The storage chip (NAND) on the iPad 2 logic board needs to be read. You will use a NAND programmer to read the current data from the chip.
Why can you bypass an iPad 2 permanently when an iPad Air 2 or iPad Pro is impossible? The answer lies in the Logic Board.
The iPad 2 stores the serial number and board configuration data on a specific chip. In later iPad models, this data is encrypted and paired with the CPU, making it impossible to modify. However, on the iPad 2, this data is not paired. This allows technicians to reprogram the logic board to accept a new identity.
The method involves removing the logic board and using a specialized programmer (like a NAND Programmer) to modify the NAND Flash chip or the EEPROM.
This is the most important word. A tethered bypass means that every time the iPad powers off or the battery dies, you must plug it into a computer and run software to boot it again. An untethered bypass persists across reboots. The iPad functions entirely independently.
The Bold Truth: A true untethered iCloud removal (where the device is permanently disassociated from the previous Apple ID) does not exist for iOS 9.3.5. However, an untethered activation bypass does exist. This allows you to use the iPad normally (Wi-Fi, apps, camera, games) as if it were a new device, with the sole exception that you cannot sign into the original owner’s Apple ID.
Bypassing the iCloud Activation Lock on an Go to product viewer dialog for this item.
running iOS 9.3.5 can be achieved through several methods, ranging from hardware-assisted permanent unlocks to software-based "untethered" skips. An untethered bypass is highly desirable because it allows the device to remain unlocked even after a reboot. Key Bypass Methods for iPad 2 (iOS 9.3.5)
Sliver Tool (Untethered): The most common method involves using the Sliver tool on a Mac. This typically requires an Arduino Uno and a USB Host Shield to put the A5 chip into "pwned DFU" mode. Once in this state, users can delete the Setup.app file, resulting in a permanent, untethered bypass where the device reboots normally.
CheckM8-Based Software: Tools like CheckM8 utilize a bootrom exploit to skip the activation step. While these tools are highly effective, they often require the device to be in a jailbroken state first to apply the bypass successfully.
iRemove Tools: Services like iRemove Tools offer software-based solutions for removing activation locks. Some versions of these tools provide an untethered experience, though they may not be "permanent" if the device is factory reset or restored via iTunes.
DNS Bypass (Limited): A "DNS bypass" involves changing your Wi-Fi DNS settings to a specific server (e.g., 104.154.51.7 for North America). This is not a full untethered bypass; it merely allows you to use a web-based interface for apps like YouTube or browsing while remaining stuck on the Activation Lock screen. Important Limitations
Reset Risks: Even with an untethered bypass, "Erase All Content and Settings" in the device menu will typically relock the iPad.
Functionality: Many bypasses allow for app usage and web browsing, but features like iMessage, FaceTime, and iCloud sync may remain disabled depending on the specific tool used.
Apple Support: If you have original proof of purchase, the most reliable and permanent method is to request an activation lock removal directly from Apple Support. Free untethered iCloud Bypass iPad 2 on iOS 9.3.5
Title: The Second Life of the iPad 2: Untethered Freedom and the Entertainment Economy
In the relentless churn of consumer technology, the iPad 2 stands as a historical relic. Released by Apple in 2011, it was the device that defined the tablet market for a decade. Yet, today, millions of these units sit in drawers, not because they are broken, but because they are locked by Apple’s "Find My" security protocol—specifically, the dreaded iCloud lock. However, a niche digital subculture has emerged around the "iPad 2 935 iCloud untethered bypass," transforming a piece of e-waste into a viable lifestyle and entertainment hub. This practice, while legally gray, highlights a growing tension between corporate security and the right to repair, as well as the evergreen demand for affordable digital access.
The "935" Conundrum
For the uninitiated, the "935" refers to a specific error code or motherboard variant associated with the iPad 2,3 (the CDMA model). When an iPad 2 is iCloud locked, it is essentially a brick. Traditional tethered bypasses required the user to connect the device to a computer every time the battery died, rendering the tablet useless for portable entertainment. The "untethered" bypass—specifically for the 935 variant—changed the game. By exploiting legacy bootrom vulnerabilities (akin to the infamous Limera1n exploit), developers created tools that allow the user to reboot the device freely without a PC. For the lifestyle user, "untethered" is the magic word; it means the iPad 2 can finally function as an independent device again.
