Luca Todesco has finally released the highly-anticipated jailbreak tool, checkra1n, for iOS 13.2 firmware and below. Here’s how you can download this tool and jailbreak your iPhone, iPad, or iPod touch with it.
Table of Contents
What’s checkra1n and how does it work?
checkra1n is a semi-tethered BootROM jailbreak tool developed for iOS 13 firmware. It is based on axi0mX’s checkm8 exploit and developed by Luca Todesco, Jamie Bishop, and the rest of the checkra1n Development Team.
Touted as the most jailbreak tool ever released for a modern firmware, checkra1n can jailbreak any firmware version since it exploits a vulnerability that lies in the device’s hardware.
So, as long as Apple releases updates for your device, you will be able to jailbreak it.
For instance, the latest exploitable device that can be jailbroken with this tool is iPhone X.
Apple usually supports its mobile devices for five to six years before they stop seeding updates. Consequently, the iPhone X shall remain jailbreakable up till iOS 15 or 16.
The only way to patch the checkm8 exploit is to recall all affected devices and replace their SoCs (system-on-chip), which is simply impracticable to do at scale.
In addition, checkra1n can potentially let you perform in-depth modifications (apart from jailbreak) such as –
- Flashing custom firmware.
- Upgrade and downgrade without SHSH Blobs.
- Dual-boot different iOS operating systems on the same device.
- Engineer better jailbreak detection DRM bypass utilities, etc.
- Stable uptime as compared to other tools.
In spite of all its benefits, checkra1n is not with its flaws and shortcomings:
- Compatibility; is a major issue for anyone who would like to use this tool on a modern device. checkra1n is not compatible with devices released after the iPhone X (A11 Bionic chip) and will never ever offer support for them. Read the compatibility section carefully before you attempt to jailbreak your device.
- Re-jailbreaking is a hurdle; checkra1n is a semi-tethered utility and, as a consequence, requires you to connect to the computer each time you wish to boot into the jailbroken state. If you reboot your device while not having access to a computer or laptop with the jailbreak software, you will not be able to jailbreak it.
- Operating system support; At the time of writing this post, the compatibility of this utility remains limited to macOS users only. If you have a Windows of Linux, you can either wait for future updates or install Hackintosh. Running a macOS VM (Virtual Machine) on your computer or laptop using Virtual Machine or other hypervisor software will NOT deliver the payload correctly.
- Cessation of updates; Apple might stop offering updates for affected devices altogether in order to protect the users. It seems far-fetched at this point in time but Apple could use this as a ploy to get users to buy newer (and expensive) devices not vulnerable to the checkm8 exploit.
Which devices/firmware are compatible?
- iPhone 4S
- iPhone 5/5S
- iPhone 6/6S
- iPhone 6/6S Plus
- iPhone SE
- iPhone 7/7 Plus
- iPhone 8/8 Plus
- iPhone X
- iPad Pro (10.5-inch), iPad Pro (12.9-inch) (2nd generation)
- iPad (9.7-inch)
- iPad Mini 2
- iPad Mini 3
- iPad Mini 4
- iPad Pro 1st-Generation
- iPad Air 2nd-generation
- iPad 5th-generation
Important – Support for iPhone 5S, iPad Mini 2, iPad Mini 3, as well as the iPad Air is experimental as of version Beta 0.9. iPad Air 2, iPad 5th generation, and iPad Pro 1st generation are not supported as of yet (Update: These devices are now compatible).
