Hello guys when I try to use checkm8 exploit, terminal says that device is not supported , I tried latest iOS of iPhone 6 , and iOS  13.1.3 on iPhone SE , any ideas?

Hello everyone,

I'm trying to compile the last build of tsschecker released by s0uthwes and tihmstar

https://twitter.com/s0uthwes/status/1183418585932279814

https://github.com/tihmstar/tsschecker

I get the following error when trying to compile it.

the configure part is ok:
 

In this video, we're going to start the process of CFW creation for iOS 13.1.3, #iOS 13.0, iOS 12.4.1 or even iOS 11 (any iOS version that works with CheckM8 compatible devices). And as we start, the first logical step is to be able to extract the decryption keys for iBEC, iBSS, and iBoot which need patching for a CFW to work. These files are packed inside an IM4P container which also contains the decryption key and IV, but these keys are encrypted themselves in a KBAG which can only be decrypted by the device's chip. While we cannot get access to the GID key, we can use CheckM8 exploit by @axi0mX to decrypt these.

This step is crucial in the process of CFW creation on iOS because if you cannot decrypt the files, you cannot patch them. The CheckM8 exploit released by @axi0mX is compatible with iPhone 4S all the way up to iPhone X on all iOS versions compatible with these devices, past present or future. So you can do this procedure on any supported iOS version. Keep in mind that the keys you obtain using #CheckM8 are usable for your iPhone model. For example, if you have an iPhone X and you extract the keys for iOS 13.1.3 iBoot, the keys will work on all iPhone X devices on that version. The GID key changes per CPU not per individual device.

Hi, I'd love to see a video like good old times on how to bypass an iCloud lock on iPhone 7 (4s-X) as CheckM8 is out!

In this post, I am going to show you how to decrypt the iOS Boot Chain components such as iBEC, iBSS, iBoot, the Restore Ramdisk and so on by derivating their keys using the CheckM8 SecureROM (BootROM) exploit. We're going to do this for iOS 13.x but you could use literally any version on the supported devices. The supported devices are the iPhone 4S all the way up to iPhone X and everything in between.

For the sake of this post, I will use an iPod Touch 2019 (iPod Touch 7) which has the A10 Chip (compatible with CheckM8). I am also using the latest version of the CheckM8 exploit which is part of the ipwndfu repo on @axi0mX's GitHub.

Now, as you probably know, if you wanna build an iOS CFW you need to patch iBEC, iBSS, iBoot, the Ramdisk and so on. These are part of an IMG4 / IM4P container on 64-Bit iOS devices, and IMG3 containers on 32-Bit devices like iPhone 5, iPhone 5C and 4S. The container is encrypted. The key used to decrypt it is only available on the device's silicon and it cannot be extracted and used outside. However, using CheckM8, we can get access to the AES engine and ask it to derivate the decryption KEY and IV for us by feeding it the KBAG from the firmware component. Of course, normally, iOS turns this engine off ass soon as iBoot finishes doing its job at boot-time, but using this exploit we can just use it how much we want.

Keep in mind that each iOS device has a different key, so the decryption keys for iBEC for example from my iPod 7 will not work on the same iBEC from the same iOS version your iPhone 5S (for example). Each device model has a different GID key. Brute-forcing the key is useless. There way too many possible keys it would take billions of years to brute-force if even possible. While the GID key remains tightly encapsulated and protected, we can still take advantage of it if the iOS device is pwned at iBoot or SecureROM level.

Important note: The Key and IV used to decrypt the iOS components are actually stored inside each component as part of their IMG4 container inside the KBAG. However, the KEY + IV pair is also encrypted with another unique key called a GID key. This is the key we can never extract. Using the open window checkM8 brings to this key through the AES engine, we can decrypt the KBAG which will render the unencrypted plain-text Key and IV used to decrypt the actual data.

1.0 Gathering your tools:

For this operation, you will need a couple of tools. They are all listed here, available for you to download. 
Please do keep in mind that at the time I am writing this write-up, you can only do this on a macOS machine. Either virtual or physical.

