In this detailed T2 Jailbreak guide we are covering all details about how to jailbreak Apple T2 security chip with the checkra1n jailbreak tool.
t8012 Development Team recently twitted their success of Apple T2 security chip jailbreak state.
How to Jailbreak T2 with Checkra1n
An overview of the T2 jailbreak process is:
- Get a copy of checkra1n and
- Place the Mac into DFU mode using the Apple support guide
- Connect to the technician workstation (yes you need a second computer)
- Run checkra1n
- Connect to SSH
- Step #1: Get Checkra1n Jailbreak
The latest version of the checkra1n Jailbreak tool released with adding supports to Jailbreak T2 and bridgeOS compatible.
- Step #2: Access SSH
After get a copy of checkra1n jailbreak tool you need to install libimobiledevice packdge for access SSH.
libimobiledevice tool is A cross-platform FOSS library written in C to communicate with iOS devices natively.(A cross-platform protocol library to communicate with iOS devices)
If you’re on a Mac OS you can install this from home-brew with
And you can install on Linux by installing the matching package for your distribution.
- Step #3: Place T2 into DFU Mode
For place T2 based Mac in to DFU mode follow this official instruction guide of apple’s Revive the firmware on the Apple T2 Security Chip
*USB-C to USB-C or USB-C to USB-A cable is required
- Step #4: Connect computer (Which in DFU Mode) to checkra1n installed computer using related cable.
- Step #5: Once that’s done, verify it by running below commands.
On Linux :
ioreg -p IOUSB
- Step #6: Run Checkra1n
Currently checkra1n tool can only be run CLI mode. Enter following commands
From Mac : sudo ./checkra1n.app/Contents/MacOS/checkra1n --cli From Linux : sudo ./checkra1n --cli
- Step #7: Connecting SSH
$ iproxy 2202 44 & $ ssh -p 2202 root@localhost