- iOS 12.3
- iOS 12.3.1
- iOS 12.4
- iOS 12.4.1
- iOS 12.4.2
- iOS 12.4.3
- iOS 13.0
- iOS 13.1.1
- iOS 13.1.2
- iOS 13.1.3
- iOS 13.2
- iOS 13.2.1
- iOS 13.2.2
- iOS 13.2.3
- iOS 13.3
- iOS 13.3.1
- iOS 13.4
- iOS 13.4.1
- iOS 13.5
- iOS 13.5.1
- iOS 13.6
- v0.10.2 (macOS/Linux CLI, x86_64/Linux CLI, arm/Linux CLI, arm64/Linux CLI, i486)
- v0.10.1 (macOS/Linux CLI, x86_64/Linux CLI, arm/Linux CLI, arm64/Linux CLI, i486)
- v0.10.0 (macOS)
- v0.9.9 experimental pre-release version (macOS)
- v0.9.8.2 (macOS/Linux CLI, x86_64/Linux CLI, arm/Linux CLI, arm64/Linux CLI, i486)
- v0.9.8.1 (macOS/Linux CLI, x86_64/Linux CLI, arm/Linux CLI, arm64/Linux CLI, i486)
- v0.9.8 (macOS/Linux CLI, x86_64/Linux CLI, arm/Linux CLI, arm64/Linux CLI, i486)
- v0.9.7 (macOS)
- v0.9.6 (macOS)
- v0.9.5 (macOS)
- v0.9.4 (macOS)
- v0.9.3 (macOS)
- v0.9.2 (macOS)
- v0.9.1 (macOS)
- v0.9 (macOS)
- v0.10.2 – Adds support for devices running iOS/iPadOS 13.5. Fixes issues with kernel patches that cause devices to not startup. Fixes bootstrap upload not working in locked state.
- v0.10.1 – Adds support for iOS 13.4 and 13.4.1 operating systems. Introduces kernel patch finder v2. Users can now quit from the webra1n interface. Fixes support for A7 models. Fixes an issue in iOS 12.4 that causes kernel panic and reboot on shutdown. Fixes an issue that causes keychain to lose new passwords. Fixes an issue that causes GUI/ncurses to crash when used more than once. Fixes an issue where reboots doesn’t restart dropbear client.
- v0.10.0 – Adds support for devices running iOS 13.4 firmware.
- v0.9.9 – Introduces experimental support for iOS 13.4 firmware. Be sure to test on other firmware versions also. If you are an iOS 13.4 user, check the “allow untested iOS versions” from options.
- v0.9.8.2 – Bumps max device tree size to 256KiB for Project Sandcastle. Fixes architecture mismatch for devhelper builds.
- v0.9.8.1 – Adds support for Project Sandcastle and improvements for pongoOS.
- v0.9.8 – Add support for the Linux operating system. Introduces webra1n – an experimental web-based UI for checkra1n. pongoOS now handles low-level patching. Add a new CLI with ncurses with FastDFU compatibility. Add an option to skip version checking for new iOS/iPadOS builds which aren’t supported. Add support for iOS and iPadOS 13.3.1. checkra1n application can now be run without internet.
- v0.9.7 – Fix an issue that prevents the UI from detecting changes in the device modes. Fix an issue that causes the UI to hang on some iPad devices. Add initial compatibility for Apple TV 4K. Delete OTA updates on bootup. Add compatibility for iOS 13.3. Remove libimobiledevice as a dependency. Add tvOS loader app shortcut to the Control Center.
- v0.9.6 – Fix support for iPad 6th-generation. Fix an issue in A7 devices that reported an error code after the payload was delivered successfully. Fixes an issue where jailbreak application icons would show up on boot after running Restore System. Fixes an issue where Loader and Cydia would fail to connect to the internet on Chinese models. Fix an issue that causes iPad Pro Smart Keyboard to disconnect. Fix an issue where fast charging did not work. Add support for Added support for the iPad Air 2nd-generation, iPad 5th-generation, and iPad Pro 1st- generation as well as iOS 13.2.3 firmware.
- v0.9.5 – Fix an issue where the user may get signed out of Apple ID. Fix an issue that messes with MobileSubstrate initialization. Detect downloaded OTA updates that can cause issues. Include a new DFU sequence. DFU mode is now more reliable. Improve the loading mechanism of Cydia Substrate.
