Tutorial: How To Run checkra1n on Linux via QEMU macOS Virtualization

YouTube tutorial on how to enable IOMMU passthrough to QEMU virtual machine on Ubuntu 18.04 host.
checkra1n on Linux using IOMMU PCI USB pass through tutorial on YouTube

Edit February 5 2020 : There is now an official checkra1n release for Linux with no QEMU or Virtualization required! Watch my video here!

Introduction

Hey jailbreakers!

I’ve got a simple step by step guide on how you can dual boot Windows 10 and Ubuntu Linux 18.04 to run the checkra1n jailbreak tool! Be warned that setup is a little technical and will likely take around an hour. Lets start!

Hardware Compatibility Requirements

First off you’re going to need to have a 64-bit processor that has virtualization enabled. You can check this in msinfo32.exe on Windows. Check “System Type” and scroll down to the Hyper-V entries. If System Type is “x64-based PC” the Hyper-V settings are “Yes” you have a CPU with the requirements.

Ubuntu 18.04 Install USB

Download the Ubuntu 18.04 ISO and use the rufus disk imaging tool to write it to any USB flash drive/thumb stick that’s 2GB or greater.

Windows 10 Partitioning & Linux Installation Alongside Windows

You also need to partition some free space away from your Windows 10 Installation. Using the Disk Management diskmgmt.msc shrink your C: Volume by 25000MB and leave it as unpartitioned free space. Now boot from USB and run the installation utility in Ubuntu. Select “Install Ubuntu alongside Windows” If this open isn’t there please don’t continue with the guide as your may accidentally format your drive. Choose a username and password in the setup then click install. Wait for the installation to complete and then reboot into UEFI/BIOS to change the boot priority of your drive to default to Ubuntu. While you’re in UEFI/BIOS you must also enable your CPU virtualization technology settings. Save and quit F10 and boot into your Ubuntu install.

Following GitHub Guide

From here you are ready to follow the instructions explained in the GitHub README.md so continue from there. Good luck!

checkra1n on PC/Linux via QEMU macOS Virtualization

Tutorial Guide checkra1n macOS on PC using QEMU and USB Passthrough: https://downthecrop.xyz/blog/tutorial-how-to-run-checkra1n-on-linux-via-qemu-macos-virtualization

EDIT: I have now successfully achieved checkra1n on Ubuntu Linux 18.04 using QEMU and IOMMU Pass through. Installation scripts coming soon!

I have a work around using a live Linux USB. There is no offical release for Windows and Linux currently so macOS must be virtualized using KVM and IOMMU groupings.

Watch my YouTube video explaining my virtualization approach

The checkm8 jailbreak implementation called checkra1n was released Sunday November 10th 2019 but only for macOS. This wasn’t done to spite non-apple desktop users. The checkm8 exploit relies of precise control of the desktop USB stack to manipulate DFU mode.

Due to the precision of this communication they needed to craft the checkra1n desktop application to work with the the USB stack. The first USB stack they targeted as macOS, likely due to the developers familiarity with it. You can read more about the exploit in @qwertyoruiop talk at POC2019 which I attended.

So here’s the work around. A disk image you can flash to any 16/32GB USB flash drive to boot into which will provide the macOS Virtual Machine and provide USB passthrough.

This is possible and I can get this working. Just give me another few days. You’ll just need a 16/32GB USB drive and to boot into a live linux distro, run a script, and then you’ll have a macOS Virtual Machine is USB passthrough for use with checkra1n. VirtualBox and VMWare WILL NOT WORK for checkra1n. You need to have lower level access.

About VM’s and how this would work:

Stay tuned. I’ll have an update soon. You can watch my YouTube video linked above.

Loom Review 2019

It had been some time since I listened to this talk at GDC 2015 by Brian Moriarty.

I had previous exposure to Moriarty from his inclusion in The Witness and his under apprecaited talk about that.

