Legacy-iOS-Kit

mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2025-12-28 08:29:30 +01:00

Table of Contents

The main recommendation for A5(X) devices is to just use Jailbroken/kDFU mode as much as possible. For the procedures that need pwned DFU mode (like tethered downgrade/boot), continue reading this section.
For A5(X) devices, additional hardware is required to enter pwned DFU mode.

There are 2 methods of using checkm8-a5: Raspberry Pi Pico, or Arduino+USB Host Shield.

Note about A5(X) types

There are multiple revisions of the A5(X) SOC, and knowing which one your devices have is essential for successful pwning.

8940 = iPhone 4S, iPad 2 (except iPad2,4)
8942 = iPad 2 Rev A (iPad2,4), iPad mini 1, iPod touch 5th gen
8945 = iPad 3
Note: For iPad 2 Wi-Fi models, there are 2 types:
- EMC 2415 (iPad2,1, this is 8940)
- EMC 2560 (iPad2,4, this is 8942)
- You can which one is yours at the back of your iPad, or by running Legacy iOS Kit.
- Both are A1395, so the only way to differentiate them is the model (iPad2,x) and EMC.

checkm8-a5 for the Raspberry Pi Pico is the recommended and reliable option.
The source of the UF2 files are from here: https://www.reddit.com/r/LegacyJailbreak/comments/1djuprf/working_checkm8a5_on_the_raspberry_pi_pico/
Raspberry Pi Pico or Pico H clones will work, it does not need to be original, as long as it has a micro-USB port. USB-C Picos are not covered in this guide as I do not have one and I don't know if this will work on those.

Download the UF2 files to be used for flashing here: https://github.com/LukeZGD/Legacy-iOS-Kit-Keys/releases/download/a/checkm8-pico.zip
While holding down the BOOTSEL button, connect the Pi Pico to your PC/Mac.
In the RPI-RP2 drive, place the correct UF2 file (8940, 8942, or 8945) for your A5(X) device.
The onboard LED on the Pico should start blinking in 1 second intervals. This means flashing is successful and the Pico is waiting for a device.

You will need a "Micro USB 2 in 1 OTG Y cable", one that has the following ports:
- USB-A port: The A5(X) device will be connected here with the 30-pin/lightning cable.
- Male Micro-USB plug: This will be connected to the Pi Pico.
- Female Micro-USB port: This will be connected to your PC/Mac or power adapter.

Connect the adapter to the Pi Pico (Male Micro-USB) and power (Female Micro-USB). Then, plug the A5(X) device in DFU mode (USB-A port).
The onboard LED on the Pico should start flashing rapidly. If it starts blinking in half second intervals, that means the pwning is done.
- If you do not see the rapid flashing or the LED is blinking twice, the pwning has failed, re-enter DFU mode and try again.
Unplug your A5(X) device from the Pico and plug into your PC/Mac.
Run Legacy iOS Kit. You should see Pwned: checkm8 in the main menu.
- If you do not see Pwned: checkm8 or the device is not detected at all, the pwning has failed, re-enter DFU mode and try again.

This is the less recommended, but much more well-known option of using checkm8-a5.
Use my fork of checkm8-a5 with an Arduino and USB Host Shield: https://github.com/LukeZGD/checkm8-a5
Note about clone Arduinos: Clones may work just fine as long as they have the ATmega chip. They may be listed as "DIP" in some listings.
- Avoid using CH340 "SMD" clone Arduinos. They are very unreliable for checkm8-a5.
Proceed here for a video tutorial on how to install and use checkm8-a5 Arduino: https://www.youtube.com/watch?v=efAxIXieCLM
- Stop the video tutorial around 7:12 since the steps beyond this part are no longer necessary.
Here is also a tutorial from ios.cfw.guide: https://ios.cfw.guide/using-checkm8-a5

If entering pwnDFU mode and/or sending pwned iBSS failed, the downgrade/restore will not work, and you need to force restart and try pwning again.
Also make sure that you have not sent a pwned iBSS yet if you will be tether booting iOS 4 on iPad 2.