checkra1n Jailbreak Tool for iOS 12 up to iOS 13
Share:

checkra1n jailbreak is the new generation jailbreaking tool based on the permanent unpatchable bootrom exploit called checkm8 by axi0mX. The app can be used to jailbreak all iOS Devices between A5 to A11 including iOS 12.3 up to iOS 13.5. Download checkra1n jailbreak tool for Mac and Linux.


Content Summary

  1. What is checkra1n?
  2. Download checkra1n Jailbreak
  3. checkra1n for Mac
  4. checkra1n for Linux
  5. Run checkra1n on KVM
  6. Changelog
  7. How to jailbreak iOS 13 using checkra1n
  8. Set nonce with checkm8-nonce-setter
  9. checkra1n TV for 4th gen Apple TV
  10. How to use checkra1n from terminal (CLI)
  11. How to remove checkra1n jailbreak
  12. Bypass checkra1n jailbreak detection
  13. Upgrade to newest iOS
  14. Package managers for checkra1n jailbreak
  15. Frequently Asked Questions

What is checkra1n?

checkra1n is an ultimate jailbreak tool with support for most generations of iOS devices starting from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). All of the devices mentioned are jailbreakable for their entire lifetime. This means every present iOS version and versions that will come in the future.

All A5 to A11 devices are compatible with checkra1n jailbreak. Only the latest devices including iPhone 11 Pro, iPhone 11, iPhone 11 Pro Max, iPhone XR, iPhone XS Max, iPhone XS, and iPhone XS Max are not compatible with checkra1n Jailbreak. Install Cydia app on the latest iOS 13 to 13.3 Version.

checkra1n compatibility (supported devices):

  • A5 - iPad 2, iPhone 4S, iPad Mini (1st generation)
  • A5X - iPad (3rd generation)
  • A6 - iPhone 5, iPhone 5C
  • A6X - iPad (4th generation)
  • A7 - iPhone 5S, iPad Air, iPad Mini 2, iPad Mini 3
  • A8 - Phone 6, iPhone 6 Plus, iPad mini 4
  • A8X - iPad Air 2
  • A9 - iPhone 6S, iPhone 6S Plus, iPhone SE, iPad (2017) 5th Generation
  • A9X - iPad Pro (12.9 in.) 1st generation, iPad Pro (9.7 in.)
  • A10 - iPhone 7 and iPhone 7 Plus, iPad (2018, 6th generation), iPad (2019, 7th generation)
  • A10X - iPad Pro 10.5" (2017), iPad Pro 12.9" 2nd Gen (2017)
  • A11 - iPhone 8, iPhone 8 Plus, and iPhone X

Checkm8 is a tethered iOS exploit tool that requires to boot your iPhone after every reboot. It's the main component for checkra1n jailbreak tool and most importantly it is a lifetime jailbreak exploit and Apple cannot patch it with iOS upgrades. This bug was fixed only in the newest hardware upgrade.

checkra1n logo

What more you can achieve with Checkm8 exploit? Downgrade or upgrade to any jailbreakable iOS version without SHSH support, checkm8 supports dual-booting (device can be boot to Android) and will work with all upcoming iOS versions released by Apple. A computer is required to jailbreak.

Also, Apple Watch first-gen, and Series 1, 2, and 3 are vulnerable to checkm8 exploit. checkra1n Tool can also bypass jailbreak detection in-app DRM mechanisms. Recently there is news that checkra1n supports also Apple TV (1st, 2nd, 3rd, and 4th generation) on tvOS 13.

The new jailbreak tool was possible thanks to contributors known to the jailbreak community like ih8sn0w, jonseals, pshycotea, qwertyoruiop, nullpixel, xerub, siguza, aregp, axi0mx, and others. checkra1n Jailbreak will allow you to install any package manager (Cydia, Zebra, Sileo, etc.).

checkra1n Jailbreak Tool on iOS

checkra1n Jailbreak Tool uses Cydia Substrate, the powerful code modification platform behind Cydia. Substrate makes it easy to modify software, even without the source code. From Cydia package manager you can install tweaks, hacks, libraries, and apps from so-called repositories.

Download checkra1n Jailbreak

You are just a few steps from downloading the checkra1n jailbreak tool on Mac OS and Linux (Windows versions are not available yet). Follow our guide to download the unpatchable jailbreak exploit. This iOS 13 jailbreak tool is safe to use and will not make any permanent changes to your device.

checkra1n for Mac

This release is an early beta preview and as such should not be installed on a primary device. We strongly recommend proceeding with caution. Download the latest version of checkra1n.

Step 1. Download checkra1n for macOS.

Step 2. Open the checkra1n.dmg file.

