Checkm8 BootROM Exploit [Checkra1n + Fugu ] - Pangu8

Checkm8 exploit

You can get all the Checkm8 exploit related information through this page. New Jailbreak developed using Checkm8 exploit as Checkra1n Jailbreak.

What is Checkm8?

axi0mX introduced the Checkm8 exploit, which works on many iDevices. It is an unpatchable & unblockable exploit to make a permanent jailbreak for almost all iPhones and iPads. This bootrom Checkm8 exploit impacts iPhone 4S to iPhone X and many iPads.

Almost all previous tool’s exploits allow the iOS version to jailbreak. But this Checkm8 exploit is more special than others. This BootROM vulnerability gives access to iOS devices. That’s why it’s called an unpatchable jailbreak exploit. It will be unable to patch or block using future iOS software updates.

Other than the jailbreak possibility, it can downgrade or upgrade the iOS version using this exploit without saving the SHSH blob. Hereafter anyone doesn’t worry about the SHSH blob for downgrading or upgrading iOS version.

iDevice Compatibility

iPhone 4S, iPhone 5, iPhone 5C, iPhone 5S, iPhone 6 & iPhone 6 Plus, iPhone 6S & iPhone 6S Plus, iPhone SE, iPhone 7 & iPhone 7 Plus, iPhone 8 & iPhone 8 Plus, iPhone X

iPad 2, iPad Mini, iPad Mini 2, iPad Mini 3, iPad Mini 4, iPad Air, iPad Air 2, iPad 5 (2017), iPad Pro (12.9 in), iPad Pro (9.7 in), iPad Pro (10.5 in), iPad Pro (12.9 in), iPad 6G, iPad 7G

Note – Not supported with iPhone XS, iPhone XR, iPhone XS Max, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max.

Also, iPhone 8 & iPhone 8 Plus, iPhone X partially works iOS 14 onwards.

iOS Compatibility

iOS 14.8.1, iOS 14.8, iOS 14.7.1, iOS 14.7, iOS 14.6, iOS 14.5.1, iOS 14.5, iOS 14.4.2, iOS 14.4.1, iOS 14.4, iOS 14.3, iOS 14.2, iOS 14.1, iOS 14.0.1, iOS 14, iOS 13.7, iOS 13.6.1, iOS 13.6, iOS 13.5.1, iOS 13.5, iOS 13.4.1, iOS 13.4, iOS 13.3.1, iOS 13.3, iOS 13.2.3, iOS 13.2.2, iOS 13.2, iOS 13.1.3, iOS 13.1.2, iOS 13.1.1, iOS 13.1, iOS 13, iOS 12.5.5, iOS 12.5.4, iOS 12.5.3, iOS 12.5.2, iOS 12.5.1, iOS 12.5, iOS 12.4.9, iOS 12.4.8, iOS 12.4.7, iOS 12.4.6, iOS 12.4.5, iOS 12.4.4, iOS 12.4.3, iOS 12.4.2, iOS 12.4, iOS 12.3.2, iOS 12.3.1, iOS 12.3, iOS 12.2, iOS 12.1.4, iOS 12.1.3, iOS 12.1.2, iOS 12.1.1, iOS 12.1, iOS 12.0.1, iOS 12

Note – iOS 15 & higher version also should be supported up to A11 devices because its unable to patch

Speciality of Checkm8 exploit

Checkm8 exploit works on iDevices. Not on the iOS version.

It cannot be unpatched or unblocked with iOS software updates.

It will work through PC and USB

A5 to A11 (iPhone 4S to iPhone X) are compatible with Checkm8.

All the latest iOS versions, which run on supported iDevices can be jailbreakable.

It will be a tethered jailbreak.

It is possible to downgrade any iOS version without saving SHSH.

Checkm8 Jailbreak

axi0mX has published the exploit as an open source project to find the jailbreak tool for any tool developer. Also axi0mX says that it will be a permanent tethered jailbreak, which Apple cannot unpatched.

So there are several jailbreak tools created using checkm8 as follows.

  • CheckRa1n Jailbreak

It has released Checkra1n Jailbreak using Checkm8 exploit by the Checkra1n team. It can be used up to the iOS 14.8.1 on A5-A11devices.

Download from Checkra1n Jailbreak page. Otherwise please refer to the iOS 14 – iOS 14.1 Jailbreak, iOS 14.2 Jailbreak, iOS 14.3 – iOS 14.4.2 jailbreak, iOS 14.5 / iOS 14.5.1 Jailbreak, iOS 14.6 Jailbreak, iOS 14.7 / iOS 14.7.1 Jailbreak, iOS 14.8 / iOS 14.8.1 Jailbreak pages to find more details.

