Checkm8 BootROM Jailbreak Exploit ‘Unpatchable by Apple’

Here I got the biggest news for the jailbreak community; it’s about checkm8 (checkmate) exploit that is a bootrom exploit from iPhone 4s (A5 chip) to up to iPhone X (A11 chip). Checkm8 BootROM exploit is the most significant exploit that has ever been released in the jailbreak, and Apple can never patch this for these devices, and these devices will be jailbreabale forever.

Because, unlike the OS-based exploits, which lead to the latest jailbreak, the BootROM exploit doesn’t get blown away when apple pushed the next software update. This means the jailbreak community can relax and enjoy the jailbreak on any iOS version as long as they are using checkm8 jailbreak exploit affected devices. The new checkra1n jailbreak is also based on checkm8.

No matter what iOS version you’re on, you can jailbreak your devices, and whatever Apple releases to try to patch it, it won’t be patched by Apple.

You can even downgrade dual boot as well as load Android if you need it. Axi0mX released this checkm8 bootrom exploit; the tweet is below. The link to the unpatchable exploit.

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.

Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG

— ax🔥🌸mX (@axi0mX) September 27, 2019

Checkm8 is the bootrom level security exploit that can be used on every iPhone from A5 to A11 chip iPhones and iPads.

Check here unc0ver untethered jailbreak iOS 14.4 – iOS 14.5.1 as it’s released now.

As this bug supports A5 to A11 iOS devices, unfortunately, A12 and A13 chip devices aren’t supported because Apple patched the checkm8 bug on iPhone XS, iPhone XS Max, and iPhone XR.

Supported Devices For Checkm8 Jailbreak Bootrom Exploit

• iPhone 4s
• iPhone 5
• iPhone 5s
• iPhone 6
• iPhone 6s Plus
• iPhone 7
• iPhone 8
• iPhone X
• iPad 2 – iPad 7
• iPad Mini 1 – iPad Mini 4
• iPad Pro 1 & iPad Pro 2
• Apple TV 3 – Apple TV 4k
• iPod Touch 5 – iPod Touch 7

Devices Not Affected By Checkm8 BootROM Exploit

Checkm8 doesn’t work on A12 and up devices; those devices are below.

• iPhone XR
• iPhone XS
• iPhone XS Max
• iPhone 11
• iPhone 11 Pro
• iPhone 11 Pro Max
• iPad Air 3 (2019)
• iPad Mini 5 (2019)
• iPad Pro 3 (2018)
• And Any Newer Apple Device

This is the biggest ever release in jailbreak history; even you can downgrade iOS to an unsigned iOS version through checkm8 bug. Apart from that, it allows you to do anything you want, including the jailbreak for the latest iOS version available when the jailbreak for these newer versions is updated by developers, like unc0ver jailbreak and chimera jailbreak.

Here is checkra1n windows jailbreak with checkra1n justatech.

We usually target the iOS kernel while we jailbreak through unc0ver, it’s a higher level than bootrom. And that’s what we can target for jailbreak because we have no access to the lower level. But with a checkm8 bug, we have access to almost anything.

Below is the list of tasks this checkm8 bootrom exploit can do.

Checkm8 Bootrom Exploit Capabilities

1. Downgrade tethered without SHSH2 blobs
2. Verbose Boot / Custom Logo
3. Jailbreak tethered the latest iOS
4. CFW iCloud Bypass
5. DualBoot iOS
6. Install another OS like Android, Windows ARM
7. Security Research
8. Fix boot loop issues via SHH Ramdisk

With this bug release, we are about to experience a golden age again for jailbreaking. Its checkm8 is not depending on the iOS version; it’s in the chips in the iPhones. Therefore whatever Apple releases to patch it, it won’t be able to patch the bug. This bug had brought back the good old days when everybody was able to do anything on the device by having full control over custom firmware. You can run even the Android OS through this checkm8 bug.

How To Use CheckM8 BootROM Exploit For CFW / Jailbreak (Pwned DFU Mode)

Here in this section, I am showing you how you can use it to put your device in exploited mode using Mac. This is unfortunately currently available for Mac and Linux users, so you need to have a macOS/Linux to be able to use this exploit. Because it requires the device to be connected with a computer because it is tethered exploit (mentioned above in important note).

Step 1. Download checkm8 jailbreak exploit GitHub

Go onto this GitHub repo and download the zip file of the checkm8 exploit. After it’s downloaded, extract it.

Step 2. Drag and drop exploit file on terminal

Open the terminal, type cd, and add space, after that, drag and drop the extracted folder of the exploit on the terminal.

Step 3. Put the device in DFU mode

Now before doing anything else, put your device into DFU mode. There are two ways to put your device into DFU mode based on device versions. Follow either one below.

iPhone 4S to iPhone 6S DFU Mode

• Press and hold the power button and home button.
• Wait until the screen turns black (the phone shuts down).
• Now, wait 3-4 more seconds then release the power button only.
• Keep pressing the home button for ten more seconds.
• At this stage, the screen should be black, but iTunes will detect your phone in recovery mode. At this time, there won’t be any PC or iTunes logo on your phone’s screen. If you see any of the logos, you’re in the recovery mode, not in the DFU mode, in that case, you need to do these steps again.

Your device will remain on the black screen but iTunes will show that your device is in the DFU mode. But if the device is showing iTunes or computer logo, that means you’re in recovery mode, not in the DFU mode. Then you need to perform the DFU mode steps again.

Checkout the checkm8 checkra1n windows jailbreak checkn1x.

iPhone 7 or newer versions / iPod touch 7th gen

• Press and hold the power button and volume down button.
• Wait until the screen turns black (the phone shuts down).
• Now, wait 3-4 more seconds then release the power button only.
• Keep pressing the volume down button for ten more seconds.
• At this stage, the screen should be black, but iTunes will detect your phone in recovery mode. At this time, there won’t be any PC or iTunes logo on your phone’s screen. If you see any of the logos, you’re in the recovery mode, not in the DFU mode, in that case, you need to do these steps again.

Step 4. Run commands

when your device is in DFU mode, go back to the terminal and type this, ./ipwndfu -p and press enter.

There are chances that it shows that it’s failed, but you need to write the same command again and again until it succeeds. When it is successfully down, it will show you the message that the device is now in pwned DFU mode.

After your device is in Pwned DFU mode, you can use it to send custom boot chains or a modified one. The usages are unlimited, but keep in mind that your phone won’t be showing anything on its screen; it remains black all the time.

This is how you can put your device in pwned DFU mode.

Checkm8 Jailbreak Exploit (FAQs)

Checkm8 BootROM Jailbreak Exploit 'Unpatchable by Apple' 2022

Axi0mX released a unpatchable jailbreak exploit named as checkm8 bootrom exploit this jailbreak exploit can be used in jailbreaks, put device in ipwned DFU mode

Operating System: iOS, macOS, iPadOS

Editor's Rating:
4.9