This is a script for a youtube setupapping guide that I made last month, however I speak English too poorly and don’t have much to show with the long narration so I decided to format it to a written guide instead. I have censored the forbidden terms so that’s why in some places the terminology might sound a bit weird.
Hello guys, today I will try my best to make the ultimate setupapping guide. This is a very long and complicated subject, I might miss some information as it will be difficult to crank up everything in a single guide. I will try to make it as informative as possible.
First of all setupapping methods change from time to time but the basics are mostly the same.
- The first topic is why you should blyatpass.
As you know setupapp locked devices are not technically defective. They are simply crippled by software. The setupapp lock is server sided and not stored on the device itself, unlike the FRP of android phones. The most popular argument for defending setupapp lock is that the device cannot be used by anybody except its owner however this practically wont benefit the owner in any means. As it cant be used, it wont be able to be tracked by its imei number if it gets reported as stolen so it actually significally lowers the owners chance of getting the device back. Until last year setupapp devices were used mostly for parts, nearly everything except the motherboard in a locked device can be used.
Setupapp locked devices are often sold for parts on a much lower price than unlocked ones. Now because of the blyatpassing and unlocking methods this ends up being a great deal for getting a functional apple device which is usually much more expensive than a locked one.
Obviously not all locked devices are lost or stolen, just most of them. Some people end up forgetting their accounts and don’t know how to recover them. Keep in mind that apple devices are often used by elderly and other people who arent good with techology because of their simplicity. Find my iphone, ipad or ipod or FMI for short is the activation lock. After you log in with an apple account it is activated by default, so if you don’t disable it and forget your account you can get locked out of your device. You can check the FMI status of a device by looking up the IMEI or the serial number in some websites such as iunlocker and ifreesetupapp co uk.
One more thing that I can say is that the lock is also not good for the environment as it basically creates electronic waste.
So I think I said enough for this topic, lets move on to the second one.
- The second topic is what hardware and software do you need for blyatpassing
This seems like an odd topic however it is quite important to mention it in the beginning. There is no doubt that windows is the most popular operating system, however the most important blyatpassing tools are for mac. That doesn’t mean windows is bad for blyatpassing, it will still do the job with some exceptions. The first issue is that there isn’t checkra1n for windows. To sum it up checkra1n is the jailbreaking tool for ios 12 and newer devices and it is required for every blyatpass. That can be resolved by making a bootra1n or checkn1x bootable usb that contains just checkra1n. I will recommend using a free program called balenaetcher for that. Turn off your pc, boot from the usb, jailbreak your device and then restart back to windows to complete the blyatpass. However in some instances it is good to have more than 1 checkra1n version to try out and this might be an issue, I’m refering to 0.9.7, 0.10.2 and 0.11.0, these 3 versions should be enough. The other major issue is that currently the windows version of sliver, which is one of the most important blyatpasssing tools mildly said lacks features compared to it’s mac counterpart. The current version 5 has just the passcode blyatpass, I will explain later. Of course this might change in future if somebody makes a better version of sliver for windows.
On windows you will need this version of itunes as the latest one doesn't seem to work well for blyatpassing programs: Itunes64setup from 15.09.20
I should also mention that checkra1n is a tethered blyatpass, this means that on every reboot you will need to jailbreak the device again.
Best case scenario is having both mac and windows, like in my case. If you have mac only then you will lack some of the blyatpassing programs which are mac only. If you have linux then you got checkra1n but nearly nothing else. There should be few blyatpassing tools for linux but I’m not familiar with them.
If you consider buying an old mac for blyatpassing I recommend that you get a model that natively supports high sierra, which is the best os for blyatpassing. I had previously installed mojave with mojave patcher on my macbook mid 2010 and it caused ipwndfu not to work, which is required for blyatpassing old devices like iphone 4 to ipad 4. If you are targeting the ios 12+ devices then this wont be an issue.
A hackintosh will probably do the job as well. Also make sure you have a proper cable while blyatpassing. It doesn’t need to be original but just a good quality one.
Enough said here, its time for the next topic.
- Which devices can be blyatpassed and how
The current blyatpass methods rely either on ramdisk payload for older devices or jailbreak for newer ones and both methods use the checkm8 bootrom exploit. The program that we use for jailbreaking compatible devices is called checkra1n.
Checkra1n supports all devices with processors apple a7 to a11 on ios versions 12.0 to 14.2+ . Currently on ios 14 you can jailbreak all devices but there might be incompabilites after a big ios update, for example it took 2 months until a10 and a11 could be jailbroken on ios 14. If you are unsure what processor your desired devices uses you can just google that, check it on a website like gsmarena or similar. There arent ipods on gsmarena so I can just mention them now as the ipods that can be setupapp locked are just 3-ipod touch 5, 6 and 7th generation. 5 uses apple a5 , 6 uses apple a8 and 7 uses apple a10. All of them can be blyatpassed by using various methods, we will discuss that later.
The ramdisk method supports everything from a4 to a7 devices. For this methods we use mostly sliver with some exceptions. For apple a4 also known as iphone 4 you have the sliver mac ramdisk method which is super simple, the ssh manual java method which is quite complicated or the geeksn0w method which also seems quite simple, the last 2 methods are on windows. The a5 devices require arduino uno and sliver so basically if you are on windows or you don’t feel like spending about 30 dollars on arduino you are out of luck for saving the motherboard in the device. I personally don’t like that you need arduino for this blyatpass but well that’s just how it is. There is also the storage full method but realistically it wont work for like 95% of the people and its just frustrating. For ipad 2 at752 has a blyatpass server. Here I can simply recommend you to buy a new motherboard for your a5 device from aliexpress, they are quite cheap, infact they are cheap for a6 too. For a6 we got the simple sliver method and the manual one which is also quite simple. The shipping is slow though. For a7 in my opinion an untethered blyatpass on ios 12 is a better option but the ios 10 ramdisk blyatpass also exists in sliver with more instructions there.
- Next topic is what are the options for a12 and higher?
The answer is simple, nearly none. If the device is open menu with a logged in account, you can jailbreak it with something like uncover if its on ios 13.5 or older then I think you can perform fmi off also known as full unlock with the epic ok.zip, I will explain more about it later or if you feel like spending money in case it is on ios 12 or 14, a paid service. I have no experience and I have never performed such a blyatpass so this is the only time I’m gonna mention it. I have also seen one more method with wifi proxy and a trusted certificate or open menu. Currently unlock isn’t possible for passcode or hello screen, unless you have the receipt of purchase for the device. You can probably get a receipt from some sources and try to unlock It with the help of apple if it’s fmi status clean.
- So lets move on to the next topic, which is about the more exotic unlock methods
I know 2 such methods. Both of them don’t work on iphones. The first one is breaking the baseband method. For this method you need an ipad 2, 3 ,4 or mini 1 with celluar. I have also heard that this works for ipad mini 2 and ipad air too if you downgrade them to ios 10 but I don’t know how to do this. So basically you open up the ipad and break the resistor which is for the baseband. By doing this you effectively turn a celluar tablet into a wifi only one and unlock it, as this works just up to ios 10.
The next method is more interesting, it is the magiccfg method. It works on wifi only ipads and ipods, but I think if you break the baseband on a celluar ipad it would work as well. You basically change the SN, BMAC and WIFI address with ones that are fmi off and it's permanent unlock. To explain, the apple servers rely on these identificatiors to create an activation ticket and changing them is like changing the device. Obviously you must use ones from the same model device. For some devices like ipad 6 you can do it with a regular cable but for older ones you need a special DCSD cable which is like 10-30 dollars and its not available worldwide. Also if you are wondering from where will you get a clean SN, bmac and wifi adress, I think I have seen them for sale on aliexpress for a 2-3 dollars, however don’t quote me on this.
- The next topic is about the state of the device after you get it and which blyatpass method you should use
There are 4 possible states of a device: Restored commonly called ‘’Hello screen’’, on passcode/disabled/lost mode, open menu or MDM, also known as remote management.
First I should say that MEID devices can’t be blyatpassed with sim functionality if they are on hello screen. If they are on passcode you can perform the passcode blyatpass with sim functionality without issues. To check if your device is meid, while you are on hello screen press the info button at the bottom right and see if there is a meid number next to the imei. iPhone 6S and below also can’t be blyatpassed with sim functionality, even if they don’t have meid. This is the reason on most paid blyatpass websites you will see that only iphone 7-X are supported for gsm blyatpass.
Another thing I should mention is that if you are dealing with an older device that supports up to ios 10 you should treat is as a hello screen one. As I already mentioned checkra1n doesn’t support versions older than 12.0 so you can’t pull out the activation files and the FMI token without a jailbreak. The hello screen state does not contain activation ticket
. You cannot perform the passcode blyatpass and FMI off on it because of this obvious reason. For the newer devices you need to create an activation ticket or factory activate them, said with another words or just delete setup.app for the older ones up to ios 10. Deleting setup.app also works up to ios 12.4.4 and 13.2.3 as far as I remember, however this method is sub optimal in my opinion, as you don’t have baseband which is sim card functionality, you don’t have notifications, you don’t have account storage and you cant sync it with itunes since itunes will just pop up with the activation lock screen. Basically the sliver ramdisk blyatpass works this way, except for some a5 devices which can be factory activated with more functions but oh well that still requires an arduino and a mac.