However, it is still not compatible with iOS 15 & higher Jailbreak. Refer Checkra1n Jailbreak for iOS 15 & higher versions, iOS 15.6 / iOS 15.6.1 Jailbreak, iOS 15.7 – iOS 15.7.9 Jailbreak or iOS 15.8 – iOS 15.8.3 Jailbreak pages for more details.

Also iOS 16 & higher versions are also not supported.Refer to Checkra1n iOS 16 Jailbreak, iOS 16 – iOS 16.0.3 Jailbreak, iOS 16.1 – iOS 16.1.2 Jailbreak, iOS 16.2 Jailbreak, iOS 16.3 / iOS 16.3.1 Jailbreak, iOS 16.4 / iOS 16.4.1 Jailbreak, iOS 16.5 / iOS 16.5.1 Jailbreak, iOS 16.6/iOS 16.6.1 Jailbreak, iOS 16.7-iOS 16.7.10 Jailbreak.

iOS 17 & higher versions are not supported. Visit iOS 17- iOS 17.0.3 Jailbreak, iOS 17.1-iOS 17.1.2 Jailbreak, iOS 17.2 / iOS 17.2.1 Jailbreak, iOS 17.3/iOS 17.3.1 Jailbreak, iOS 17.4 / iOS 17.4.1 Jailbreak, iOS 17.5/iOS 17.5.1 Jailbreak, iOS 17.6/iOS 17.6.1 Jailbreak or iOS 17.7-iOS 17.7.2 Jailbreak pages to find other jailbreak solutions. 

The latest iOS 18-iOS 18.2 beta are also not compatible with Checkra1n or Checkm8. Refer to the iOS 18 Jailbreak, iOS 18.1 Jailbreak and iOS 18.2 Jailbreak (beta) pages for more information.

  • Fugu Jailbreak

Linus Henze released Fugu untethered jailbreak using Checkm8 exploit.

Fugu jailbreak for iOS 13.3 – iOS 13.3.1 released for the very first time. Currently, iOS 13 – iOS 13.3.1 running on iPad Pro (2017) and iPhone 7 are supported devices. Still in the development stage and developers can try this method to develop more.

LaterFugu14 released for jailbreak iOS 14.3 – 14.5.1 adding support for all arm64e devices (iPhone XS and newer) It is untethered and incomplete Jailbreak. So, it warned that messing around with the untether may BOOTLOOP your device. However, Unc0ver released an update with this Fugu14. Now Fugu iOS 15 – iOS 15.4.1 jailbreak is also released. Read more about fugu Jailbreak.

  • Palera1n Jailbreak – Jailbreak for iOS 15 – iOS 15.8.1

The developers, Nebula (@itsnebulalol) & Mineek (@mineekdev) developed the for iOS 15 – iOS 15.8.1. It is the first semi-tethered checkm8 jailbreak for iOS 15 & higher. It was installed by Sileo after the jailbreak process.

Read more about Palera1n Jailbreak.

  • Project 36 – Developer only jailbreak for iOS & iPadOS 15 and later

Jan Fabel (@J4NF4) and md (@exploit3dguy) develop a new jailbreak as Project36. Project36 is a developer jailbreak for iOS & iPadOS 15 and later, according to a Tweet from Fabel, and it is based on the venerable checkm8 bootrom exploit.

This means that A9-A11 devices will be the only ones supported by Project36. What’s more is the developer jailbreak will support features including, but not limited to: SSH access, Root access, MDM patch, and support for jailbreak tweaks, among other things.

Project36 does not yet have an estimated time of arrival (ETA) or a release date, but its creators did post a demonstration video on YouTube to demonstrate it in action.

New RestoreM8 iOS Downgrade Tool released!

The all in one RestoreM8 app to downgrade A7 – A11 devices with shsh2 blobs using the CheckM8 exploit.With this Futurerestore / RestoreM8 app, developer 80036nd (@80036ndyt) sharing two methods to save SHSH blobs as Save SHSH2 Blobs With TSS Saver Online and Save SHSH2 Blobs by TSS Checker [Offline ECID Blobs Saving].

How to use CheckM8 BootROM exploit
  • Step guide for iOS 13.1.1 and below users

Step 01 – Download axi0mX’s iPwnDFU from GitHub.

Download iPwnDFU

Step 02 – Unzip the downloaded zip file.

Step 03 – Then open a terminal and run the extracted file path as

/cd _extracted file path

Step 04 – connect iDevice with the computer using a USB cable.

Step 05 – Put the device into DFU mode and keep the device connected with the computer.

Step 06 – In the terminal run as ./ipwndfu -p

Step 07 – Now your iDevice in DFU mode until the iPhone reboots. (You can see black screen on your iPhone)

Video guide for iOS 13.1.2 users

Checkm8 exploit highlights

Checkra1n jailbreak based on the Checkm8 exploit

Developer of the Checkm8 tweeted about Checkra1n jailbreak ETA. According to axi0mX it will be released soon.