Step 3. Move checkra1n to the Application folder.

Step 4. Open checkra1n app.

checkra1n Jailbreak Tool on Mac

checkra1n for Linux

Find more information about how to use checkra1n Linux.

checkra1n Linux

If you reboot the device without checkra1n, it will revert to stock iOS, and you will not be able to use any 3rd party software installed until you enter DFU and checkra1n the device again.


Run checkra1n on KVM

If you are really interested to jailbreak your device using checkra1n on Windows or Linux there is a workaround solution. Download ra1nstorm helper that will download (about 2 GB) and automatically configure a Linux Ubuntu environment to run checkra1n from a virtual machine.

ra1nstorm helper

Install the Ubuntu system on the regular HDD or SSD drive, running it from a USB flash drive will not work. Next, ra1nstorm will download the macOS installer from official servers and install it on Linux.

Windows users want to download the "setup.exe" that prepares a Linux environment. Once Xubuntu is installed using setup.exe, run "bash ra1nstorm.run" command in order to begin ra1nstorm setup.

ra1nstorm on Linux


Changelog

Version 0.10.2

  • 13.5 support
  • Fix multiple issues with kernel patches that caused devices to not boot, most notable iPad Air 2 and iPad mini 4
  • Fix bootstrap upload not working if the device is locked

Version 0.10.1

  • Fixes support for A7 devices
  • Fixes an issue in 12.4 which caused the device to panic and reboot on attempted shutdown
  • Fixes an issue that caused the keychain to lose new passwords
  • Fixes an issue which caused the GUI/ncurses to crash when used more than once
  • Fixes an issue where a userspace reboot won’t restart dropbear
  • Added 13.4 and 13.4.1 support
  • Introducing kernel patch finder v2 - rewritten from the ground up for sanic speed
  • You can now quit from the webra1n interface

Version 0.10.0

  • Added support for iOS 13.4

Version 0.9.8.2

  • Bumping maximum device tree size to 256KiB for Project Sandcastle.
  • Fix architecture mismatch for devhelper builds.

Version 0.9.8.1

  • Support SandCastle
  • added the ability to override the booted PongoOS image with the -k option

Version 0.9.8

  • Support for Linux has arrived! See below for more information.
  • Introduces webra1n (see below!).
  • Low-level patching is now handled by our all-new pongoOS, engineered from the ground up for flexibility. More news on this front soon!
  • Adds a whole new CLI, built around ncurses, which now supports FastDFU.
  • Adds a new --version flag to the CLI for debugging purposes.
  • Adds a new option in the GUI and CLI which allows for custom boot-args to be set.
  • Adds an option to skip version checking for new iOS and iPadOS versions which haven’t yet been officially tested.
  • Added support for iOS and iPadOS 13.3.1.
  • The checkra1n app no longer requires internet to open.

Version 0.9.7

  • Add support for iOS 13.3
  • Add inital Apple TV 4K support
  • Purge OTA updates on boot
  • Remove libimobiledevice as a dependency
  • Properly handle situations where there’s no internet

Version 0.9.6

  • Fixes support for the iPad 6th Generation
  • Fixes an issue where A7 devices would report an error code on success
  • Fixes an issue where jailbreak app icons would show up on the boot after using loader’s “Restore System” functionality
  • Makes the loader app more resilient to errors occurring after a long uptime
  • Fixes an issue where Loader and Cydia would fail with a no internet connection message on Chinese iPhones
  • Fixes an issue where the iPad Pro Smart Keyboard would disconnect
  • Fixes an issue where fast charging did not work
  • Add support for jailbreaking Apple TVs from within the same app
  • Added support for the iPad 5th Generation, iPad Air 2nd Generation the iPad Pro 1st Generation
  • Added support for iOS 13.2.3
  • Re-engineered the command line interface from the ground up
  • Drastically improved loader’s speed
  • Restructured loaderd and friends into separate launch daemons to survive userland reboot and removed insult from daemon name
  • Export kernel base and other useful things for developers (see jbctl for details)

Version 0.9.5

  • Fixes an issue where the user may be signed out of their Apple ID
  • Fixes an issue that caused MobileSubstrate initialization to be delayed
  • Detect a case where the user may have an OTA update downloaded, which caused issues for some users

Version 0.9.3

  • Fixes an issue where biometrics did not work for some users
  • Fixes an issue where the touch screen became unresponsive for some users
  • Fixes an issue where the loader app may not have appeared on the homescreen
  • Fixes an issue where the iPad Smart Keyboard did not work
  • Fixes an issue where the fast charging functionality did not work on some devices
  • Fixes an issue where the taptic engine did not work on some devices
  • Fixes an issue where battery settings did not load for some users
  • Detect a case where the user may have an OTA update downloaded

Version 0.9.2

  • Fixed an issue where the Apple Watch would not recieve notifications while jailbroken
  • Improve reliablity of entering DFU mode
  • Fixed an issue where checkra1n could not be used on macOS 10.10
  • This beta adds an option to boot into no-substrate mode.

