Jump to content

Welcome to AppCake Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

EPIC JAILBREAK: Introducing checkm8


  • You cannot start a new topic
  • Please log in to reply
2 replies to this topic

#1
r3tribut10n

r3tribut10n

    Like the wind!

  • IC Trusted User
  • 707 posts
    • Time Online: 13d 13h 10m 3s
  • LocationUk
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 4S, iPad 4, iPad Air, iPad Air 2, MacBook Pro, iHave a PC

Some good news for jailbreaking scene

 

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

 

 

 

1/ The last iOS device with a public bootrom exploit until today was iPhone 4, which was released in 2010. This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.

 

2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.

 

3/ Maybe someone can figure out a nice way to use JTAG on iPhone without proprietary hardware and software. I and many others would be forever grateful if someone makes that possible.

 

4/ Exploit released today supports s5l8947x, s5l8950x, s5l8955x, s5l8960x, t8002, t8004, t8010, t8011, t8015. Others will be added soon. It is not perfectly reliable yet; it uses a race condition and I only tested it on my MacBook Pro.

 

5/ During iOS 12 betas in summer 2018, Apple patched a critical use-after-free vulnerability in iBoot USB code. This vulnerability can only be triggered over USB and requires physical access. It cannot be exploited remotely. I am sure many researchers have seen that patch.

 

6/ That's how I discovered it. It is likely at least a couple other researchers were able to exploit this vulnerability after discovering the patch. The patch is easy to find, but the vulnerability is not trivial to exploit on most devices.

 

7/ A bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer.

 

8/ will also be better for security researchers interested in Apple's Bug Bounty. They will not need to keep vulnerabilities on hand so that they have access they need for their research. More vulnerabilities might get reported to Apple right away.

 

9/ Needless to say, jailbreaking is not dead. Not anymore. Not today, not tomorrow, not anytime in the next few years. What a time to be alive. It is a tethered bootrom exploit, but it should be possible to make a cable or a dongle that jailbreaks your device without a computer.


  • user_hidden likes this

#2
hotsjf

hotsjf

    7 years in scene

  • Admin
  • 7,657 posts
    • Time Online: 193d 14h 51m 45s
  • Twitter:@iphonecake_com
  • LocationUSA
  • iDevices Owned:iPod Classic, iPod Touch 4, iPhone 3GS, iPhone 4, iPhone 5S, iPhone 6+, iPad 1, iPad 3, iPad 4, iPad Air 2, Apple Watch, MacBook Air, MacBook Pro, iMac
  • Most used iOS:iOS 6, iOS 7, iOS 8

Thanks for posting.



#3
user_hidden

user_hidden

    Forum Admin

  • Admin
  • 14,595 posts
    • Time Online: 293d 10h 25m 47s
  • iDevices Owned:iPod Classic, iPod Touch 4, iPhone 4, iPhone SE, iPhone 6, iPhone 8, iPad Mini, iPad Mini 2, iPad 1, iPad 2, iPad 5, MacBook Air, iHave a PC
  • Most used iOS:iOS 5, iOS 6, iOS 7, iOS 8, iOS 9, iOS 10, iOS 11, iOS 12
read up on it and pretty interesting for the A5-A11 chipset devices.
lets see what may come of it.