These two thoughtful talks understandably made me curious about Moriarty’s work in games so I decided to play Loom. A game where he acted as project lead.

This isn’t a deep dive review but I would like to share some of my thoughts around the game. You can view my complete play through here: https://www.youtube.com/watch?v=rgJw69q16ew

Loom Island opening visuals. The aesthetic the entire game should have followed.

Let’s start positive. I enjoyed the opening. The voice over is good. The interface is fairly intuitive and much simpler than other SCUMM (LucasArts adventure games system from Maniac Mansion) games. The game begins on the uncreatively named Loom Island. The atmosphere here is the best in the game which makes adventuring a little disappointing afterward. The puzzles are pretty simple. The fun part is understanding what each of the “drafts” you learn do. I think the game would have been improved from an atmospheric sense if the drafts used rune style glyphs instead of musical notes. It feels much more like playing a song, which of course you’re actually doing, than “weaving a draft”. The story really doesn’t make a lot of sense at all at any point in the game. The introduction is cryptic. You know it’s your birthday and for some reason all the other people from the island turn into swans and run away. They don’t explain why. They just say Loom Child something something. Can they see the future? Why didn’t they tell you about your past? Why didn’t they let him near a distaff (the ocarina of the game) ? These things are never explained.

After leaving the island you see a whirlpool in the water that can’t be passed without learning the “f” chord. I left the island the first time without this so I needed to go back. Going back seems strange because there’s an outro cinematic. Why make a big deal about me leaving if I can just row back? Anyway I went back, got the “f” chord by spinning some straw into gold which is a Rumpelstiltskin thing. It was fun remembering that but if you’d never heard the fairytale or forgetten that part then this might not make sense. I then left the island a second time, watched the same outro cinematic, defused the whirlpool and got to the other island.

Bobbin finds a cup made of diamond in the guild of makers. AMAZING.

On this island there is a.. city? town? mound of green glass? It introduces some characters who you don’t care about and foreshadows some war or something. There’s also a chalice made of diamond which Bobbin, oh ya you play as a hobbit name Bobbin “He’s not a hobbit!” you say? why does he sound like a hobbit and have a hobbit name? Probably just LotR stuck in their heads. Did people think hobbits had a slight British cadence before the films? Whatever. Bobbin points out that the diamond chalice in the glass guild is strange. All the art in the green glass guild is horrific for gameplay. You can’t tell where you can walk. I think I was just lucky moving through this part of the game in the intended way. This is definitely where most players would be stuck if they do get stuck.

The game moves along from here to a forest. You meet some shepherds who aren’t weavers like Bobbin but they can do some magic. It must be the same magic weavers from Loom use but for some reason Bobbin who has never practiced before today is way better at the spells than them so Bobbin’s weaver friends are implied to be much more magical I guess.

You then get picked up by a dragon and from here the game really falls apart. You don’t care about what’s going on. You don’t care about any of the people you’ve met. There’s something about this green hatted guy who gets his head knocked off wanting to raise the dead or something. It’s just not interesting at all.

Bobbin meets his mother who is a swan from outer space.

You enter a rip in space which brings you to the Loom dimension. Maleficent from sleeping beauty was in there and she wants to take over the world now. You meet mother goose in outer space and then play Simon says with Maleficent before turning yourself into a Swan and flying off second star to the right, and straight on till morning.

They obviously set up a lot to be explained in sequals which of course never happened because this game was trash. The game had potential to be cool if it carried its asethetic from Loom Island forward. Just artistically it would have had a lot more to show. The story which is very much the focus was the worst part of the game. The only part of this game I’ll remember a year from now is the name Bobbin Threadbare and there’s a magic song to turn green things white and white things green.

It’s a bad game. The talks are still good though. I recommend those.

GDC 15 https://www.youtube.com/watch?v=z1aVDael-KM
Brian Moriarty – I Saw What I Did There + The Secret of Psalm 46 https://www.youtube.com/watch?v=KBJbsEjNb8k