Lifestyle: The Minimalist Digital Companion
In an era of $1,000 smartphones, the revived iPad 2 represents a minimalist lifestyle choice. Once bypassed, the iPad 2 runs iOS 9.3.5—a slow, outdated operating system by modern standards, but one that excels at specific, distraction-free tasks. Users adopt this device not for productivity, but for intentional living. It becomes a dedicated e-reader for Kindle, a PDF viewer for sheet music in the kitchen, or a digital recipe book. Because modern social media apps (Instagram, TikTok) no longer support iOS 9, the bypassed iPad 2 naturally filters out the noise of the attention economy. For students or budget-conscious individuals, this "junk" device becomes a second screen for note-taking or video calls via legacy apps like Skype or FaceTime (if the iCloud login is fresh). It is a lifestyle of reduction: using what exists rather than consuming what is new.
Entertainment: The Offline Media Center
Where the bypassed iPad 2 truly shines is entertainment. While you cannot download Netflix or Disney+ from the App Store directly, the "untethered" status allows users to sideload older versions of apps via third-party tools or simply use the native browser for YouTube’s mobile site. More importantly, the iPad 2 is a champion of local media. Using VLC for iOS (installed via a legacy backup), the device becomes a portable hard drive for movies, TV shows, and music. With 64GB of storage (on higher-end models), a user can load an entire road trip’s worth of MP4 files or a library of audiobooks. For children, it becomes a gaming device for classics like Angry Birds or Minecraft (version 1.16), free from in-app ads and subscription models. The "935 bypass" turns the iPad 2 into the ultimate offline entertainment zombie: it asks for no internet, no password, and no monthly fee.
The Ethical and Practical Trade-offs
It would be disingenuous to ignore the reality of the bypass. Legally, circumventing iCloud is intended to prevent theft. However, the "lifestyle" user is rarely a thief; they are often a second-hand buyer who purchased a locked iPad from a flea market for $20, or the original owner who forgot their Apple ID password a decade ago. The untethered bypass does not actually "unlock" the iCloud account; it merely blocks the activation server checks. This means no push notifications, no iMessage, and no App Store purchases. It is a sandboxed existence. But for entertainment—watching local video, listening to offline playlists, or browsing the web—it is perfect.
Conclusion
The iPad 2 935 untethered bypass is more than a hack; it is a statement on digital obsolescence. While Apple would prefer these devices be recycled, the user's desire for a cheap, durable entertainment tablet persists. By breaking the digital chains, the bypass gives the iPad 2 a third act. It becomes the device for the camper, the child, the cook, and the commuter. In a world of forced upgrades, the untethered iPad 2 remains the ultimate symbol of sustainable entertainment: slow, steady, and stubbornly free.
Disclaimer: This essay is for informational and educational purposes only. Bypassing iCloud on a device you do not legally own may violate laws and software agreements. Always verify the ownership status of a device before attempting a bypass.
An untethered iCloud bypass on an iPad 2 running iOS 9.3.5/9.3.6 can be achieved by putting the device into DFU mode and using tools like Sliver or 3uTools to delete the
via a checkm8-based ramdisk. Making the bypass permanent requires installing the Phœnix jailbreak and using Filza to ensure
remains removed after reboots, though this often results in a loss of cellular functionality and iCloud services. For more details, visit the AppleTech752 YouTube channel. ipad 2 935 icloud bypass untethered
Title: The Ghost in the Glass
Log Entry: Day 47
The iPad 2 sat on Marco’s workbench like a fossilized relic. Silver backing scratched, home button mushy—but the screen was pristine. It was a 3G model, model A1396, stuck on the "Activation Lock" screen. The email address displayed was a half-obscured ghost: a*****@mac.com. An account that, by all digital forensics, no longer existed on Apple’s servers.
The owner, an elderly woman named Mrs. Gable, had brought it in. "My son set this up for me in 2012," she said. "He passed away five years ago. I don't want his data. I just want to read my books."
Marco had nodded. "I'll try."
He had tried everything. The standard DNS trick? Patched years ago. The SIM swap? The iPad laughed at him. The tethered bypasses? Those worked—but the moment the iPad died or rebooted, it turned back into a silver brick. Mrs. Gable needed untethered. She needed to turn it on and off like a normal person.
But there was the beast: Error 935.
Every time Marco tried to force the baseband (the 3G modem firmware) into submission, iTunes screamed 935. It was Apple’s digital guard dog, a hardware-level handshake failure. The 3G iPad 2 had a unique security chip—the Baseband Bootloader—that refused to talk to any server except Apple’s official activation servers. And those servers no longer recognized the ancient iOS 9.3.5 signatures.
Day 52
Marco found the forum. Deep in the catacombs of a Russian disassembly board, a user named Unlocker_Jin had posted a single cryptic line:
"935 is not a wall. It is a door with a broken handle. Replace the handle."
The post was from 2018. The file links were dead. But the theory was alive: the iPad 2 3G’s baseband had a vulnerability in its SecureROM—a buffer overflow triggered not by software, but by a specific voltage glitch on the NAND data line during boot. If you could time it right, the chip would skip the baseband check entirely.
It was insane. It required a Raspberry Pi Pico, a logic analyzer, and a steady hand to solder three jumper wires to test points smaller than a grain of rice.
Day 55 – 2:00 AM
Marco’s hands were trembling. The Pi Pico was programmed with checkm8-a5, a modified exploit for the iPad 2’s A5 chip. But the 3G model always failed at the final stage. He added a 47-microfarad capacitor between the NAND’s Vcc and ground. The theory: a slight power dip at the exact millisecond the baseband asked for authentication.
He plugged the USB into his Mac. The iPad 2 screen stayed black.
Then—the Apple logo. Dim, then bright.
He held his breath.
The "Hello" screen appeared. Swipe to unlock. No iCloud prompt. No "Activation Lock." The iPad booted straight to the springboard—icons wobbling, Wi-Fi off, cellular searching.
He rebooted it manually. Held the power button. The screen went black. Then the Apple logo again.
And again—springboard. No lock.
Untethered.
Marco exhaled. The ghost in the glass was gone. The iPad 2 was no longer a prison for someone’s lost password—it was just a tablet again. Slow, creaky, but free.
Epilogue
Mrs. Gable picked it up three days later. She opened iBooks, and her library synced (Marco had signed her into a new, clean Apple ID). She smiled. The storage chip (NAND) on the iPad 2
"You gave it a second life," she said.
Marco nodded, but he was thinking about the 935 error. About the capacitor and the voltage glitch. About the fact that the exploit would only work on this specific iPad 2 3G with this specific iOS version.
He was also thinking that he’d never post the method online. Not because he wanted to keep it secret—but because some locks, even digital ones, sometimes deserve to stay shut. And some ghosts, once freed, shouldn't be summoned again.
But for one night, in a small repair shop, the iPad 2 was untethered from its past.
END
The story of the iPad 2 (iOS 9.3.5/9.3.6) untethered iCloud bypass is a saga of hardware ingenuity and community perseverance. For years, the A5 chip in the iPad 2 (models A1395, A1396, and A1397) was considered a "fortress" because standard software exploits couldn't reach the BootROM levels needed to bypass activation. The Hardware Breakthrough: The Arduino Era
The real turning point for iPad 2 owners came with the adaptation of the checkm8-a5 exploit. Unlike newer devices that could be bypassed with simple software, the iPad 2 required a physical bridge:
The Tools: Enthusiasts discovered that by using an Arduino Uno R3 paired with a USB Host Shield, they could send specific USB commands that a standard computer couldn't.
The Process: By "pawning" the device into a special DFU mode using the Arduino, users could finally gain the system-level access needed to delete Setup.app, the file responsible for the iCloud lock screen.
Untethered Freedom: Once Setup.app was removed, the device became "untethered," meaning it could be powered off and back on without needing to re-run the bypass tools. Key Solutions and Methods
Over time, several methods emerged to simplify this technical process:
Sliver by AppleTech752: A legendary tool in the community that allowed users to delete Setup.app once the iPad was in "pwned DFU" mode via the Arduino.
Hardware Resistor Method: For the cellular model (A1396), a more permanent "story" exists where removing a specific resistor on the logic board converts it into a Wi-Fi-only model, which then activates normally through Apple's servers.
Software-Only "Crashes": More recently, some users have found ways to "crash" the activation page or use Windows-based tools like iRemove Tools for a temporary fix, though these are often tethered or less stable than the hardware-led untethered methods. The Trade-offs of the Bypass
While successful, an untethered bypass on iOS 9.3.5 isn't a perfect "unlock."
App Store Access: Users can typically log into the App Store to download previously purchased apps, but logging into iCloud in the main settings often remains disabled.
Functionality: Many users choose to downgrade to iOS 6.1.3 after the bypass for a faster, nostalgic experience, as the iPad 2 often struggles with the weight of iOS 9.
Today, the "935 bypass" remains a popular project for hobbyists using Sliver and Legacy iOS Kit to breathe life back into these decade-old tablets. iPad 2 iOS 9.3.5 untethered success (setup app removed).
Bypassing the iCloud Activation Lock on an iPad 2 running iOS 9.3.5 is technically possible, but achieving a truly untethered (permanent after restart) bypass is complex for this specific hardware.
The iPad 2 uses the A5 chip, which requires specific hardware—usually an Arduino Uno with a USB Host Shield—to exploit the bootrom and enter "Pwned DFU" mode. 🛠️ Core Methods for iPad 2 (9.3.5) 1. The Hardware Method (Arduino)
This is considered the most reliable way to achieve a deep bypass that can lead to an untethered state. Requirements: Arduino Uno and a USB Host Shield.
Process: Use a sketch (like checkm8-a5) to put the device into Pwned DFU mode.
Bypass Tool: Once in Pwned DFU, tools like Sliver can "Delete Setup.app," effectively removing the activation screen.
Result: Often untethered, meaning you can reboot the device without it relocking immediately. 2. The Software Bypass (Tethered)
Standard software tools can bypass the screen, but they are typically tethered. Bypassing the iCloud Activation Lock on an Go
iRemove Tools: Offers a free iPad 2 Activation Lock Bypass, but it is explicitly labeled as tethered. If the device reboots, you must run the tool again.
Sliver (No Arduino): Some newer software-only methods exist but are less stable on the A5 chip compared to the hardware exploit. 🚀 Achieving a Permanent (Untethered) Solution
Since iOS 9.3.5 only has semi-untethered jailbreaks (like Phœnix), a common strategy to make a bypass "permanent" is to downgrade the OS.
Step 1: Bypass & Jailbreak: Use the Arduino method to bypass the setup, then jailbreak using Phœnix.
Step 2: Downgrade: Use tools like iOS-Legacy-Kit to downgrade to iOS 6.1.3 or iOS 8.4.1.
Why?: iOS 8.4.1 and 6.1.3 have fully untethered jailbreaks. Once downgraded, the device stays unlocked and jailbroken even after a power cycle. ⚠️ Important Limitations
iPad 2,3 (8940) iOS 9.3.5 - What am I missing? Help appreciated!
Bypassing the iCloud Activation Lock on an iPad 2 running iOS 9.3.5 is a common but technical process because the device uses the older A5 chip, which is notoriously difficult to exploit without specific hardware.
Here is a review of the primary methods for an untethered bypass: 1. The "Standard" Method (Arduino + USB Host Shield)
For a truly untethered bypass (where the device stays unlocked after a reboot), you generally need a hardware-based exploit.
Why it's needed: The A5 chip in the iPad 2 requires an Arduino Uno and a USB Host Shield to put the device into "pwned DFU" mode.
The Process: You load a specific script (like checkm8-A5) onto the Arduino, connect the iPad in DFU mode, and then use a Mac tool like Sliver by AppleTech752 to delete the Setup.app file.
Outcome: Permanent and untethered. However, if you factory reset or restore the device via iTunes, it will relock. 2. Software-Only "Tethered" Bypasses
If you do not have an Arduino, there are tools for Windows and Mac that can "skip" the activation screen.
Common Tools: Software like iFrpfile All-in-One or iRemove Tools often claim to offer these services.
Limitations: Many of these are tethered, meaning if the iPad dies or restarts, you must connect it to a computer and run the tool again to access the home screen. 3. Hardware "Resistor" Method (Cellular Models Only)
If you have an iPad 2 (GSM/CDMA) (model A1396 or A1397), there is a permanent hardware bypass.
The Method: By physically removing a specific resistor on the logic board, you effectively turn the device into a "WiFi-only" model.
Outcome: Once the resistor is removed and the device is restored via iTunes, it will activate normally through Apple's servers because the WiFi-only serial number doesn't have an activation lock attached. Summary Table: iPad 2 Bypass Options Untethered? Hardware Required Difficulty Arduino + Sliver Arduino Uno + USB Host Shield High (Technical) Software Skip Usually No USB Cable + PC/Mac Resistor Removal Soldering/Precision Tools Expert (Hardware) Important Cautions
Functionality: Even after a successful bypass, features like iCloud Sync, iMessage, and FaceTime often will not work.
App Support: iOS 9.3.5 is very old; most modern apps from the App Store will not download or run on this version.
Official Removal: If you can prove ownership, you can submit an Activation Lock support request to Apple, which is the only way to get a 100% official and clean unlock.
Are you planning to use the Arduino hardware method, or were you looking for a software-only solution?
iPad 2 iOS 9.3.5 Hello screen Activation Lock. How remove it??
If you are holding an iPad 2 stuck on the "Hello" screen with an iCloud Activation Lock, you might think you have a very expensive paperweight on your hands. Usually, iCloud locks are insurmountable security walls. However, the iPad 2 running iOS 9.3.5 is a unique beast in the Apple ecosystem.
Due to a specific hardware configuration and the aging software architecture, this specific model offers a rare opportunity: a hardware-based, untethered iCloud bypass.
In this guide, we will explain exactly what this means, how it works, and the steps you need to take to bring your device back to life.