Since it turned out that the Apple processors used in iPhones, iPads and AppleTV have an exploit vulnerability that the manufacturer is unable to patch in any way, it was known that Apple devices would no longer be as secure as before, and bypassing Find My iPhone activation lock is a matter of time. That's what happened, and thanks to tools such as iKeyTools, the iCloud lock can be removed by anyone with one click on the computer.
I have been testing iKeyTools for some time now. Courtesy of one of the members responsible for this project, I had the opportunity not only to take part in closed tests of the application, but also to unlock several Find My iPhone blocked devices for the test with complete success. Before I present exactly step by step how unlocking devices with iCloud looks like with this tool, a few answers to the most important questions.
Can any iPhone be unlocked, including Lost Mode?
- Basically yes. Any iPhone can be unlocked, but also the iPad, which is susceptible to the exploit used by Jailbreak checkra1n. In principle, every phone from the 6S model to the iPhone X can be unlocked without any problems using iKeyTools, even if it is in STOLEN mode. The Apple processor vulnerability was patched only from the XS model up and in these devices we will not be able to bypass the blockade with this software.
Is iCloud Lock removed permanently?
- Sorry, but no. iKeyTools is a so-called BYPASS bypassing the activation process through the Apple server. However, unlike the bypass that we have already described for you, thanks to iKeyTools, you can activate the device providing its full functionality, including all necessary Apple services, such as iMessage, FaceTime, AppStore, etc. After bypassing iCloud as part of the GSM BYPASS service, all of this will work fine.
Can every device be unlocked under GSM BYPASS?
- Sorry, but no. The device cannot have a so-called MEID number. If on the activation screen we touch the letter "i" in the lower right corner and, apart from the IMEI number, the item MEID with the number is displayed, it will be possible to bypass the lock only in the MEID BYPASS mode. This will allow you to unlock the device and use its features, but such equipment will not get mobile network coverage. For example, if we have an iPad Cellular with a SIM card to unlock, but we find out that there is an MEID, then after unlocking it will be fully functional, but without SIM card support. It will be such a WiFi iPad instead of Cellular. Of course, while it makes sense in iPads, it doesn't in blocked iPhones. Unless we make an iPhone a la iPod Touch.
Can I check before unlocking with iKeyTools if my iPhone will be fully unlocked and not just in MEID mode?
- Yes, just download the iKeyTools software and connect our hardware to it. The program will automatically display the mode that can be used to unlock.
After unlocking, can I use my iPad/iPhone normally?
- Basically yes. All services work - application store, iCloud login, etc. However, the program will disable the software update function, because the automatically triggered update will remove BYPASS and the device will be blocked again. Therefore, updates will be permanently disabled while the program is running. For MEID devices, Airplane mode will be permanently on, but the WiFi/BT functions will of course be active and ready to go.
I hope that the answers to the above questions have cleared up any doubts about the service. Below I present step by step how the procedure of bypassing iCloud in my test device went. Please note that the information provided here is for educational purposes only. A lost device should be returned to the owner, and the Find My iPhone feature is designed to facilitate contact with the owner.
Of course, there are situations when we become finders of a device with an active lock, but without the loss function with information from the owner and despite the passage of time, no one tries to find it. There is not much you can do with such a device. If you have them, then the end, instead of throwing them away, you can use them in some way by bypassing the blockade with iKeyTools.
At the time of this post, iKeyTools version 5.2 is available. However, I prepared the material using versions 3.2, 3.3 and X4 in turn. The principle of operation is the same and is basically limited to Jailbreaking with Checkra1n (on macOS) and using iKeyTools and clicking 1 button (on Windows). The rest will be done by the program itself. What's more, version 5.2 is totally "idiotproof" - it downloads the necessary iTunes libraries itself and installs 3UTools - the things needed to establish communication and perform bypass.
Step 1: Reset your device or install a clean system
As of November 14, iKeyTools works with any iOS version available today, which is 14.2 However, checkra1n may not necessarily be ready for the latest update available for your device. Therefore, instead of installing the software cleanly in the latest version, it is better to erase the device, leaving the version of the software installed in it.
Step 2: Download the latest version of checkra1n from https://checkra.in
It is best to download the latest version of checkra1n that is available. This article is based on checkra1n 10.2. Checkra1n applications can be downloaded from the project website.
After downloading and installing the software, run the program. If the program won't start, you probably have Gatekeeper enabled on your Mac. Here you will find a short description of how to disable Gatekeeper on macOS. When the application starts, it will look like this:
Checkra1n 0.10.2 currently has full support for iOS 13.5 and older. However, for iOS 13.5.1 there is already a test version that works very stable. To use the test version for iOS 13.5.1, just press Options in the Checkra1n program, and then check Allow untested iOS/iPadOs/tvOs version in the displayed window.