> ipwndfu: https://github.com/axi0mX/ipwndfu
> IMG4TOOL: https://github.com/tihmstar/img4tool
> IMG4: https://mega.nz/#!kh9HwALK!z65nLcHWj_Ivu...q3XHe97_Vg

2.0 Obtaining the right iPSW file for your iOS version and device.

Of course, if you wanna decrypt the iOS for your device, you need the proper IPSW you wanna convert into a CFW. I recommend using ipsw.me to get the iPSW file for your iOS version and your device. Once you have it, rename it from ".ipsw" to ".zip" so that you can extract it. Double-click on the archive to extract it and wait until the extraction is complete.

Inside the iPSW you can see that there is a specific directory structure. Inside the DFU folder, you can find the iBEC and iBSS. Apple combines nowadays the firmware for multiple devices with the same screen size into the same IPSW, so make sure you get the files for your model. Usually, they are named after the device identifier.

For the sake of this write-up, I will extract the iBoot and the iBSS for my iPod and place them on my Desktop.

3.0 Obtaining the KBAG from the IM4P / IMG4 firmware component.

As I said, the decryption keys for each component are stored inside the component itself, but they're encrypted. The encrypted chunk is called a KBAG. We can use IMG4TOOL by @tihmstar to extract the KBAG.

In Terminal run the following commands:
 

Hello guys I am new here, I wonder if it is possible to find out  screen time passcode on latest iOS without erasing device? , while phone is encrypted and?  I used Pinfinder for older versions , but now I cannot find the location of this passcode in backups , can anyone help?

In today's video, we're discussing some awesome news regarding the #CheckRa1n Jailbreak for #iOS 12 and iOS 13 up to iOS 13.1.3 which is currently the latest iOS version available. The jailbreak is based on the #CheckM8 exploit released by @axi0mX so it supports everything from iPhone 5S to iPhone X. The iPhone XS, XS Max, and XR, as well as iPhone 11, are not supported. WE finally have a glimpse of what the features of this jailbreak are, and it looks like the jailbreak development process is already pretty far advanced. A ton of important features that normally took much more time seems to be built right in - we'll discuss them in this video.

As more and more iOS exploit developers in the community start to get access to the CheckRa1n jailbreak which is currently privately developed by the CheckRa1n Team (which is made of the most prominent iOS exploit developers such as Sparkey, Siguza, littlelailo, qwerty, etc.), we start to get a better understanding of what the jailbreak does and how it is made.

This might just be the biggest most versatile jailbreak in 10 years, so when this gets released, it will definitely be a sight to see. This is also a tethered jailbreak, the first time in 10 years when the semi-untethered userland jailbreak paradigm is changed. As I said, it's not your common Unc0ver-like jailbreak, so I am definitely thrilled to see what this jailbreak brings to the table as a ton of very hard low-level work went into it.

I have gotten my CFW prepared and loaded to NAND and as expected ASR kicks back when authentication fails. in older firmware I was able to find the address to remap easily, but the asr from arm64SURamDisk.dmg in 10.3.3 isn't as obvious. Do you know what registers/address I need to patch?

In today's video, we're discussing the news we have on #CheckRa1n Jailbreak, a jailbreak based on #CheckM8 SecureROM exploit by @axi0mX, and we're discussing about the progress that is being made towards adding more devices to the supported list. As you probably know, the exploit doesn't normally come with support for loading patched boot-chain files, so this had to be added manually, one device at a time. In the video, we also discuss important releases for CFW creation on iOS.

Huge progress is being made. Apple TV devices also seem to be supported which will make for an incredible cross-platform jailbreak. Of course, the jailbreak is tethered, however, in this video we have stunning news about a method that was developed to make the tethered jailbreak much more portable on the go, without even having to spend hundreds on a specialized dongle. You can make your own dongle based on a $2-3 Arduino Uno and a USB shield. More about that on the video.

Of course, a very important tool has been released for CFW creation on #iOS with checkm8, and that is IMG4TOOL v2 by @tihmstar. A very important tool that handles IMG4 files, which are basically most of the IPSW file. The IMG4 container needs to be extracted before we can patch iBEC, iBSS, iBoot and so on, so this tool is very important. Tihmstar rewrote it from scratch and added extra features. 

I was jailbroken on 12.4 on my XS Max however i deleteed some files and had to upgrade to ios 13 is it possible to downgrade to 12 again or have i lost the jailbreak for good?