checkra1n Jailbreak

Kuba Pawlakqbap | Jailbreak
checkra1n Jailbreak

Imagine an iOS exploit that allows you to jailbreak all Apple devices on every iOS release in the future. checkra1n jailbreak running the checkm8 exploit was committed to doing it on all A5-A11 devices. As for now, it works with iOS 12 - 14. iOS 15 is a work in progress.

Download checkra1n

What is checkra1n?

checkra1n is a multiplatform jailbreak tool released for macOS and Linux. The Windows version was also announced in 2020 but was never released and probably never will. It can jailbreak iPhone 5s through iPhone X running on iOS 12.0 up to 14.8.1. iOS 15 is not supported.

checkm8 exploit developed by axi0mX is the main engine behind checkra1n jailbreak. The exciting part about this permanent unpatchable bootrom exploit is potentially ensured lifetime jailbreak ability for A5-A11 devices. It means every future iOS release should be vulnerable.

axi0mX exploit was released as an open-source project. Therefore checkm8 was also used to bypass iCloud activation, extract the iPSW components decryption keys, activate dual-booting (running Android on iPhone),downgrade iOS, set nonce, or dump SecureROM.

checkra1n screenshot

checkra1n jailbreak is a desktop application that requires you to connect your iPhone, iPad, Apple TV via a USB cable to proceed with the jailbreak. On mobile devices, the tool sideloads a Loader app that allows you to install Cydia and access this way thousands of tweaks and apps.

Support for other package managers was promised but never delivered by checkra1n team. There is an additional tool Betelguese for macOS to install Odysseyra1n bootstrap, libhooker, Procursus libraries allowing you to run Sileo (Preinstalled),Zebra, Cydia, or Installer.

The Loader app can also be used to Restore System. When you click on this option the app will remove all checkra1n jailbreak files and other changes applied to the operating system, without erasing data. After reboot, your system will be restored.

Be aware that USB-C Lightning cables shipped with an iPhone box seem to be physically unable to be used to enter DFU mode required to jailbreak. Instead, try a USB-A cable or maybe third-party cables could also have a higher likelihood of working with checkra1n.

The jailbreak uses Substrate, the powerful code injection library behind Cydia. Substrate allows developers to easily modify the system to create tweaks, hacks, libraries, and apps.

checkra1n jailbreak can be executed from the terminal and run in a GUI. The graphic interface of the app is definitely more user-friendly but with the command line, you can jailbreak also not supported releases of iOS. This feature doesn't work since iOS 15 release.

checkra1n terminal screenshot

What's more, checkrain installs an SSH server on port 44 on localhost only. You can expose it on your local machine using iproxy via USB. Freely switch between the unc0ver jailbreak and checkrain without losing your tweaks as long as you initially jailbroke with uncover.

This excellent jailbreak for iOS is still in beta. The latest release is numbered 0.12.4. There are some additional configuration options. You can activate Dark Blockchain, Skip A11 BPR check, Verbose Boot, Safe mode, and allow untested iOS/iPadOS/tvOS versions.

Because checkm8 exploit has limitations the latest devices are not supported and never will.

For that reason checkra1n jailbreak will not work with iPhone 13 Mini, iPhone 13, iPhone 13 Pro, iPhone 13 Pro Max, iPhone 12, iPhone 12 Pro, iPhone 12 Mini, iPhone 12 Pro Max iPhone 11 Pro, iPhone 11, iPhone 11 Pro Max, iPhone XR, iPhone XS Max, and iPhone XS.

How to jailbreak iOS

To jailbreak iOS with checkra1n it's required to use a Desktop and a USB-A cable. First of all, check if your device and iOS version are supported by the latest release of the jailbreak tool. The application looks and works the same on all platforms. Enough talking, let's jailbreak.

Step 1. Download and install checkra1n on your system.

Step 2. Run checkra1n app.

Step 3. Connect your iPhone or iPad to a PC or Mac using a USB-A cable.

Step 4. Click start to jailbreak your device.

Step 5. checkra1n will activate Recovery Mode.

Step 6. Proceed with the onscreen instruction to enter DFU mode.

Step 7. checkm8 will exploit the system and boot into jailbreak mode.

Step 8. Open checkra1n Loader app from the Home Screen.

