Some said it was impossible. Others dared to try. I dared to spend $100 and download a sketchy USB Redirector software to have someone else run their custom tool remotely to unlock my device. I had the resolve. I dared to swipe my credit card.
It’s no secret that Samsung devices have shipped with permanently locked bootloaders on most US carriers for many years now. I recently purchased a used S10e SM-G970U ATT and was unfortunately reminded of this. Somehow I had forgotten what a pain it was to unlock these things before my purchase. After some research when I found the OEM unlocking feature in Developer Options was missing in Android. Some more research later I learned that unlocking is in fact possible. Possible if you have the means. A functional exploit for S10, S20, and Fold/Flip devices does in fact exist to unlock the bootloader but it is private and proprietary. I purchased an unlock for $100 flat from https://www.sampwnd.com/ and it worked great. Hopefully this exploit is released to the public in the future but this is out best shot currently.
So I provided my DID adb shell getprop ro.boot.em.did and paid my hundred bones. Then I waited for a Discord message. They can either contact you with Telegram or Discord it’s up to you. After getting a message to download some software called usbredirector-customer-module.exe I connected to their session with my device in Download Mode and within 10 seconds my device rebooted with an unlocked bootloader.
When it was first announced that the iOS and tvOS jailbreaking tool checkra1n would get an official release I had a new idea for a project. An absolute bare-bones minimal Linux environment that could be used to kick start your device back to a jailbroken state. The original goal of the project was to keep the complete ISO file including Linux 5.4 and the latest checkra1n binary under 50MB. I was unable to squeeze in under my goal but the total required disk size for install is 64MB. Still substantially smaller than any other live environment with a modern Linux Kernel. Read more about my project or download from my GitHub page downthecrop/checkra1n-linux
It’s finally here! checkra1n for Linux without the use of any kind of emulation was officially released today. This can be run on any and all Linux distributions and was released for ARM and ARM64. This will be able to run on laptops, desktops and desktop pcs, and Single Board Computers (SBC) like the Raspberry Pi. Simply navigate to the official checkra1n website and download the latest version of the precompiled binary release. You will need to add the execute flag
chmod +x checkra1n
once you have added the execute flag to the binary open a terminal and execute the command
for the full command line or CLI version of checkra1n without ncurses that can also boot a device that is already in DFU you can use the command
I’ve got a simple step by step guide on how you can dual boot Windows 10 and Ubuntu Linux 18.04 to run the checkra1n jailbreak tool! Be warned that setup is a little technical and will likely take around an hour. Lets start!
Hardware Compatibility Requirements
First off you’re going to need to have a 64-bit processor that has virtualization enabled. You can check this in msinfo32.exe on Windows. Check “System Type” and scroll down to the Hyper-V entries. If System Type is “x64-based PC” the Hyper-V settings are “Yes” you have a CPU with the requirements.
Windows 10 Partitioning & Linux Installation Alongside Windows
You also need to partition some free space away from your Windows 10 Installation. Using the Disk Management diskmgmt.msc shrink your C: Volume by 25000MB and leave it as unpartitioned free space. Now boot from USB and run the installation utility in Ubuntu. Select “Install Ubuntu alongside Windows” If this open isn’t there please don’t continue with the guide as your may accidentally format your drive. Choose a username and password in the setup then click install. Wait for the installation to complete and then reboot into UEFI/BIOS to change the boot priority of your drive to default to Ubuntu. While you’re in UEFI/BIOS you must also enable your CPU virtualization technology settings. Save and quit F10 and boot into your Ubuntu install.
I have a work around using a live Linux USB. There is no offical release for Windows and Linux currently so macOS must be virtualized using KVM and IOMMU groupings.
The checkm8 jailbreak implementation called checkra1n was released Sunday November 10th 2019 but only for macOS. This wasn’t done to spite non-apple desktop users. The checkm8 exploit relies of precise control of the desktop USB stack to manipulate DFU mode.
Due to the precision of this communication they needed to craft the checkra1n desktop application to work with the the USB stack. The first USB stack they targeted as macOS, likely due to the developers familiarity with it. You can read more about the exploit in @qwertyoruiop talk at POC2019 which I attended.
So here’s the work around. A disk image you can flash to any 16/32GB USB flash drive to boot into which will provide the macOS Virtual Machine and provide USB passthrough.
This is possible and I can get this working. Just give me another few days. You’ll just need a 16/32GB USB drive and to boot into a live linux distro, run a script, and then you’ll have a macOS Virtual Machine is USB passthrough for use with checkra1n. VirtualBox and VMWare WILL NOT WORK for checkra1n. You need to have lower level access.
About VM’s and how this would work:
Stay tuned. I’ll have an update soon. You can watch my YouTube video linked above.