checkra1n Jailbreak
Share:

checkra1n jailbreak is the new generation jailbreaking tool based on the permanent unpatchable bootrom exploit called checkm8 by axi0mX. The app can be used to jailbreak all iOS Devices between A5 to A11 including iOS 12.3 up to iOS 14. Download checkra1n jailbreak tool for Mac and Linux.

checkra1n is an ultimate jailbreak tool with support for most generations of iOS devices starting from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). All of the devices mentioned are jailbreakable for their entire lifetime. This means every present iOS version and versions that will come in the future.

All A5 to A11 devices are compatible with checkra1n jailbreak. Only the latest devices including iPhone 11 Pro, iPhone 11, iPhone 11 Pro Max, iPhone XR, iPhone XS Max, iPhone XS, and iPhone XS Max are not compatible with checkra1n Jailbreak. Install Cydia app on the latest iOS 14 Version.

checkra1n compatibility (supported devices):

  • A5 - iPad 2, iPhone 4S, iPad Mini (1st generation)
  • A5X - iPad (3rd generation)
  • A6 - iPhone 5, iPhone 5C
  • A6X - iPad (4th generation)
  • A7 - iPhone 5S, iPad Air, iPad Mini 2, iPad Mini 3
  • A8 - Phone 6, iPhone 6 Plus, iPad mini 4
  • A8X - iPad Air 2
  • A9 - iPhone 6S, iPhone 6S Plus, iPhone SE, iPad (2017) 5th Generation
  • A9X - iPad Pro (12.9 in.) 1st generation, iPad Pro (9.7 in.)
  • A10 - iPhone 7 and iPhone 7 Plus, iPad (2018, 6th generation), iPad (2019, 7th generation) (iOS 14 not supported)
  • A10X - iPad Pro 10.5" (2017), iPad Pro 12.9" 2nd Gen (2017)
  • A11 - iPhone 8, iPhone 8 Plus, and iPhone X

Checkm8 is a tethered iOS exploit tool that requires to boot your iPhone after every reboot. It's the main component for checkra1n jailbreak tool and most importantly it is a lifetime jailbreak exploit and Apple cannot patch it with iOS upgrades. This bug was fixed only in the newest hardware upgrade.

checkra1n logo

What more you can achieve with Checkm8 exploit? Downgrade or upgrade to any jailbreakable iOS version without SHSH support, checkm8 supports dual-booting (device can be boot to Android) and will work with all upcoming iOS versions released by Apple. A computer is required to jailbreak.

Also, Apple Watch first-gen, and Series 1, 2, and 3 are vulnerable to checkm8 exploit. checkra1n Tool can also bypass jailbreak detection in-app DRM mechanisms. Recently there is news that checkra1n supports also Apple TV (1st, 2nd, 3rd, and 4th generation) on tvOS 13.

The new jailbreak tool was possible thanks to contributors known to the jailbreak community like ih8sn0w, jonseals, pshycotea, qwertyoruiop, nullpixel, xerub, siguza, aregp, axi0mx, and others. checkra1n Jailbreak will allow you to install any package manager (Cydia, Zebra, Sileo, etc.).

checkra1n Jailbreak Tool on iOS

checkra1n Jailbreak uses Cydia Substrate, the powerful code modification platform behind Cydia. Substrate makes it easy to modify software, even without the source code. From Cydia package manager you can install tweaks, hacks, libraries, and apps from so-called repositories.

In iOS 14, Apple added a new mitigation to SEPOS on A10 and above (except on Apple TVs and iBridge): if the device was booted from DFU mode and the Secure Enclave receives a request to decrypt user data, it will panic the device.

With the recently published blackbird vulnerability, checkra1n is able to get control of the Secure Enclave on A10 and A10X and disable this mitigation. Support for A10 and A10X devices is being worked on and will be ready in the coming weeks.

iOS 14 jailbreak supported devices:

  • iPhone 6s, 6s Plus, and SE
  • iPad 5th generation
  • iPad Air 2
  • iPad mini 4
  • iPad Pro 1st generation
  • Apple TV 4 and 4K
  • iBridge T2

How to download checkra1n

You are just a few steps from downloading the checkra1n jailbreak tool on Mac OS and Linux (Windows versions are not available yet). Follow our guide to download the unpatchable jailbreak exploit. This iOS 13 and iOS 14 jailbreak tool is safe to use and will not make any permanent changes to your device.

checkra1n for Mac

This release is an early beta preview and as such should not be installed on a primary device. We strongly recommend proceeding with caution. Download the latest version of checkra1n.

1. Download checkra1n for macOS.

2. Open the checkra1n.dmg file.

3. Move checkra1n to the Application folder.

4. Open checkra1n app.

checkra1n Jailbreak Tool on Mac

checkra1n for Linux

Find more information about how to use checkra1n Linux.

checkra1n Linux

If you reboot the device without checkra1n, it will revert to stock iOS, and you will not be able to use any 3rd party software installed until you enter DFU and checkra1n the device again.

    How to jailbreak iOS 14

    checkra1n is a semi-tethered jailbreak tool that requires a computer to start the jailbreak. If you own a supported iDevice and can connect it to a PC or Mac you are closer to jailbreaking the system.

    1. Download checkra1n.

    2. Open the dmg package.

    3. Move the app to the Application folder.

    4. Open the checkra1n app.

    5. Connect your iPhone to PC or Mac using USB cable.

    6. Click start to jailbreak your device.

    7. checkra1n will activate Recovery Mode.

