It has been a week since axi0mX publicly released the ultra-powerful checkm8 BooptROM exploit. Here’s how you can run and execute it on your iPhone, iPad, or iPod touch if you haven’t done so already.
Table of Contents
What can be achieved using checkm8?
Currently, not much can be achieved using checkm8 exploit apart from downgrading legacy devices to iOS 10.3.3 with OTA Blobs.
However, if you happen to be a security researcher, there’s a lot you can do with this BootROM exploit, namely –
- USB exploit for pwned DFU Mode
- Send a file to device in DFU Mode
- Demote device to enable JTAG
If you are unclear about the capabilities and compatibility of this exploit, give this article a read. Though all processors beginning with A5 up till A11 Bionic are compatible, only select models are supported in the current iteration.
Remember, run checkm8 only if you have a spare device. It’s just not worth it running it on your daily driver.
We, nor the developers are responsible for any damage caused to your device through the usage of this tutorial.
- A supported iPhone, iPad, or iPod touch
- A computer
- macOS or Linux operating system
How to run checkm8 exploit on iPhone, iPad, iPod
Download the exploit
Step 1 Download the exploit from this link.
Step 2 Unzip the file and extract its contents to any location, preferably Desktop.
Step 3 Connect your Apple device to your computer with a USB cable. For the sake of this tutorial, I will use my trusty first-generation iPad Mini.
Enter DFU Mode
Step 4 You will now want to put your device in DFU Mode. Follow the instructions given below for your model –
- iPhone SE/6S and below – Press and hold POWER + HOME buttons until the screen gets turned off. Wait for five seconds and release the POWER button while keeping the HOME button pressed for 10 seconds. When the screen goes black, release it.
- For iPhone 7 and above – Press and hold POWER + VOLUME DOWN buttons until the screen gets turned off. Wait for five seconds and release the POWER button while keeping the VOLUME DOWN button pressed for 10 seconds. When the screen goes black, release it.
If your display shows the iTunes, you have entered Recovery Mode, not DFU Mode. Repeat the step given above once again.
Step 5 Launch Terminal and enter the following command –
Alternatively, you can open the ipwndfu file directly in the Terminal.
Step 6 Once you are in the correct folder, key in the iPwnDFU command.
Step 7 Your device will now be in DFU Mode. Although I did get the exploit to run, the current version of the exploit does not support the specific variant of the processor in my iPad Mini (first generation).
That’s all there’s to it! You are now in pwned DFU Mode and can play around with the exploit however you like.
If you run into an error or are unable to get the exploit working, don’t forget to drop a comment below.