iOS 12.4.1 Jailbreak Using Checkra1n
Hi!
Yesterday, I got a project in which among many things, I was also needed to work on iOS application penetration testing. So I went ahead and chose a device, iPhone 6 plus running iOS 12.4.1. In this article, I don’t aim to bore you with what jailbreak is and what different types of jailbreak there are, but instead, I will directly jump to how one can actually jailbreak their iPhone-the actual steps to reproduce. If you want to learn the nitty-gritty of Jailbreak, you can always visit the following link that elucidates these concepts really well- https://resources.infosecinstitute.com/topic/jailbreaking-your-smartphone/.
Having pen-tested iOS applications for 3 years, I have come across a multitude of jailbreak methods such as Cydia Impactor, Altstore among many more. Although, this time to my dismay, neither worked. So, in desperation, I looked for alternative methods on YouTube and various other blogs but didn’t find something fruitful. So the next best bet was to post this query in one of my WhatsApp group of fellow security researchers and one of the member @hananshakeel2 (Twitter) suggested me to give checkra1n a try. I went ahead and googled to find more about Checkra1n and I came across this link https://checkra.in/ , which actually paved way for the next steps to follow. I found it extremely useful and the best part about checkra is that it provides Jailbreak starting from iPhone 5s through iPhone X with iOS 12.0 and above. Moreover, I have heard that using checkra1n , one can easily jailbreak iOS versions up to 14 without any hassle.
Limitation: At the time of writing this article, checkra1n could only be installed on Mac OS and Linux System.
Note: I used mac OS High Sierra Version 10.13.4.
Steps to Jailbreak iOS 12.4.1
- Download checkra1n from https://checkra.in/releases/0.11.0-beta in your machine.
- Connect your iOS device to your laptop with a USB cable
- Launch checkra1n and go to options and select: “Allow untested iOS/iPadOS/tvOS version
4. Now go back and click on start and it should start the process and put the device into DFU mode. For more information on DFU Mode, visit here https://www.theiphonewiki.com/wiki/DFU_Mode. Click on next
5. Now it will show you some instructions and ask you to follow them:
6. Follow the instructions written on the screen to a tee and then notice your iPhone screen changing into the boot screen along with the checkra1n logo on top of it for a few seconds.
7. Your device should boot and a new application should start to appear on the screen as checkra1n
8. Now, enter the application and click on install cydia.
9. Now the last step is to run this command — try ssh root@<device ip address> which will ask you to enter a password. You can provide alpine as the password and this will automatically allow you to access the filesystem of the iOS device. (Please remember, accessing the iOS filesystem is only possible in a jailbrokon device)
Issues :
Well, it was not a fairytale from start to finish. In the process, I did encounter an error wherein my bootloader got stuck and started to time out (Error 20). So I quickly turned to checkra1n version 0.10.2 and it worked like magic.
I endeavor to constantly update the working and issues with checkra1n in future blogs.
I also want to thank and give a special mention to @hananshakeel2 (Twitter) for introducing me to checkra1n.
This is my first blog and all the feedback and suggestions will be highly appreciated.
I am open to private invites for work , discuss new ideas , collaboration for any new projects. Feel free to connect me on below social media accounts.
Twitter: mohit sharma
Instagram: mohitksharma_07
Reference:
