Skip to content

Instantly share code, notes, and snippets.

@AlexTech01

AlexTech01/Bypassing activation lock on A7 devices with Legacy iOS Kit.md

Last active March 25, 2025 15:34
Show Gist options
  • Save AlexTech01/c49a7e38571d0e6c970c961041208a87 to your computer and use it in GitHub Desktop.
Save AlexTech01/c49a7e38571d0e6c970c961041208a87 to your computer and use it in GitHub Desktop.
Download ZIP
Bypassing activation lock on A7 devices with Legacy iOS Kit
Raw
Bypassing activation lock on A7 devices with Legacy iOS Kit.md

Bypassing activation lock on A7 devices with Legacy iOS Kit

Devices on iOS 10 can bypass activation if /Applications/Setup.app is deleted before first boot. Since A7 devices can be restored to iOS 10.3.3 through Legacy iOS Kit, we can bypass activation lock very easily on these models.

Guide

  1. Get Legacy iOS Kit for macOS or Linux from https://github.com/LukeZGD/Legacy-iOS-Kit. The complete version is not required for this guide.
  2. Connect your activation locked A7 device (mine was an iPad Air 1) and choose Restore/Downgrade -> iOS 10.3.3, then choose the option to download the IPSW file for iOS 10.3.3. Once the file is downloaded, select "Start Restore" and wait for the restore to complete.

Warning

You must immediately boot the device into DFU mode once the restore has completed using the instructions for your device at https://theapplewiki.com/wiki/DFU_Mode. If the device's first boot occurs at this point, you'll need to restore to 10.3.3 again.

  1. While the device is in DFU mode, go to Useful Utilities -> SSH Ramdisk in Legacy iOS Kit and boot the ramdisk. When the ramdisk has finished booting, Legacy iOS Kit will give you a few options, most notably "Connect to SSH". Choose this option and then enter the following commands in the terminal in order to delete Setup.app and reboot:
/sbin/mount_apfs /dev/disk0s1s1 /mnt1
rm -r /mnt1/Applications/Setup.app
/sbin/reboot

Note

Legacy iOS Kit recommends you to use /sbin/mount_apfs /dev/disk0s1s1 /mnt1; /sbin/mount_apfs /dev/disk0s1s2 /mnt2 to mount partitions on iOS 10.3.x, however I was having issues with the terminal freezing after trying to mount the data partition. Since /Applications/Setup.app is in the system partition, we can simply not mount the data partition to get around this, which I've shown in the code block above.

Once the device reboots, you should be at the Home Screen without any activation lock. This bypass is untethered, which means you do not need to reapply it every time the device restarts. While bypassed using this method, you must not update to iOS 12.5.7, as that will break the bypass. To prevent accidental updates to iOS 12.5.7, you can use the OTA block profile found at https://betaprofiles.dev/install/block-ota/.

@armandinhox
Copy link

no working in linux for me ;/

@AlexTech01
Copy link
Author

no working in linux for me ;/

I tried this on macOS and it worked fine, I don't have a Linux machine to test but I don't see a reason why it wouldn't work. What error are you getting?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment