think what exactly these terms mean? Or […]
Jailbreaking has become an integral part of iOS devices usage for many users. There is a wide range of various Jailbreak Firmwares, Software or Tools […]
The latest version of the checkm8-based checkra1n jailbreak tool was just released by the checkra1n dev team. This version supports iOS 13-iOS 13.3 devices. Here […]
The chances are the well-known checkm8 jailbreak is something you already heard of. This exploit takes advantage of an unfixable BootROM vulnerability of the majority […]