Checkra1n Jailbreak Gets iOS 14 Support for A9(X) Devices and Below, More to Come
Posted September 22, 2020 at 2:29pm by iClarified
The checkra1n jailbreak has been updated with support for iOS 14 for A9(X) devices and below. This is the first public jailbreak of iOS 14.
The team notes that Apple has added a new mitigation on A10 and higher that requires an additional vulnerability to jailbreak.
In iOS 14, Apple added a new mitigation to SEPOS on A10 and above (except on Apple TVs and iBridge): if the device was booted from DFU mode and the Secure Enclave receives a request to decrypt user data, it will panic the device. Since checkm8 does not give us control over the Secure Enclave, this is not trivial to workaround. However, with the recently published blackbird vulnerability, we are able to get control of the Secure Enclave on A10 and A10X and disable this mitigation. Support for A10 and A10X devices is being worked on and is expected to be ready in the coming weeks.
It's uncertain if the same will work for the A11 chip (iPhone X/8) but once the team knows more, another statement will be released.
For now, these are the devices which can be jailbroken on iOS 14:
● iPhone 6s, 6s Plus, and SE
● iPad 5th generation
● iPad Air 2
● iPad mini 4
● iPad Pro 1st generation
● Apple TV 4 and 4K
● iBridge T2
Devices that should gain support in the coming weeks, include:
● iPhone 7 and 7 Plus
● iPad 6th and 7th generation
● iPod touch 7
● iPad Pro 2nd generation
Uncertain devices include:
● iPhone 8, 8 Plus, and X
Here are the release notes for checkra1n 0.11.0 beta...
-----
Highlighted changes
● Official support for iOS 12.0 - 13.7
● Official support for iOS/tvOS 14.0 (A8(X)-A9(X) running iOS and iPadOS; all tvOS devices are supported)
● Official support for Apple TV 4K breakout boards (Standard and Advanced)
Bug fixes
● Fix an issue with userland kernel patch finder that prevented checkra1n flags from being saved as well as exporting kernel information used by developers to tfp0, affecting devices running iOS 13.6 and up.
● App can now be launched from DMG on macOS
● Demotion is now working on Linux
● Fixes the -20 error for Apple TV 4K by enabling USB on v1.x standard breakouts
Other changes
● Partial bridgeOS support (CLI only, see ‘Known issues’)
● PongoOS was switched to Darwin ABI
● Improved kernel patch finder patchsets
● Improved boot strategy/hooking
● NVRAM unlock patch (for root)
● dyld patch
○ Removes Mach-o platform restrictions (iOS binaries can now run on tvOS/bridgeOS and vice versa)
○ Significantly reduces checkra1n build size
● Removed macOS bug reporter
Known issues
● The exploit may not work as reliably on some devices, such as the Raspberry Pi Zero and Raspberry Pi 3.
● Linux GUI build when using CLI mode doesn’t support auto assertion of DFU mode on advanced Apple TV 4k breakout boards.
● bridgeOS:
○ May need to reconnect the device after exploitation for bootstrap upload
○ As soon as macOS boots it’ll take over the USB connection and disallow communication
-----
You can download the checkra1n 0.11.0 beta from here or at the link below:
● Where to Download the Checkra1n Jailbreak From
You can find instructions on how to jailbreak your device using checkra1n here:
● How to Jailbreak Your iPhone Using checkra1n
Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.
Read More
The team notes that Apple has added a new mitigation on A10 and higher that requires an additional vulnerability to jailbreak.
In iOS 14, Apple added a new mitigation to SEPOS on A10 and above (except on Apple TVs and iBridge): if the device was booted from DFU mode and the Secure Enclave receives a request to decrypt user data, it will panic the device. Since checkm8 does not give us control over the Secure Enclave, this is not trivial to workaround. However, with the recently published blackbird vulnerability, we are able to get control of the Secure Enclave on A10 and A10X and disable this mitigation. Support for A10 and A10X devices is being worked on and is expected to be ready in the coming weeks.
It's uncertain if the same will work for the A11 chip (iPhone X/8) but once the team knows more, another statement will be released.
For now, these are the devices which can be jailbroken on iOS 14:
● iPhone 6s, 6s Plus, and SE
● iPad 5th generation
● iPad Air 2
● iPad mini 4
● iPad Pro 1st generation
● Apple TV 4 and 4K
● iBridge T2
Devices that should gain support in the coming weeks, include:
● iPhone 7 and 7 Plus
● iPad 6th and 7th generation
● iPod touch 7
● iPad Pro 2nd generation
Uncertain devices include:
● iPhone 8, 8 Plus, and X
Here are the release notes for checkra1n 0.11.0 beta...
-----
Highlighted changes
● Official support for iOS 12.0 - 13.7
● Official support for iOS/tvOS 14.0 (A8(X)-A9(X) running iOS and iPadOS; all tvOS devices are supported)
● Official support for Apple TV 4K breakout boards (Standard and Advanced)
Bug fixes
● Fix an issue with userland kernel patch finder that prevented checkra1n flags from being saved as well as exporting kernel information used by developers to tfp0, affecting devices running iOS 13.6 and up.
● App can now be launched from DMG on macOS
● Demotion is now working on Linux
● Fixes the -20 error for Apple TV 4K by enabling USB on v1.x standard breakouts
Other changes
● Partial bridgeOS support (CLI only, see ‘Known issues’)
● PongoOS was switched to Darwin ABI
● Improved kernel patch finder patchsets
● Improved boot strategy/hooking
● NVRAM unlock patch (for root)
● dyld patch
○ Removes Mach-o platform restrictions (iOS binaries can now run on tvOS/bridgeOS and vice versa)
○ Significantly reduces checkra1n build size
● Removed macOS bug reporter
Known issues
● The exploit may not work as reliably on some devices, such as the Raspberry Pi Zero and Raspberry Pi 3.
● Linux GUI build when using CLI mode doesn’t support auto assertion of DFU mode on advanced Apple TV 4k breakout boards.
● bridgeOS:
○ May need to reconnect the device after exploitation for bootstrap upload
○ As soon as macOS boots it’ll take over the USB connection and disallow communication
-----
You can download the checkra1n 0.11.0 beta from here or at the link below:
● Where to Download the Checkra1n Jailbreak From
You can find instructions on how to jailbreak your device using checkra1n here:
● How to Jailbreak Your iPhone Using checkra1n
Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.
Read More