    8. Enter DFU mode (screen must stay black) on your iDevice.


    Enter DFU Mode before jailbreak:

    • Keep iDevice in Normal Mode or Recovery Mode, plug USB cable (please don't use USB extension cable)
    • Hold HOME button (iPhone7/7p hold Volume Down button instead), then hold POWER button until the screen is blank
    • Release the POWER button after about 10 seconds, but keep holding the HOME button (iPhone7/7p hold Volume Down button instead) for about 5 seconds

    iPhone8, iPhone8 Plus Steps to enter DFU Mode:

    • Plug an original USB cable, quick-press Volume "+" button, then Volume "-" button and hold the Power button.
    • When the iDevice turns off, hold the Volume "-" button, then release the Power button after 5 seconds, until it prompts "succeded".

    9. Wait till the device will boot into jailbreak mode.

    10. Lunch checkra1n loader from home screen.

    11. Install Cydia to access tweaks.

    Cydia

    Set nonce with checkm8-nonce-setter

    checkm8-nonce-setter is a nonce setter for devices compatible with checkm8 exploit used by checkra1n. iOS version doesn't matter. If your device is compatible with checkm8 + Linus Henze's Signature Check Remover then you can set your nonce and downgrade. This script is macOS only.

    checkm8-nonce-setter

    To start the script open the Terminal app and proceeded with instructions. After setting nonce you can futurerestore with the SHSH you used during the script and downgrade iOS 13 to unsigned version.

    ./main.sh

    Nonce is a signing method that randomizes Apple's cryptographic signature hash blobs (SHSH blobs) and is used with the baseband signing ticket, the APTicket, and SEP (Secure Enclave). Every time if you restore the device, a random string of letters and numbers is generated.

    The nonce (e.g. 0x532fd02xd15k30) is sent to apples serves to request a blob (or APTicket) for the firmware you want to restore. If the nonce of the device and the APTicket match, you can restore even no longer signed IPSW system file. There are few nonce generators available to set a nonce on iOS.

    Alternatively, you can also use CheckNonceGUI, which is a graphic interface for Checkm8 Nonce Setter. The app supports devices like iPhone 5s, iPhone 7/7 Plus, iPhone X, iPad Mini 2, iPad Mini 3, iPad Air, iPad 6th Gen, iPad 7th Gen, and iPod Touch 7th Gen.

    CheckNonceGUI the Checkm8 based APNonce Setter

    How to use checkra1n from terminal (CLI)

    checkra1n was written in nano by Kim Jong Cracks and you can also run the tool from the console using the command line. There are four command parameters available -h (for Help), -d (Demote), -V (Verbose Boot), -s (Enter Safe-Mode), - (run as daemon).

    1. Open Terminal app on Mac OS.

    2. Enter /Applications/checkra1n.app/Contents/MacOS/checkra1n -

    3. The app will now run as daemon and wait for DFU device.

    checkra1n from console

    The main advantage of using checkra1n CLI (the command-line interface) is the ability to jailbreak the newest releases of iOS system. When the GUI (graphic interface) informs you that this version is not supported, proceed with CLI to jailbreak anyway. The latest version of iOS 14 is supported.

    How to remove checkra1n

    The latest version of checkra1n app allows you to easily remove the jailbreak from your device. checkra1n loaders installed on your iOS device allows you to install Cydia. Besides that, there is also an option to Restore system. When you click on this option you will uninstall jailbreak files and other changes made to the operating system, without erasing data. This will reboot iPhone.

    Remove checkra1n from iPhone

    Upgrade jailbreak to latest iOS

    The safest way to update iOS on jailbroken device is to restore the system to the state before you have jailbroken your device in the first place. This option is available via Loader app (the same you used to install Cydia) available from home screen. It is also important to save all tweaks and settings on checkra1n jailbreak to restore them after re-jailbreaking the upgraded iOS version.

    1. Install Batchomatic tweak to save all tweaks, apps, and settings.

    2. Generate a .deb file with iOS jailbreak configurations.

    3. Save the .deb file on any Cloud service.

    4. Open the Loader app and tap Restore System.

    5. Navigate to System → General → Software Update.

    6. Update iOS to the newest version.

    7. Jailbreak your device using checkra1n.

    Step 8. Move the .deb file on your device and install it using Filza.

    Frequently Asked Questions

    What is checkm8?

    checkm8 (read "checkmate") is a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

    How does checkrain work?

    Open the checkra1n app, and follow the instructions to put your device into DFU mode. Hax happens auto-magically from that point and the device will boot into jailbroken mode. After restart, your device will boot in stock iOS.

    Can I SSH into my iDevice?

    checkrain installs an SSH server on port 44 on localhost only. You can expose it on your local machine using iproxy via USB.

    When checkra1n Windows support is coming?

    It is required to write a kernel driver to support Windows (which is a very complex piece of code) which will take time. Rest assured, however, the team is working hard on it. There is no release date available and possibly it will take a long time to release checkra1n Windows version.

    Why there is a problem to enter in DFU mode?

    USB-C Lightning cables (especially those that came shipped with an iPhone box) seem to be physically unable to be used to enter DFU mode. Please try a USB-A cable instead, or maybe third-party cables could also have a higher likelihood of working.

    Can I switch between unc0ver and checkra1n jailbreak?

    If you are running unc0ver and want to try out the checkra1n without losing your tweaks, you can create an empty file at /.mount_rw and safely run the checkra1n jailbreak. Switch between checkra1n and unc0ver as long as you initially jailbroke the device with unc0ver and created that file.