Crimson_Raiders/Legacy-iOS-Kit
1
0
Fork 0
mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2026-06-13 17:16:14 +02:00
Code Issues Projects Releases Packages Wiki Activity
Page: checkm8 a5
Pages
Activation App Management Baseband Update Data Management Hacktivation Home How to Use Install IPA AppSync Jailbreaking with Legacy iOS Kit Jailbreaking Misc Utilities OTA Downgrade Pwning Using Another iOS Device Restore 32 bit Device Restore A7 Device to iOS 10.3.3 Restore Downgrade Restore iPhone 4 and older Running wikiproxy SSH Ramdisk Save SHSH blobs from Cydia servers Saving SHSH blobs Saving onboard SHSH blobs of current iOS version Sideloading on Linux TrollStore Troubleshooting checkm8 a5 futurerestore powdersn0w touch3 ios6 touch4 ios7 usbmuxd usage on macOS
31 checkm8 a5
LukeeGD edited this page 2026-04-17 09:57:26 +08:00
Table of Contents
  • The main recommendation for A5(X) devices is to just use Jailbroken/kDFU mode as much as possible. For the procedures that need pwned DFU mode (like tethered downgrade/boot), continue reading this section.
  • For A5(X) devices, additional hardware is required to enter pwned DFU mode.

There are 2 methods of using checkm8-a5: Raspberry Pi Pico, or Arduino+USB Host Shield.

Note about A5(X) types

There are multiple revisions of the A5(X) SOC, and knowing which one your devices have is essential for successful pwning.

  • 8940 = iPhone 4S, iPad 2 (except iPad2,4)
  • 8942 = iPad 2 Rev A (iPad2,4), iPad mini 1, iPod touch 5th gen
  • 8945 = iPad 3
  • Note: For iPad 2 Wi-Fi models, there are 2 types:
    • EMC 2415 (iPad2,1, this is 8940)
    • EMC 2560 (iPad2,4, this is 8942)
    • You can which one is yours at the back of your iPad, or by running Legacy iOS Kit.
    • Both are A1395, so the only way to differentiate them is the model (iPad2,x) and EMC.

Raspberry Pi Pico

What board should I get

TL;DR: Get a Raspberry Pi Pico or Pico H-compatible board with an RP2040, micro-USB, and no Wi-Fi.

  • Raspberry Pi Pico or Pico H clones will work. They do not need to be original boards, as long as they use the RP2040.
  • Raspberry Pi Pico W (Wi-Fi) boards will work, but the onboard LED will not function as an indicator.
  • Raspberry Pi Pico 2 / Pico 2 W (RP2350) boards will NOT work.
  • Pico boards with USB-C may work, but you will need to power the board through the VSYS pin.
    • If you are unfamiliar with this, it is recommended to use a micro-USB Pico instead.
    • USB-C Pico boards are not covered in this guide.

Flashing

  1. Download the UF2 files to be used for flashing here: https://github.com/LukeZGD/Legacy-iOS-Kit-Keys/releases/download/a/checkm8-pico.zip
  2. While holding down the BOOTSEL button, connect the Pi Pico to your PC/Mac.
  3. In the RPI-RP2 drive, place the correct UF2 file (8940, 8942, or 8945) for your A5(X) device.
  4. The onboard LED on the Pico should start blinking in 1 second intervals. This means flashing is successful and the Pico is waiting for a device.

Pwning

  1. You will need a "Micro USB 2 in 1 OTG Y cable", one that has the following ports:
    • USB-A port: The A5(X) device will be connected here with the 30-pin/lightning cable.
    • Male Micro-USB plug: This will be connected to the Pi Pico.
    • Female Micro-USB port: This will be connected to your PC/Mac or power adapter.
Micro USB 2 in 1 OTG Y cable
  1. Connect the adapter to the Pi Pico (Male Micro-USB) and power (Female Micro-USB). Then, plug the A5(X) device in DFU mode (USB-A port).
  2. The onboard LED on the Pico should start flashing rapidly. When it changes to a quick blink every half second, that means the pwning is done.
    • On Pico W boards, the LED cannot be used as an indicator. Instead, wait about 15 seconds.
    • If you do not see rapid flashing or the LED is blinking twice repeatedly, the pwning has failed, re-enter DFU mode to try again.
  3. Unplug your A5(X) device from the Pico and plug into your PC/Mac.
  4. Run Legacy iOS Kit. You should see Pwned: checkm8 in the main menu.
    • If you do not see Pwned: checkm8 or the device is not detected at all, the pwning has failed, re-enter DFU mode to try again.

Demonstration

https://github.com/user-attachments/assets/2857c614-8a1a-49d9-b493-afb6a82bc7ff

The video above shows the different Pi Pico onboard LED patterns during the process:

  • The iPhone 4S is first connected in Recovery Mode. The Pico blinks twice repeatedly, which means it detects a device, but the device is not in DFU mode.
  • While no usable DFU device is detected, the Pico blinks on and off once per second, which means it is waiting for a device.
  • After the device is placed into DFU mode, the Pico starts flashing rapidly, indicating that the pwning process is in progress.
  • When the LED changes to a quick blink every half second, the pwning process is complete.
  • At that point, the device can be disconnected from the adapter and reconnected to the PC or Mac.

Arduino and USB Host Shield

  • This is the less recommended, but much more well-known option of using checkm8-a5.
  • Use my fork of checkm8-a5 with an Arduino and USB Host Shield: https://github.com/LukeZGD/checkm8-a5
  • Note about clone Arduinos: Clones may work just fine as long as they have the ATmega chip. They may be listed as "DIP" in some listings.
    • Avoid using CH340 "SMD" clone Arduinos. They are very unreliable for checkm8-a5.
  • Proceed here for a video tutorial on how to install and use checkm8-a5 Arduino: https://www.youtube.com/watch?v=efAxIXieCLM
    • Stop the video tutorial around 7:12 since the steps beyond this part are no longer necessary.
  • Here is also a tutorial from ios.cfw.guide: https://ios.cfw.guide/using-checkm8-a5

Notes

  • If entering pwnDFU mode and/or sending pwned iBSS failed, the downgrade/restore will not work, and you need to force restart and try pwning again.
  • Also make sure that you have not sent a pwned iBSS yet if you will be tether booting iOS 4 on iPad 2.

Scroll Back to Top