17
checkm8 a5
LukeeGD edited this page 2025-10-17 14:15:08 +08:00
  • The main recommendation for A5(X) devices is to just use Jailbroken/kDFU mode as much as possible. For the procedures that need pwned DFU mode (like tethered downgrade/boot), continue reading this section.
  • For A5(X) devices, additional hardware is required to enter pwned DFU mode.

There are 2 methods of using checkm8-a5: Raspberry Pi Pico, or Arduino+USB Host Shield.

Raspberry Pi Pico

Flashing

  1. Download the UF2 files to be used for flashing here: https://github.com/LukeZGD/Legacy-iOS-Kit-Keys/releases/download/a/checkm8-pico.zip
  2. While holding down the BOOTSEL button, connect the Pi Pico to your PC/Mac.
  3. In the RPI-RP2 drive, place the correct UF2 file for your A5(X) device.
    • 8940 = iPhone 4S, iPad 2 (except iPad2,4)
    • 8942 = iPad 2 Rev A (iPad2,4), iPad mini 1, iPod touch 5th gen
    • 8945 = iPad 3
  4. The onboard LED on the Pico should start blinking in 1 second intervals. This means flashing is successful and the Pico is waiting for a device.

Pwning

  1. You will need a "Micro USB 2 in 1 OTG Y cable", one that has the following ports:
    • USB-A port: The A5(X) device will be connected here with the 30-pin/lightning cable.
    • Male Micro-USB plug: This will be connected to the Pi Pico.
    • Female Micro-USB port: This will be connected to your PC/Mac or power adapter.
Micro USB 2 in 1 OTG Y cable
  1. Connect the adapter to the Pi Pico (Male Micro-USB) and power (Female Micro-USB). Then, plug the A5(X) device in DFU mode (USB-A port).
  2. The onboard LED on the Pico should start flashing rapidly. If it starts blinking in half second intervals, that means the pwning is done.
    • If you do not see the rapid flashing or the LED is blinking twice, the pwning has failed, re-enter DFU mode and try again.
  3. Unplug your A5(X) device from the Pico and plug into your PC/Mac.
  4. Run Legacy iOS Kit. You should see Pwned: checkm8 in the main menu.

Arduino and USB Host Shield

  • This is the less recommended, but much more well-known option of using checkm8-a5.
  • Use my fork of checkm8-a5 with an Arduino and USB Host Shield: https://github.com/LukeZGD/checkm8-a5
  • Note about clone Arduinos: Clones may work just fine as long as they have the ATmega chip. They may be listed as "DIP" in some listings.
    • Avoid using CH340 "SMD" clone Arduinos. They are very unreliable for checkm8-a5.
  • Proceed here for a video tutorial on how to install and use checkm8-a5 Arduino: https://www.youtube.com/watch?v=efAxIXieCLM
    • Stop the video tutorial around 7:12 since the steps beyond this part are no longer necessary.
  • Here is also a tutorial from ios.cfw.guide: https://ios.cfw.guide/using-checkm8-a5

Notes

  • If entering pwnDFU mode and/or sending pwned iBSS failed, the downgrade/restore will not work, and you need to force restart and try pwning again.
  • Also make sure that you have not sent a pwned iBSS yet if you will be tether booting iOS 4 on iPad 2.