A bypass is the process of removing or mitigating the effects of activation on iOS devices. Depending on the device model and iOS version, an iCloud Bypass can be accomplished either directly by deleting the Setup.app directory from the root filesystem, or indirectly by either modifying existing activation executables or injecting spoofed Activation Records. All modern-day bypass methods are possible because of the extremely powerful and unpatchable checkm8 bootrom exploit that allows us to modify the root filesystem of iOS devices through SSH. The most well known platforms that make use of this exploit include checkra1n, ipwndfu, and checkm8-a5 (arduino).

The goal of direct methods is to create a situation where the device has no Setup and therefore has no choice but to load the SpringBoard, the next highest process after the Setup Assistant (Setup.app). The goal of indirect methods is slightly different- rather than removing Setup.app by deletion, they trick the device into thinking that it has valid activation records. Therefore, even though Setup.app still exists, the device believes that it was activated normally, so it no longer views Activation Lock as a necessary step in the Setup Assistant. Most indirect methods allow you to complete the setup assistant normally after passing the activation screen, since it is nearly impossible to differentiate spoofed activation records from legitimately generated activation records (more on this later).


What causes Activation Lock?

In simplest terms, Activation Lock occurs when an iOS device does not have valid Activation Records and Find My iPhone (FMI) is turned on. There are multiple ways to cause Activation Lock. The first and most common is by restoring or erasing an iOS device that has Find My iPhone turned on (typically with iTunes or 3uTools). Activation Records are Setup.app repellents, they are what prevent the Setup screen from appearing (so long as they exist), and when you restore an iOS device without retaining user data, everything is erased, including Activation Records. Without Activation Records, iOS will by default load the Setup Assistant (Setup.app).

Activation Records are required to a) pass the setup screen legitimately and b) be able to use the most important parts of your iOS device (cellular data, calls, notifications, FaceTime, iMessage, Siri, iCloud, etc). As it turns out, the ONLY way to get activation records is from Apple (yes thats right, Apple controls your ability to use YOUR device). After a restore, all iOS devices attempt to make themselves useable by connecting to Albert, (the name of Apples activation server- the ultimate dictator of every iPhone, iPad, and iPod Touch on the planet). Albert then gets to decide whether he wants you to be able to use your device or not. His decision is based entirely on a single fact- whether or not Find My iPhone is turned on. Using the Unique Identifiers of your device, he makes his choice. If FMI is on, he says YOU SHALL NOT PASS and throws an HTML page we all know as Activation Lock. If FMI is off, he says We can be friends, have a nice day, and hands your a cryptic golden ticket that a) tells Setup.app to finish up and get lost and b) tells all the essential functions of your device (including the Phone itself) they can start working.

Which brings me to the second most common cause of Activation Lock: remote activation of Lost Mode or Remote Erase. When anyone uses their Apple ID to log into an iOS device, which the Setup Assistant (Setup.app) tells you to do, Apple will make sure that Find My iPhone is enabled on that device by default. This allows the owner of that Apple ID to log into iCloud.com (or the Find My app on another iOS device) anytime they want and remotely make the device that has FMI turned on obsolete by telling it to either enter Lost Mode or erase all its data (the difference between lost mode and remote erase is that lost mode keeps your data while remote erase obviously does not. Lost mode also allows you to set a custom message). However, the main purpose of both methods is simple and straightforward; to get rid of the devices activation records and make the device obsolete, so it must see Albert again. When either method is executed, because there are no Activation Records AND Find My iPhone is turned on, it is the perfect situation for Activation Lock. Albert will say YOU SHALL NOT PASS and throw you an Activation Lock page. Of course, anyone can force Albert to change his mind by entering the correct Apple ID and password, but this situation rarely occurs for many reasons, which I explain in the next section.

The third, most rare, and most strange cause of Activation Lock is nothing. Thats right, Activation Lock can occur completely randomly for no specific reason. If you have owned an iOS device for long enough, you probably had the experience of waking up one morning and finding your device on the Setup Assistant. Or you were browsing in Safari and all of the sudden you saw the apple logo and the Hello screen. You then slid to unlock or pressed home to open and immediately found the Activation Lock screen. If you had entered your Apple ID and Password, the page might freeze for 10 seconds or so and then immediately crash to the Home Screen, with no Data and Privacy, no Touch ID setup, no Welcome to iPhone get started, nothing. However, if you did not remember your Apple ID (lets say you set it up when you bought the device and its been 5 years and you never used it since, I dont blame you) then you are locked out, for absolutely no reason at all. This happened to someone I knew very well- they lived overseas in a small country and it took me nearly 5 months to ship them an iPhone. They were so excited to have the device and set it up with their own Apple ID, but a few days later it randomly crashed and showed Activation Lock. Unfortunately they did not know their password, and they did not have a computer to use for bypassing, so in one split second everything they knew and loved about their iPhone was gone forever. I use an iPhone 6s and this strange phenomena has happened multiple times on my personal device, even in a jailbroken state. However, the strange thing about this type of Activation Lock is that it can actually save your activation records. So if you do manage to delete Setup.app, sometimes you can still continue to use your device like normal, which is the weirdest part. For example, some people have deleted Setup.app on an iPhone 4s using my arduino method and they got calls and data (who knew!). Their device was most likely once affected by this rare occurrence of Activation Lock, and was never Restored, Remote Erased, or put into Lost Mode.