Warning PLEASE, DO NOT ASK FOR SUPPORT REGARDING ICLOUD BYPASS IN PALERA1N DISCORD SERVER! THIS IS NOT OFFICIALLY SUPPORTED AND WON'T EVER BE.
This palera1n mod adds a tethered iCloud Hello screen bypass for checkm8 devices, tested on an iPhone 6S.
The script works on macOS and Linux. Windows is NOT supported. VMs are NOT supported unless PCI USB Passthrough is used. LiveCD Linux can be used if you have enough RAM.
Only tested on tethered palera1n jailbreak, semi-tethered may need different mount directories but I don't have a compatible device to test.
This bypass will also jailbreak with palera1n, we do this to disable rootfs seal enforcement. This could be done without palera1n patching the kernel but I am too lazy to do that, and I want a JB anyways.
iOS 16 support should be working now.
SSH may not work in the bypass phase. This is currently being looked into.
This bypass must not be used on a device you don't legally own and have permission to modify, I am not responsible for any misuse of anyting in this repo.
To bypass Hello screen we will first of all, restore to a clean iOS 15 or 16 version.
You should be in the Hello screen for the version you restored, now reboot into DFU mode.
Now in your PC, clone this git repo (recursively) and cd into it
git clone https://github.com/kitty915/palera1n-mod/ && cd ./palera1n-mod/
Make sure you have all palera1n dependencies installed, then we can start with the jailbreak and bypass process.
If you are in linux you may need to run the following commands in a new terminal (and leave it open) before running palera1n:
sudo systemctl stop usbmuxd && sudo usbmuxd -p -f
We will jailbreak with palera1n first to prepare all files:
./palera1n.sh --tweaks <iOS version> --verbose
You will need to replace "<iOS version>" with the iOS version currently installed in your device. For example:
./palera1n.sh --tweaks 15.7.1 --verbose
Let the script run and follow any screen prompt if any. When it finishes you should be booted into iOS again. If for some reason you end up in recovery mode, try running the command again and it should boot you into iOS.
If everything was succesful and you booted into iOS, reboot to DFU again, we are going to start the bypass process.
Type the following command in the terminal:
./palera1n.sh --bypass <iOS version>
Again, changing "<iOS version>" with your iOS version.
Let the process finish and your device should be in recovery mode
Once in recovery mode, we are already done with the bypass, just run the same palera1n command from before to boot.
./palera1n.sh --tweaks <iOS version> --verbose
Warning You will have to run this command every time you want to boot your device!
Remember to change "<iOS version>" with your iOS version too.
Now, proceed with setup as normal, you can skip Wi-Fi setup and won't be asked to activate your device.
You can now jailbreak with palera1n too with the Tips app, enjoy!
In case that the JB breaks and you need to restore it, do the following:
./palera1n.sh --restorerootfs <iOS version>
./palera1n.sh clean
./palera1n.sh --tweaks <iOS version> --verbose
./palera1n.sh --bypass <iOS version>
./palera1n.sh --tweaks <iOS version> --verbose
And you should be booted back in with a clean JB
palera1n Contributors
Original palera1n credits:
- Nathan
- The ramdisk that dumps blobs, installs pogo to tips app, and duplicates rootfs is a slimmed down version of SSHRD_Script
- For modified restored_external
- Also helped Mineek getting the kernel up and running and with the patches
- Helping with adding multiple device support
- Fixing issues relating to camera.. etc by switching to fsboot
- iBoot64Patcher fork
- Mineek
- For the patching and booting commands
- Adding tweak support
- For patchfinders for RELEASE kernels
- Kernel15Patcher
- Kernel64Patcher
- Amy for the Pogo app
- checkra1n for the base of the kpf
- the Procursus Team for the amazing bootstrap
- m1sta for pyimg4
- tihmstar for pzb/original iBoot64Patcher/original liboffsetfinder64/img4tool
- xerub for img4lib and restored_external in the ramdisk
- Cryptic for iBoot64Patcher fork, and liboffsetfinder64 fork
- libimobiledevice for several tools used in this project (irecovery, ideviceenterrecovery etc), and nikias for keeping it up to date
- Sam Bingner for Substitute
- Serena for helping with boot ramdisk.
Mod credits:
- @MatthewPierson: Patched mobileactivationd
- @edwin170: Some code inspired from dualboot-ios-15-with-14-script's repo
- @kitty915: Modified palera1n script to automate bypass and added instructions in the readme
- @afastaudir8: PR with updated palera1n code