How to jailbreak iOS 13 using checkra1n

checkra1n is a semi-tethered jailbreak tool that requires a computer to start the jailbreak. If you own a supported iDevice and can connect it to a PC or Mac you are closer to jailbreaking the system.

Step 1. Download checkra1n.

Step 2. Open the dmg package.

Step 3. Move the app to the Application folder.

Step 4. Open the checkra1n app.

Step 5. Connect your iPhone to PC or Mac using USB cable.

Step 6. Click start to jailbreak your device.

Step 7. checkra1n will activate Recovery Mode.

Step 8. Enter DFU mode (screen must stay black) on your iDevice.


Enter DFU Mode before jailbreak:

  • Keep iDevice in Normal Mode or Recovery Mode, plug USB cable (please don't use USB extension cable)
  • Hold HOME button (iPhone7/7p hold Volume Down button instead), then hold POWER button until the screen is blank
  • Release the POWER button after about 10 seconds, but keep holding the HOME button (iPhone7/7p hold Volume Down button instead) for about 5 seconds

iPhone8, iPhone8 Plus Steps to enter DFU Mode:

  • Plug an original USB cable, quick-press Volume "+" button, then Volume "-" button and hold the Power button.
  • When the iDevice turns off, hold the Volume "-" button, then release the Power button after 5 seconds, until it prompts "succeded".

Step 9. Wait till the device will boot into jailbreak mode.

Step 10. Lunch checkra1n loader from home screen.

Step 11. Install Cydia to access tweaks.

Cydia

Set nonce with checkm8-nonce-setter

checkm8-nonce-setter is a nonce setter for devices compatible with checkm8 exploit used by checkra1n. iOS version doesn't matter. If your device is compatible with checkm8 + Linus Henze's Signature Check Remover then you can set your nonce and downgrade. This script is macOS only.

checkm8-nonce-setter

To start the script open the Terminal app and proceeded with instructions. After setting nonce you can futurerestore with the SHSH you used during the script and downgrade iOS 13 to unsigned version.

./main.sh

Nonce is a signing method that randomizes Apple's cryptographic signature hash blobs (SHSH blobs) and is used with the baseband signing ticket, the APTicket, and SEP (Secure Enclave). Every time if you restore the device, a random string of letters and numbers is generated.

The nonce (e.g. 0x532fd02xd15k30) is sent to apples serves to request a blob (or APTicket) for the firmware you want to restore. If the nonce of the device and the APTicket match, you can restore even no longer signed IPSW system file. There are few nonce generators available to set a nonce on iOS.

Alternatively, you can also use CheckNonceGUI, which is a graphic interface for Checkm8 Nonce Setter. The app supports devices like iPhone 5s, iPhone 7/7 Plus, iPhone X, iPad Mini 2, iPad Mini 3, iPad Air, iPad 6th Gen, iPad 7th Gen, and iPod Touch 7th Gen.

CheckNonceGUI the Checkm8 based APNonce Setter

checkra1n TV for 4th gen Apple TV

checkra1n can also jailbreak Apple TV 4th generation with tvOS 13. Now the tool adds support for jailbreaking Apple TVs from within the same app. Be sure to revert your root fs if you will update from another jailbreak first. Apple TV 4K isn't supported yet. Reprovision app is also not working.

Step 1. Download checkra1n for Mac OS.

Step 2. Open the dmg package and move the app to the Application folder.

Step 3. Open the checkra1n app.

Step 5. Connect your Apple TV 4th gen to Mac using USB cable.

Step 6. Click start to jailbreak your device.

checkra1n tv for 4th gen Apple TV

How to use checkra1n from terminal (CLI)

checkra1n was written in nano by Kim Jong Cracks and you can also run the tool from the console using the command line. There are four command parameters available -h (for Help), -d (Demote), -V (Verbose Boot), -s (Enter Safe-Mode), - (run as daemon).

Step 1. Open Terminal app on Mac OS.

Step 2. Enter /Applications/checkra1n.app/Contents/MacOS/checkra1n -

Step 3. The app will now run as daemon and wait for DFU device.

checkra1n from console

The main advantage of using checkra1n CLI (the command-line interface) is the ability to jailbreak the newest releases of iOS system. When the GUI (graphic interface) informs you that this version is not supported, proceed with CLI to jailbreak anyway. The latest version of iOS 13.3 is supported.

