Untethered Jailbreak Available For All iOS Devices Till iPhone X
Hacker Publicly release open source Jailbreak for iOS devices for iPhone 4s to iPhone X.
New version of Checkm8 Jailbreak released for all iOS devices running A5 to A11 chipsets
It will not works for latest A12 and A13 chipset.
According to Twitter handle name axi0mX
"EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip)."
checkm8
- Permanent unpatchable bootrom exploit for hundreds of millions of iOS devices
- Meant for researchers, this is not a jailbreak with Cydia yet
- It allows dumping SecureROM, decrypting keybags for iOS firmware, and demoting device for JTAG
- current SoC support: s5l8947x, s5l8950x, s5l8955x, s5l8960x, t8002, t8004, t8010, t8011, t8015
- future SoC support: s5l8940x, s5l8942x, s5l8945x, s5l8747x, t7000, t7001, s7002, s8000, s8001, s8003, t8012
- Full jailbreak with Cydia on latest iOS version is possible, but requires additional work
Quick start guide for checkm8
- Use a cable to connect device to your Mac. Hold buttons as needed to enter DFU Mode.
- First run ./ipwndfu -p to exploit the device. Repeat the process if it fails, it is not reliable.
- Run ./ipwndfu –dump-rom to get a dump of SecureROM.
- Run ./ipwndfu –decrypt-gid KEYBAG to decrypt a keybag.
- Run ./ipwndfu –demote to demote device and enable JTAG.
Features
- Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untethered bootrom exploit.
- Pwned DFU Mode with steaks4uce exploit for S5L8720 devices.
- Pwned DFU Mode with limera1n exploit for S5L8920/S5L8922 devices.
- Pwned DFU Mode with SHAtter exploit for S5L8930 devices.
- Dump SecureROM on S5L8920/S5L8922/S5L8930 devices.
- Dump NOR on S5L8920 devices.
- Flash NOR on S5L8920 devices.
- Encrypt or decrypt hex data on a connected device in pwned DFU Mode using its GID or UID key.
Dependencies
It should be compatible with Mac and Linux. It won’t work in a virtual machine.
- libusb, If you are using Linux: install libusb using your package manager.
- iPhone 3GS iOS 4.3.5 iBSS
Download Open Source checkm8
“What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.”
“A bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer., as the researcher said.
“Maybe someone can figure out a nice way to use JTAG on iPhone without proprietary hardware and software. I and many others would be forever grateful if someone makes that possible.”
Disclaimer
- This is BETA software.
- Backup your data.
This tool is currently in beta and could potentially brick your device. It will attempt to save a copy of data in NOR to nor-backups folder before flashing new data to NOR, and it will attempt to not overwrite critical data in NOR which your device requires to function. If something goes wrong, hopefully you will be able to restore to latest IPSW in iTunes and bring your device back to life, or use nor-backups to restore NOR to the original state, but I cannot provide any guarantees.
There is NO warranty provided.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