I also recommend ticking the Dark Blockchain checkbox. Why I don't know, but damn it knows what blockchain is and maybe it's better not to participate in it 😉 Then we press Back. On the phone, we turn off the Find My iPhone function (Settings > NAME AND SURNAME > Locator > Find my iPhone > Turn off) and connect our phone, in which it is good to have a backup before. The phone will be detected.
Press Start. The program will inform us about the risk with a board. Press OK.
The next board is purely informative. We press Next. The phone will switch to Recovery mode with the computer and cable on the screen.
The next screen is the information that we have to enter the phone manually into DFU service mode. This is basically the only, but the most difficult part for untrained users, as it requires precise execution of the commands displayed in English. Here, depending on the connected phone, the commands will be different (different buttons to press). The commands displayed on the screen below are for Model 7. Press Start and follow the commands in bold as shown by the application.
If you don't succeed the first time, don't stress. Only those who have done it many times succeed ;-). In case of incorrect execution of the commands, an error about entering the DFU mode will appear at the end. Just start again until you succeed. When your phone is detected in DFU mode. a success message will appear and the program will start running.
The phone screen will show information about the executed commands to Jailbreak the device.
The whole thing will last several tens of seconds. Once the Jailbreaking process is complete, you will see a completion message and your phone will reboot.
Step 3: If your phone is locked, erase its settings
Logically, this step should be the second one, and then we should Jailbreak it. However, this applies to a situation where we only delete data by a clean install of iOS using iTunes (or finder in the case of Catalina/Big Sur). However, in order to keep the current version of iOS and only get rid of content, code, etc., you can wipe the phone without knowing the code, but also without changing the iOS version. This is especially useful when we have a supported version, but for example chackra1n hasn't done an update yet to support some future iOS. Anyway, at this stage, you need to wipe your phone to the activation screen. To do this, clean install iOS in DFU or use Fixm8. You must have a Jailbroken device to use Fixm8. Hence, Step 2 is about just that. Description below:
Step 5: With your phone erased, Jailbreak it again.
After you erase your device, whichever method you use, you need to Jailbreak it again. So we do the whole Step 2 from the beginning. After Jailbreaking, we can start with iKeyTools.
Step 6: Launch iKeyTools
The iKeyTools service is paid. Unlocking a single device costs $20 for models with MEID and $30 for GSM Bypass. To check which service is possible for our device, just run iKeyTools. The latest version of the program can be downloaded from the iKeyTools.com project website
After downloading and installing iKeyTools version 5.2, just run the application. At the first start, the program will ask for permission to install 3UTools. It is a real harvester, also used by us on the website, because it offers many functions reserved so far only for Apple service employees. We have written about this program many times, for example in the following article:
In addition, the iTunes libraries needed to connect will be installed. Of course, we have to agree to all installations. After installing the packages, we connect our jailbroken phone. After a while, the application will display information about our blocked phone, as well as the service available for it.
As you can see in the picture above, GSM BYPASS - iOS14.2 FULL is displayed in the SERVICE section. If you also see this, it means that after iCloud is circumvented, the phone will be fully operational, it will also have range and you will be able to use it normally. It is different if the information MEID BYPASS - iOS14.2 [Without Signal] appears in the SERVICE section.
In this case, the iCloud lock will be bypassed, you will be able to use the device, but the GSM network functions will not work. This means that in the case of the iPhone, it will become an iPod Touch, allowing for Face Time, applications, music or the Internet over WiFi, but you will not be able to use mobile calls or LTE Internet. However, in the case of an iPad with a SIM card slot, it will become a WiFi iPad. Fully functional but without mobile internet. If the offer suits us (costs 20 or 30 dollars), we set up a customer account HERE and buy access by paying with PayPal. Access is provided for a specific SN/IMEI number. So if in some time we reset the device and want to break it again, then if the installed iOS allows it, we will be able to unlock the equipment without another payment. After making the payment, just press START BYPASS. The rest will be done by the program itself. The whole thing took me less than 3 minutes in the case of the iPhone 7.
Phone unlocked, tablet unlocked. Everything works as it should. The tablet is in MEID mode, you can download apps, use FaceTime. The developers also envisioned a way if logging into Face Time didn't work. Just click on iKeyTools Fix Notification and everything works. But I didn't need it.
Attention! APPLEMOBILE.PL is not responsible for the use of the above description. The article was created for educational purposes and is recommended only in the event of an emergency need to bypass iCloud lock when other methods are not possible. If you have a device that has been found or lost by the owner, you must return it immediately, as keeping it is a crime.