Step 9. Install Cydia app to access tweaks and apps from Repositories.

checkra1n Loader app screenshot

Install Sileo on checkra1n

Sileo is a modern Package Manager for iOS 12 and up with a focus on speed. It was designed to provide a real Cydia alternative for jailbroken devices. Using Odysseyn1x you can easily execute the Odysseyra1n script that will remove Cydia and install Sileo on a checkra1n jailbreak.

Step 1. If you're already jailbroken, restore the system using the Loader app.

Step 2. Jailbreak your device using checkra1n.

Step 3. Don’t open the Loader app available on the Home Screen.

Step 4. Install Odysseyra1n through Odysseyn1x.

Sileo app on checkra1n jailbreak

checkra1n for Windows

checkra1n for Windows was never officially released, but there is a workaround allowing you to run the jailbreak tool from a PC. On 16 April 2022, an unofficial checkra1n for Windows app was published with given permission to release it under a different name - iRemovalRa1n.

The Windows version of the chackra1n app was never released due to a lack of proper kernel driver. iRemovalRa1n is a brand new jailbreak for Windows taking the advantage of the same methods to exploit iOS firmware via USB port by installing UsbDK Runtime Libraries.

Before the native release, the only option to jailbreak from a Windows computer was to use a special Linux distribution that can run from a USB dongle allowing you to access all checkra1n features. Basically, this method allows you also to run checkra1n from Windows.

checkra1n for Windows screenshot

checkn1x is a Linux-based distribution for jailbreaking iOS devices using checkra1n app. You can run the system from a USB drive and jailbreak your iPhone or iPad from a PC. The latest release of checkn1x 1.1.7 (Light image, about 29 MB) is packed with checkra1n 0.12.4.

  1. Install Etcher on your computer (available for Windows, Linux, macOS).
  2. Download checkn1x.iso and load it in Etcher.
  3. Write the ISO to your USB drive.
  4. Reboot and enter your BIOS's boot menu.
  5. Select the USB drive to boot from.
  6. Run checkn1x and click Alt+F2 to open checkra1n for Windows.

Supported devices

All A5-A11 systems on a chip (SoC) are supported by jailbreak. checkra1n compatibility reaches millions of Apple devices. Below you can find the actual list of compatible iPhones and iPads.

  • A5 - iPad 2, iPhone 4S, iPad Mini (1st generation)
  • A5X - iPad (3rd generation)
  • A6 - iPhone 5, iPhone 5C
  • A6X - iPad (4th generation)
  • A7 - iPhone 5S, iPad Air, iPad Mini 2, iPad Mini 3
  • A8 - Phone 6, iPhone 6 Plus, iPad mini 4
  • A8X - iPad Air 2
  • A9 - iPhone 6S, iPhone 6S Plus, iPhone SE,iPad (2017) 5th Generation
  • A9X - iPad Pro (12.9 in.) 1st generation, iPad Pro (9.7 in.)
  • A10 - iPhone 7 and iPhone 7 Plus, iPad (2018, 6th generation),iPad (2019, 7th generation) (iOS 14 not supported)
  • A10X - iPad Pro 10.5" (2017),iPad Pro 12.9" 2nd Gen (2017)
  • A11 - iPhone 8, iPhone 8 Plus, and iPhone X

Source Code

checkra1n was announced as an open-source project but the code was never released to the public. Instead, pongoOS was released which is a pre-boot execution environment for Apple boards built on top of checkra1n. The project is still under development on GitHub Repository.

With the release of pongoOS checkra1n team published also the source code of checkra1n kernel patchfinder (KPF) and SEP exploit. PongoOS and its components are written 94.6% in C language, and 2.5% in Assembly. Developers can build the project on macOS and Linux.

The project was released under the MIT License. Recent changes were added on 4 Nov 2021.

What's new

  • Added support for iOS 14.5 and various bug fixes, including M1 support!
  • Fixing A10/A10X devices on iOS 14.3.
  • NVRAM patch for iOS 14.2.
  • SEPROM exploit for A10(X) on iOS 14 and iOS 14.2 support.
  • iOS/iPadOS 13.5 support.
  • Fixing some LaunchDaemon issues, and enabling USB on the AppleTV 4k.
  • Added support for iOS 13.2.3.
  • Drastically improved loader's speed.

Post a comment