To factory activate one of the newer devices you need to jailbreak them with checkra1n first and then use one of the tools to activate them. By doing so you basically activated the device locally. Obviously, the device is still locked on the servers but it won’t lock itself unless you update or reset it.
Here I’ll introduce one of the activation methods. For example most untethered blyatpasses that don’t have celluar functionality rely on having a pincode locked sim card into the device. In that scenario you just press cancel when the pin code screen comes up and that makes the device untethered. It sounds weird but I think doing this disables the baseband without causing battery drain. If you remove the sim you will be kicked back into the activation lock. However in case that happens, you can put back the sim card, restart the device and press cancel on the sim card pin prompt, that will unlock it again. This kind of blyatpasses are either free with limitations such as notifications, account storage, facetime and imessage not working or paid with everything except the sim card working.
However recently I have noticed that many newer blyatpasses without sim functionality work without the need of a pin locked sim card. In their case if you insert a sim card you will trigger the activation lock.
First of all I should mention that some of the activators require dependencies on both windows and mac. On windows that is mostly itunes for the correct drivers and net framework, on mac it’s a different story. You have itunes preinstalled, usually if an activator needs a dependeny there will be a script in its folder that will install it.
I personally recommend oc34n and st0rm. The price of their service is currently just $7.50 making them the most affordable paid option. Oc34n is the older service and it simply works fine. It is very reliable and works mainly on windows but there is also a more complicated terminal version of the activatior for mac os that will also do the job. St0rm on the other hand is very similar to oc34n except its newer, it also has a simple well working activator for windows, unfortunately there isn’t any version of the activator for mac. Others activators support mac as far as I remember however I haven’t used any other paid service different from oc34n or st0rm so I can’t give much more feedback on this topic. I will only mention that x-activator has bad reputation, some people say it is a mac trojan.
As a disclamer the paid blyatpasses of this type have everything working except sim card functionality, update and factory reset. If you end up locking your device you can unlock it infinitely as you already have paid to register your serial number into the program.
However I understand that not everyone will be willing to pay for this for various reasons. Maybe you don’t have a paypal, maybe you have an older device that it isn’t worth to pay for or maybe you simply won’t use the device that much, so you are ok with having no notifications, account services, facetime and imessage.
For the free untethered methods, they changed from time to time but recently there are many new free options. AT752 recently made a video showcasing f3arra1n which works fine. You can check the youtube channel of FRPFile, free tools are often being showcased there. As a third option you can see the subreddit or ask in the discord for the current free untethered blyatpasses if you don't manage find anything.
As a side note some of these blyatpasses are quite shady. Most or nearly all of them are likely safe but I would still recommend running them in a virtual machine.
For the tethered methods, generally there are many but you can just use sliver if none of the free untethered ones works. Not much to say about it, it will make the device usable as a last resort. You can install safeshutdown or sentinel jailbreak tweak to make the device go into hibernation while on low battery, so it won’t turn off. If it does turn off you will need to blyatpass it again, however as far as I remember your data on the device will remain. Needless to say this method lacks notifications, account services, imessage and facetime.
The blyatpasses with sim functionality are all paid, unless there is a cracked one that will last for a few days. I have seen this happening just once though. St0rm is my recommendation here, it’s 15$. Not much to say about it, it works as well as the 7.5$ blyatpass but with sim functionality. For mac os I already mentioned that there are other blyatpass options.
With this we covered the hello screen state. The next state is the passcode, disabled or lost mode one
This state is very epic because if the is on ios 12.0 or newer there is a chance to perform full FMI OFF unlock, not just blyatpass. Even if FMI OFF fails you can still perform a perfect blyatpass that works as well as a paid one if you manage to jailbreak it. So go ahead and jailbreak the device with checkra1n, try with multiple versions from recovery mode until you succeed. If you keep getting errors try using the tool called minausb, however in my experience simply using checkra1n from recovery mode is enough. After you jailbreak it you can use the ok.zip (Dr. Moe) FMI off package to try to perform the full unlock.
First run maverick.exe->full dump->copy paste token in phpdesktop-chrome.exe from the other folder
Keep in mind that this free (leaked) package works only on ios 13, it doesn’t work on 12 and 14. FMI OFF on ios 12 is also possible but the services that offer it are less, I think st0rm has one if you ask them on discord. FMI off can fail if the apple id owner has changed his password.
In that case you can procceed with sliver passcode blyatpass, pull the activation files, if its an ios 13 device you can erase the device directly from the mac os version of the program and then after the erase is done jailbreak it, place the activation files while following the instructions and you are good to go. The sliver passcode blyatpass is quite reliable, it works most of the time. Make sure to save your activation folder, you will be able to use it multiple times.
If you can’t manage to jailbreak the device at all then it is most likely on version older than 12.0 . In that case unfortunately you lose the possibility to do FMI OFF and also you have to take a gamble-there is a windows program called 3utools, when you connect a device to it in recovery/dfu mode you will get an option for flashing a firmware, then if you look down on the flash tab you have 2-3 flash options, one of them is ‘’retain user data’’. Select this option and hope that the update will succeed, however if the device has too little storage it will return an error and then you will have to perform a clean restore, losing the activation files. I’m not sure which is the alternative of this program for mac os, so try to use windows if possible. The next state is open menu.
I don’t have much to say about open menu as it is quite straight forward. You don’t have to deal with the usb restriction and you can directly see what ios version is the device running. Here if you are on version older than ios 12 you can delete all photos, apps and data from the device to free up storage before updating it with 3utools. On ios 12 and newer you can directly perform fmi off or the passcode blyatpass which still works on open menu, as it basically takes the activation files from the device regardless if it has passcode or no. Now for the last state- MDM remote management
MDM can be blyatpassed with sliver-mac and similar tools. The process is easy-you just jailbreak the device, press 2 buttons then it is done. Untethered and with everything working, just don’t reset or update the device or it will come back. The sliver mdm blyatpass has been tested from ios 12 to ios 14.
A windows alternative for the MDM blyatpass is the skip setup option of 3utools but it doesn’t seem to always work and it is worse than the sliver method.
Now we have covered pretty much every state of the devices let’s move on to the final topic.
- It is troubleshooting.
I can’t deny that it is frustrating when something doesn’t work as intended. Please be patient and think out the options you have before making rash decisions such as restoring or using a possibly incompatible blyatpass. Stacking blyatpasses on each other will most likely cause a bootloop. What I’m trying to say if you are unsure if a blyatpass still works it is better not to use it, as you will most likely have to boot into dfu or recovery mode and restore the device afterwards which can be problematic in some situations.
For example, let’s say currently you have an iphone x on ios 13 and you want to try blyatpassing it with one of the free untethered methods but you are not sure if that blyatpass still works, you also notice some errors in the program. In that case search for a different blyatpass or just wait until a good one is released.
Currently you can only restore iphone x to ios 14 which is not jailbreakable yet so you have just 1 chance.
Actually you can jailbreak it to ios 14 as I mentioned earlier, forgot to edit this. But still, be cautious.
Some blyatpasses might also not work from the first try, keep this in mind. Ususally if a blyatpass doesn’t work after 3-4 tries then there is something wrong with it, there are exceptions though, mostly with the ipwndfu blyatpasses for old devices. Some of them might take more than 5 tries.
Also I understand that this is frustrating on windows as if the blyatpass fails you need to boot into the checkra1n usb then jailbreak again then boot into windows and try again. Hopefully you have a good ssd for that scenario.
Another thing I should mention is that some windows blyatpasses need to be on the system drive to work properly. So make sure they are on your :C drive or wherever you have installed windows. They just need to be in the same partition, not in the windows directory. It might sound obvious but I’m saying just in case some people misunderstand my words.`
Blyatpassing in general also requires some common sense. Obviously I can’t include detailed instructions for working with every popular tool as this will make the guide even longer than it already is. Most of the tools take just a few clicks and have easy to understand user interfaces. Sliver-mac is a great example for that, it has a ton of functionality in a very simple and user friendly program. Oc34n and St0rm one click tools for windows are also very simple.
Please make your research before asking to be spoon fed in the subreddit or discord. If you made it thit far in the guide, you are most likely educated enough to deal with nearly everything. With this I should end this guide, I covered every topic that I could think of.
First of all I should thank Paul from discord for helping me out with editing the script of this guide, he is awesome.
Keep in mind that I’m not a developer, I’m simply a user with a good amount of knowedge and experience, that is why I made this guide. I must thank appletech752 for basically being the founder of the blyatpassing community, I am very grateful for his work. I should also thank the members of the setup.app subreddit and discord, the developers of the blyatpassing tools, the checkra1n team and everyone else I forgot to mention. They are doing a great job. I hope this guide helped you out.
As you can see I haven’t included links as I’m not particularly sure if that’s completely allowed, you can get pretty much all of the tools mentioned from the pinned post, from googling or from the discord server.