- v0.9.3 – Fixes an issue that causes Touch ID and Face ID to fail. Fixes an issue that causes the touch screen to become unresponsive. Fixes an issue where the stock Loader app does not appear on the home screen. Fixes an issue where the Smart Keyboard for iPad devices does not work. Fixes an issue where the fast charge did not work on several models. Fixes an issue where the Taptic engine fails to vibrate. Fixes an issue where battery preferences did not open on some devices. Detects downloaded OTA updates. The loading mechanism for Substrate rewritten for better reliability and stability. Adds an option to boot the device into the no-substrate mode.
- v0.9.2 – Fixes an issue that caused Apple Watch to not receive notifications, improves the reliability of DFU mode, fixes an issue where the jailbreak app could not run on macOS v10.10. Adds an option to boot into the No-substrate mode.
- v0.9.1 – Fixes an issue where the loader would crash while installing Cydia on iPad devices, a crash when macOS language was not English, an issue where iPad Mini models would not work, SCP binary not working.
- v0.9 – First beta build.
- A computer running macOS Catalina or below
- A compatible Apple device
- iOS 12.3-13.6 firmware
How to jailbreak iPhone, iPad, iPod on iOS 13.2 and below with checkra1n
Prepare your computer
Step 1 Download checkra1n jailbreak application for your operating system using the link given above.
Step 2 Once the download finishes, drag and drop the file to your Applications folder on macOS.
Step 3 Open the Applications folder on macOS and make sure the jailbreak app is present therein.
Step 4 Right-click on the checkra1n app to run it.
Step 5 Your computer will now display a security prompt before you try to open it. Click Open.
Connect your device
Step 6 Connect your iPhone or iPad to your computer. Before you proceed, make sure you are NOT using your primary device. We strongly recommend running this tool on a secondary or spare device so long as the tool is in the beta development stage. We will be using an iPhone 7 plus for demonstration purposes.
Step 7 Your device will now prompt you to “Trust” the computer before the connection is established. Tap Trust and enter your regular passcode on the passcode screen.
Execute the utility
Step 8 Go back to the jailbreak utility you downloaded and installed above.
Step 9 Ensure it recognizes your device in connected mode and displays its ECID as shown below.
Step 9 Tap Next to put your device in recovery mode in order to prevent filesystem corruption through a hard reset.
Step 10 Put your device in DFU mode by following the on-screen instructions. Remember, the exploitation process will get stuck on the “Waiting for DFU devices” screen if you don’t put your device correctly in DFU mode.
- Press and hold the Home+Sleep buttons if you own an iPhone 6s or older device.
- In the case of the iPhone 7 or 7 plus, press and hold the Home+Volume Down buttons.
- For iPhone X, hold both the volume up and volume down buttons along with the sleep/wake button.
Step 11 Wait for the tool to deliver the exploit payload onto your device. Let the tool do its thing even if it looks stuck anywhere during the process. DO NOT disconnect your device until finished. This should not take more than 10-15 seconds.
Step 12 Once the tool displays the “All Done” message, tap Done to quit the app.
That’s it! Your device is now fully jailbroken! You can now safely disconnect your device from your computer or laptop.
Install a package manager
Step 13 Go to your device’s home screen and open the checkra1n Loader app. The Loader app is a special application that allows you to install the package manager of your choice.
Step 14 Select Cydia from the package manager list and tap Install Cydia to kickstart the installation. This process can take 2-3 minutes depending on the speed of your internet connection.
Step 15 Once the installation is over, run Cydia from your home screen.
As always, don’t hesitate to post your comments below if you run into an error.
Although checkra1n is a full-blown jailbreak tool in and of itself, the development team behind it has big plans for it. Here’s what you can expect in the future –
- Transform the tool into an iOS version of Clover.
- Custom on-boot kernel extension loading.
- Support for more package managers such as Sileo, Installer, and Zebra.
- Support for Windows and Linux operating systems.
- Make more devices compatible.
- Dual-booting two different iOS operating system versions.
- Run the Linux operating system on the iPhone.