One day, while throwing out the trash, I noticed a notebook-shaped thing in the trash bin. Turns out, it was an iPad Mini 2. It's a relatively old device, thrown away by the owner who probably has a new iPad. But it was in good condition, with just a few dings on the corners not covered by its notebook case. What can I do with this thing? What will I find inside? What surprises does it bring? And who's today's sponso... oh wait. I'm getting carried away here.
Now first off, I've never owned an Apple device in my life. The only Apple device I have is a company-issued Macbook Pro, which I never use outside of work. The closest I got to a personal Apple device was a hand-me-down iPhone 5S I could not use because it was not a GSM model. I had a relative who was into Apple devices, but it wasn't enough to suck me into the ecosystem. I'm more an Android/Windows/Linux person because tinkering is easy on those platforms.
Now I'm going to skip ahead and say that in the end, after a lot of research and tinkering, I was able to get a somewhat usable iPad. This is not going to be a tutorial, just a "what I learned" article. I'll link resources at the bottom should you ever want to do your own research.
A passcode-locked iOS device is better than a reset one
When I powered up the device, I was greeted with a passcode lock. A few guesses later, I found myself staring at a 15-minute timeout. Every wrong guess increases the timeout. Thinking it was a lost cause, I thought to myself: if the previous owner already threw this device away, and that I have no business with whatever is inside this iPad, a factory reset should be good, right? Coming from Android/Windows/Linux, where it's a valid option to factory reset/reinstall the OS to get a usable device, it sounded like a good idea.
It turns out, iOS versions 7 and newer have a security feature called Activation Lock. It's a setup step where an iOS device queries Apple servers to see if the device is tied to an Apple account. The device won't proceed with the setup until the associated Apple account credentials are entered, or if the previous owner unlinks the iOS device from that Apple account. Makes sense from a security perspective, you wouldn't want a thief to be able to use your device. But if this lock isn't removed before sending off a device, perfectly-functional iOS devices are effectively e-waste.
The bigger facepalm moment came after some more research that happened long after I reset the device. I found out that 1) the passcode lock is bypassable, 2) one can retrieve activation records from a passcode-locked iOS device so that it can be used to bypass the Activation Lock should the device be reset later, and 3) I could have retrieved the previous owner's contact info which I could have used to reach out and politely ask for them to unlink the device from their Apple account.
This whole adventure would have been so much easier had I done more research up front rather than hastily deciding to wipe the device clean. But experience is the best teacher, and the best lessons are learned from mistakes. Been there, done that. Moving on.
Apple's Draconian Ecosystem
I'm no stranger to rooting and installing custom firmware on my older and perfectly usable Android devices to squeeze a few more years out of them. I have a Samsung tablet, whose last official Android OS version was 4.4, that's running Android 11 right now thanks to a community of enthusiasts. Samsung also does next to nothing to prevent this. I'm a loyal Samsung customer and regularly recommend their products partly because they make good devices, and partly because I know that I will still be able to use the device long after it's discontinued.
Approaching iOS jailbreaking the same way was my next big mistake. Bypassing and jailbreaking iOS devices is hard. Real hard.
The mentioned Activation Lock makes it next to impossible to wipe and reuse an iOS device if the previous owner forgot to unlink the device from their Apple account. Apple also makes it really hard to run unsigned software on iOS devices. This means jailbreaking, system tweaks, custom firmware, third-party app stores, third-party apps, and similar things are out of the question. Even iOS versions themselves need Apple's blessing before you can install them on your iOS device. That's right, one does not simply roll back iOS to an older version.
