T2 – Checkra1n Jailbreak

In this detailed T2 Jailbreak guide we are covering all details about how to jailbreak Apple T2 security chip with the checkra1n jailbreak tool.

t8012 Development Team recently twitted their success of Apple T2 security chip jailbreak state.

How to Jailbreak T2 with Checkra1n

An overview of the T2 jailbreak process is:

  • Get a copy of checkra1n and libimobiledevice
  • Place the Mac into DFU mode using the Apple support guide
  • Connect to the technician workstation (yes you need a second computer)
  • Run checkra1n
  • Connect to SSH
  • Step #1: Get Checkra1n Jailbreak

The latest version of the checkra1n Jailbreak tool released with adding supports to Jailbreak T2 and bridgeOS compatible.

  • Step #2: Access SSH 

After get a copy of checkra1n jailbreak tool you need to install libimobiledevice packdge for access SSH.

libimobiledevice tool is A cross-platform FOSS library written in C to communicate with iOS devices natively.(A cross-platform protocol library to communicate with iOS devices)

If you’re on a Mac OS you can install this from home-brew with

 brew install libimobiledevice

And you can install on Linux by installing the matching package for your distribution.

  • Step #3: Place T2 into DFU Mode

For place T2 based Mac in to DFU mode follow this official instruction guide of apple’s Revive the firmware on the Apple T2 Security Chip

*USB-C to USB-C or USB-C to USB-A cable is required

  • Step #4: Connect computer (Which in DFU Mode) to checkra1n installed computer using related cable.
  • Step #5: Once that’s done, verify it by running below commands.

On Linux :

lsusb

On Mac:

ioreg -p IOUSB
  • Step #6: Run Checkra1n

Currently checkra1n tool can only be run CLI mode. Enter following commands

From Mac    : sudo ./checkra1n.app/Contents/MacOS/checkra1n --cli
From Linux  : sudo ./checkra1n --cli
  • Step #7: Connecting SSH
$ iproxy 2202 44 &
$ ssh -p 2202 root@localhost

Leave a Reply

Your email address will not be published. Required fields are marked *