Using a tool (like ipwnder or gaster), a Mac or Linux computer sends the checkm8 exploit payload to the device. This bypasses the signature checks, allowing the execution of custom code.

Note: Specific tool names change frequently. As of late 2023/2024, tools like SSH-RD_Script, iBoy-Ramdisk, or PurpleSliver 2.0 utilize the Dk method.

Requirements:

The Process:

When the device restarts, you will see the "Hello" screen. Swipe up, and you should immediately go to the Home Screen. Cellular, Wi-Fi, and iMessage will often work, though Apple Push Notifications may fail because the device lacks a valid Apple ID authentication token.

The process begins by putting your iOS device into Device Firmware Upgrade (DFU) mode. This is a low-level state where the device accepts unsigned code over USB.

Apple has officially ended support for iOS 10.3.3 (iPhone 5/5c) and 9.3.5 (iPhone 4s). These devices are now considered "obsolete" by Apple’s hardware repair policy.

However, the checkm8 exploit ensures that the Dk Ramdisk method will work forever. There is no software update that Apple can push to these devices to stop the Ramdisk boot, because the flaw exists in the read-only bootrom.

That said, developers are moving on. Many tools that supported the Dk Ramdisk (like Sliver or Checkra1n) have dropped support for iOS 9-10 to focus on iOS 14-15. Users today often have to compile the Ramdisk manually using Legacy iOS Kit.

Pro Tip: If you plan to keep a bypassed device running for years, disable OTA updates via the Ramdisk (rm -rf /mnt1/System/Library/CoreServices/SoftwareUpdate.bundle) to prevent accidental reboots.

This is a tethered bypass. If your device runs out of battery or you turn it off, it will revert to the iCloud lock screen upon reboot. You will need to repeat the Ramdisk process again. However, turning on Airplane Mode or never rebooting keeps the bypass active indefinitely.

Top