#checkra1n with #checkm8 #eta #son🔥🔥🔥 pic.twitter.com/2g6QuK9CoC

— axi0mX@infosec.exchange (@axi0mX) October 10, 2019

It seems that Jailbreak was developed by qwertyoruiopz (Luca Todesco ) and axi0mX. He demonstrated booting iPhone SE on iOS 13.1.2 and iPhone X on iOS 12.4 with checkm8-iousb. Further he said it works across most devices/versions across iOS 12 and iOS 13. Most probably, Luca developed this tethered exploit as an untethered Jailbreak.

demo of booting two devices (SE on 13.1.2 and X on 12.4) with checkm8-iousb. all patches are being done dynamically and it works across most devices/versions across 12 and 13 pic.twitter.com/xJEoq3h3WE

— @qwertyoruiop@nso.group (@qwertyoruiopz) October 9, 2019

10.3.3 OTA Downgrade Script for the iPhone 5s using checkm8

Matthew Pierson known as Matty released iOS 10.3.3 OTA downgrade Script for the iPhone 5s using checkm8. Its new method to downgrade with OTA blobs to iOS 10.3.3 without SHSH.

This will be compatible with all A7 devices that are now supported (except iPad4,6)

Verbose boot on iPhone X running iOS 13.1.1 or iOS 13.1.2

axi0mX confirmed Verbose boot works perfectly running iOS 13.1.1 or iOS 13.1.2 on iPhone X also gives the chance to try to download the latest iPwnDFU enter DFU mode. axi0mX says that there is no risk and it’s 100% safe.

UPDATE: You can now verbose boot your own iPhone X on iOS 13.1.1 or 13.1.2! #checkm8My jailbreak will not make any permanent changes to your device, so it is 100% safe to try. Download the latest ipwndfu, enter DFU Mode, and run:./ipwndfu -p –boothttps://t.co/Wl5EFvhmyq

— axi0mX@infosec.exchange (@axi0mX) October 1, 2019
Jailbreak possibility of iPhone X iOS 13.1.1 with Checkm8

It has proven the iOS 13.1.1 jailbreak possibility on iPhone X with Checkm8. The famous hacker and the developer axi0mX published twitter status to inform Checkm8 exploit work perfectly on iPhone X running the latest iOS 13.1.1 version.

He published a video of verbose boot starting with DFU mode. Within two seconds it completed the Checkm8 jailbreak.

HACKED! Verbose booting iPhone X looks pretty cool. Starting in DFU Mode, it took 2 seconds to jailbreak it with checkm8, and then I made it automatically boot from NAND with patches for verbose boot. Latest iOS 13.1.1, and no need to upload any images. Thanks @qwertyoruiopz pic.twitter.com/4fyOx3G7E0

— axi0mX@infosec.exchange (@axi0mX) September 29, 2019
axi0mX has published the name of the exploit as Checkm8 for the first time.

First and ever, an unpatchable bootRom exploit has been introduced by axi0mX via his Twitter account as Checkm8. Also mentioned the supporting iDevice list as iPhone 4S to iPhone 8 and iPhone X Jailbreak.

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG

— axi0mX@infosec.exchange (@axi0mX) September 27, 2019
GeoSnow’s explain about Checkm8

GeoSnow explained the Checkm8 exploit well. According to his article it is a SecureRom exploit. A12 and A13 devices are not supported. All the iOS versions from iOS 7 to the latest iOS versions up to iOS 13.1.2 are jailbreakable with this SecureROM exploit.

GeoSnow has published a step guide, how to use PwnDFU mode on newer iOS devices running iOS 13.1.1 with axi0mX’s iPwnDFU. PwnDFU mode helps to restore a CFW for CFW iCloud bypass, jailbreak and downgrade.

Pwn20wnd Twitter status about Checkm8

Pwn20wnd has appreciated axi0mX’s work publishing a Twitter status. He also confirmed that it is a lifetime jailbreak exploit for every present and future iOS versions on mentioned iDevices.

This means that all of the devices mentioned in that tweet will be publicly jailbreakable for their entire lifetime (That means every iOS version that is present and will come in the future) — Amazing work @axi0mX.https://t.co/iuTIS9OKtq

— @Pwn20wnd (@Pwn20wnd) September 27, 2019
axi0mX introduced the Checkm8 exploit for the first time.

Publishing 12 Twitter threads axi0mX well explained about his exploit. According to him It is just an exploit so far. Therefore you cannot download and install Cydia with it. But researchers and developers can convert it as a jailbreak tool in future.

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG

— axi0mX@infosec.exchange (@axi0mX) September 27, 2019

Từ khóa » Checkra1n M8