How to remove checkra1n jailbreak

The latest version of checkra1n app allows you to easily remove the jailbreak from your device. checkra1n loaders installed on your iOS device allows you to install Cydia. Besides that, there is also an option to Restore system. When you click on this option you will uninstall jailbreak files and other changes made to the operating system, without erasing data. This will reboot iPhone.

Remove checkra1n from iPhone

Bypass checkra1n jailbreak detection

You can be surprised that some AppStore apps and games will not work when you will jailbreak your device using checkra1n. Fortnite, Call of Duty Mobile, Snapchat, PayPal, bank apps will crash when you try to run them on a jailbroken iOS device. Bypass jailbreak detection on checkrain jailbreak. tsProtector tweak will block selected apps to access the system. TweakRestrictor is a free jailbreak tweak to disable code injection in apps. The two tweaks work on iOS 12 and iOS 13.

Upgrade to newest iOS

The safest way to update iOS on jailbroken device is to restore the system to the state before you have jailbroken your device in the first place. This option is available via Loader app (the same you used to install Cydia) available from home screen. It is also important to save all tweaks and settings on checkra1n jailbreak to restore them after re-jailbreaking the upgraded iOS version.

Step 1. Install Batchomatic tweak to save all tweaks, apps, and settings.

Step 2. Generate a .deb file with iOS jailbreak configurations.

Step 3. Save the .deb file on any Cloud service.

Step 4. Open the Loader app and tap Restore System.

Step 5. Navigate to System General Software Update.

Step 6. Update iOS to the newest version.

Step 7. Jailbreak your device using checkra1n.

Step 8. Move the .deb file on your device and install it using Filza.


Package managers for checkra1n jailbreak

After you will jailbreak your device using checkra1n tool it is required to download a package manager to install apps and Cydia tweaks. Install one of the best free package managers directly on your iOS. At the moment, checkra1n supports only Cydia. Support for other package managers is coming soon.

1. Cydia

Cydia is the first open-source unofficial AppStore for iOS. Originally released in 2008 by saurik, Cydia became popular among iPhone users for its ability to install packages to modify the system. The Package Manager works stable and it's installed by default by many popular Jailbreak Tools. It is one of the most popular package managers working on iOS 4 up to iOS 13.

Cydia

2. Installer

Installer is our favorite checkra1n package manager packed with hundreds of useful features. The app is compatible with iOS 9 - iOS 12, supports OLED mode, an option to backup all sources and installed packages. Moreover, it can also automatically import Cydia, Sileo, and Zebra sources. Installer app is not reliant on APT or dpkg, uses a modern database, and is compatible with RootlessJB.

Installer

3. Sileo

Sileo as a checkra1n App Store offers a modern user interface with access to all packages, installed repositories, jailbreak news, etc. The APT Package Manager is installed by default with Chimera Jailbreak tool, and it's compatible with iOS 11 - iOS 13. Sileo offers all features available in Cydia app in a more beautiful package. Edit sources, manage installed packages and discover new tweaks.

Sileo

4. Zebra

Zebra is fast and simple Cydia Alternative replacement for iPhone, iPad, and iPod. It offers features to download and install your favorite jailbreak apps and tweaks. The Package Manager was designed to work with iOS 8 up to iOS 12. Add new sources, view available packages and upgrades, and search for apps and tweaks. Zebra can be installed for free from the official Cydia Repository.

Zebra

Frequently Asked Questions

What is checkm8?

checkm8 (read "checkmate") is a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

How does checkrain work?

Open the checkra1n app, and follow the instructions to put your device into DFU mode. Hax happens auto-magically from that point and the device will boot into jailbroken mode. After restart, your device will boot in stock iOS.

Can I SSH into my iDevice?

checkrain installs an SSH server on port 44 on localhost only. You can expose it on your local machine using iproxy via USB.

When checkra1n Windows support is coming?

It is required to write a kernel driver to support Windows (which is a very complex piece of code) which will take time. Rest assured, however, the team is working hard on it. There is no release date available and possibly it will take a long time to release checkra1n Windows version.

Why there is a problem to enter in DFU mode?

USB-C Lightning cables (especially those that came shipped with an iPhone box) seem to be physically unable to be used to enter DFU mode. Please try a USB-A cable instead, or maybe third-party cables could also have a higher likelihood of working.

Can I switch between unc0ver and checkra1n jailbreak?

If you are running unc0ver and want to try out the checkra1n without losing your tweaks, you can create an empty file at /.mount_rw and safely run the checkra1n jailbreak. Switch between checkra1n and unc0ver as long as you initially jailbroke the device with unc0ver and created that file.