guacaplushy/checkp4le

palera1n but booting with checkra1n using a custom kpf

checkp4le

DEPRECATED in place of palera1n-c, as it uses the same kpf. Please use that over this, as it achieves the same functionality

A fork of palera1n using checkra1n to boot, to re-enable SEP on A10

Tethered does NOT boot at the moment, I am working on that.

Change Log • Discord • Twitter

How does it work?

It boots the device with multiple patches required. On first run, it'll boot a ramdisk sets up the file system, creates a fakefs (if using semi tethered), installs the loader app. When booting, it uses checkra1n 0.1337.0 with a custom kernel patchfinder.

Issues

Need help?

If you need help, please join our Discord. We disabled issues due to the flood of spam, and difficulty to respond in general. We are much more comfortable on Discord.

Please, please, please, provide necessary info:

• iOS version and device (eg. iPhone 7+ 15.1, iPhone 6s 15.3.1)
• Computer's OS and version (eg. Ubuntu 22.04, macOS 13.0)
• The command you ran
• Full log from the logs folder

DO NOT harass tweak devs if tweaks don't work. Refer to here for compatiblity.

You may join here.

Patreons

Thank you so much to our Patreons that make the future development possible! You may sub here, if you'd like to.

Warning

• We are NOT responsible for any data loss. The user of this program accepts responsibility should something happen to their device. While nothing should happen, jailbreaking has risks in itself. If your device is stuck in recovery, please run one of the following:
  • futurerestore --exit-recovery
  • irecovery -n

Prerequisites

• A checkm8 vulnerable iOS device on iOS 15 or 16 (A8-A11)
  • The device must be on iOS 15.0-16.2
• Linux or macOS computer
  • Python 3 must be installed.

A10 and A11 devices

• On A11, you must disable your passcode while in the jailbroken state.
  • On iOS 16 A11, if you EVER enabled a passcode on 16, you have to reset through the settings app/restore with a computer
  • On A11, we don't have a SEP exploit yet, so this cannot be fixed.

How to use?

A tutorial can be found here.

Repos

Tweaks mode

All repos work when using tweaks mode because it uses normal Procursus and not rootless.

Rootless

Repos need to be updated for rootless, here are some that work currently:

• Mineek's repo contains rootless Procursus packages
• The official palera1n repo contains miscellaneous packages

If you want to make a rootless repo, use the official palera1n repo for reference. Every deb should use the iphoneos-arm64 architecture, and nothing should be on the rootfs. Everything should be in /var/jb.

Credits

• Nathan
  • The ramdisk that dumps blobs, copies files, and duplicates rootfs is a slimmed down version of SSHRD_Script
  • For modified restored_external
  • Also helped Mineek getting the kernel up and running and with the patches
  • Helping with adding multiple device support
  • Fixing issues relating to camera.. etc by switching to fsboot
  • iBoot64Patcher fork
• Mineek
  • For the patching and booting commands
  • Adding tweak support
  • For patchfinders for RELEASE kernels
  • Kernel15Patcher
  • Kernel64Patcher
  • Work on jbinit, together with Nick Chan
• Amy for the Pogo app
• checkra1n for the base of the kpf
• nyuszika7h for the script to help get into DFU
• the Procursus Team for the amazing bootstrap
• F121 for helping test
• m1sta for pyimg4
• tihmstar for pzb/original iBoot64Patcher/original liboffsetfinder64/img4tool
• Tom for a couple patches and bugfixes
  • For maintaining Kernel64Patcher
• xerub for img4lib and restored_external in the ramdisk
• Cryptic for iBoot64Patcher fork, and liboffsetfinder64 fork
• libimobiledevice for several tools used in this project (irecovery, ideviceenterrecovery etc), and nikias for keeping it up to date
• Nick Chan general help with patches and iBoot payload stuff
• Dora for iBoot payload and iBootpatcher2
• Sam Bingner for Substitute
• Serena for helping with boot ramdisk.