The problems carry over to the MacOS side as well. Most of the software required to jailbreak or bypass an iOS device is written for MacOS. Some have Windows/Linux ports, but they're unreliable and have low success rate. Building a Hackintosh sounds great at first, but getting it to work is a pain in the ass. From building a bootable USB installer all the way to finding drivers that work, it requires a lot of reading, and a lot of trial-and-error. And even then, things would still not work smoothly like a real MacOS device. It's not as simple as building a PC and installing Windows/Linux.
iOS isn't worth it in the end
Now I'm going to preface this section by saying that Apple devices and products are perfectly fine. The integration, the performance, the look and feel, the "experience" - they're unmatched. If you want devices that your grandma or your grandchildren could just pick up and use, devices that Just Work™, devices where you don't mind paying that extra premium for some peace of mind, Apple is hands down the right ecosystem for you.
That said, iOS is not for me.
When I got the iPad working, the first task I set out for it to do was be a basic web browsing device. That task it already failed. Because you see, I don't just browse with a vanilla browser. On my Samsung tablet, I have Firefox configured to block third-party cookies, only connect via HTTPS, and even be the default browser. I even have uBlock Origin installed to block all those annoying ads that are extra annoying when you're on a mobile device. There is nothing like this on iOS. Firefox on iOS? Chrome on iOS? Those are really just reskinned Safari.
Even apps on the iPad, I have to use Apple's app store. On my Samsung tablet, I have F-droid where I have a whole catalog of not just free, but also open-source apps. As an open-source contributor myself, that's bonus marks for me. And for apps that are not in F-droid, I can just download the apps from sites like APKMirror. I even went the extra step of making the tablet Google-free by not installing any Google apps - something iOS devices can't do with Apple.
And the list goes on.
Like the always say, it's about the journey, not the destination... or something like that.
While the device itself isn't worth rescuing (i.e. I can still do more with my Samsung tablet than this thing), the research and hands-on experience was definitely worth it. I got to learn more about Apple's ecosystem, the jailbreaking arms race, the various tools, the how the hacks work, the various communities out there, the drama that surrounds them (software developers seem to love drama regardless of field). It also amazes me how people who come up with these hacks are able to do these things while managing a day job.
As for the iPad, I'll be keeping it. It's not always that you get to pick up working electronics, especially an Apple-branded one. But it probably won't be a daily personal machine. I'll probably use it as an test device for work-related things, like testing how webpages render on iOS Safari or do performance tests on a relatively old device. It's always nice to have an iOS device on hand, especially now that Safari is becoming the new IE.
As promised, here's a list of the resources I used to do all of this. The big reason why I am not here with a guide is because iOS is a moving target. It's an arms race between developers finding exploits to make jailbreaking possible and Apple patching up these exploits because they're legitimate security holes. Writing a guide would just make it a hardware- and version-specific that will become outdated real fast. Best you read up and come up with your own combination of tools. In fact, I bypassed the iPad using half the process of one tool and half of another, which is crazy now that I think about it.
- 3uTools - a more powerful alternative to iTunes to manage your iOS device.
- checkra1n - A tool to jailbreak iOS 12 devices using the checkm8 exploit.
- Vieux - Downgrade iOS devices to 10.3.3 if they were capable of running it.
- iOS-OTA-Downgrader - Another iOS 10.3.3 downgrader tool.
- Sliver - An all-in-one tool for bypassing iOS passcode and activation locks.
- The blog includes an explainer and history of recent bypass methods.
- icloud-12.5.1-bypass - a scripted version of the mobileactivationd bypass.
- IPad air1 12.5.5 checkra1n jailbreak + bypass ID - A step-by-step explainer of icloud-12.5.1-bypass script, which still works on 12.5.5.
- ra1nusb - A MacOS-based startup disk containing, among other things, a working checkra1n tool.
- Etcher - Write
.dmgfiles to a USB.
- macOS-Simple-KVM - A simple setup to get MacOS running on QEMU.
- Mojave is the preferred MacOS version for the tools.
- Vieux-linux - A guide to get Vieux running on macOS-Simple-KVM.
- As a bonus, it gives you a MacOS VM setup where jailbreaking and bypass tools work.
- r/jailbreak_ and r/setupapp - Good resources for information about jailbreaking and bypassing.