Bootrom

Checkra1n v0.9.8.1 introduces Project Sandcastle, enabling Android to run on iPhones

We’ve witnessed a plethora of teasers from Pwn20wnd and the rest of team unc0ver throughout the past week. That said, it might come off as somewhat of a surprise that the checkra1n team launched an updated public beta version of the checkra1n jailbreak Wednesday afternoon, seemingly out of the blue.

The announcement, shared first by checkra1n team member Luca Todesco, denoted that the latest version of the checkra1n jailbreak tool would be v0.9.8.1 and that it would incorporate substantial changes:

Redditor demos Android device being used to run the checkra1n jailbreak

The bootrom exploit-based checkra1n jailbreak initially started out as a macOS-only utility for pwning compatible iOS devices, but it soon picked up official Linux support in a later update.

While the circumstances still aren’t ideal for Windows users, it is both possible and somewhat easy to dual-boot Linux on a Windows PC. But that may not be entirely necessary if you have certain Android devices laying around…

New teaser shows checkra1n jailbreak running Cydia and Zebra

With a resource as powerful as @axi0mX’s checkm8 bootrom exploit floating around in the wild, it’s should come as no surprise to anyone that prominent members of the jailbreak community are actively working on tools that take advantage of it. One of the most significant of those is checkra1n, a project that is currently being spearheaded by renowned hacker and Yalu jailbreak lead developer Luca Todesco.

It’s been a little over a week since we last heard anything new about checkra1n, but based on what we saw at the time, it would seem things are falling into place quite nicely. Now, a new Tweet shared Sunday afternoon by the official checkra1n Twitter page reveals what appears to be working package managers installed on an iPhone X, iPhone SE, and a seventh-generation iPod touch.

Luca Todesco shows off custom boot logo and frame buffer concept via checkm8 exploit

If you’ve been paying any attention to the jailbreak community recently, then you’ve undoubtedly caught wind about the new checkm8 bootrom exploit.

Given how checkm8 is a bootrom exploit, it can’t be patched with a software update, and it works on all A5-A11 devices up to and including the iPhone X. With that in mind, it should come as no surprise to anyone that avid jailbreak developers are attempting to get their hands dirty with it.

Axi0mX showcases verbose boot on iPhone X with iOS 13.1.1 via checkm8

The tides of the jailbreak community forever changed for the better on Friday when hacker and security researcher @axi0mX released checkm8, the first publicly-released bootrom exploit for iOS-powered devices since the iPhone 4 in 2010. Captivatingly, checkm8 works on a significant number of handsets ranging from the antiquated iPhone 4s to the not-so-old iPhone X.

Checkm8 is, in and of itself, an exploit. That said, it’s not a jailbreak, but rather a powerful tool that jailbreak developers could use to devise a USB-based tethered or semi-tethered jailbreak tool for A5-A11 devices. Given how recently checkm8 was released, it should come as no surprise to anyone that public jailbreak tools don’t yet utilize the exploit, but that hasn’t stopped some talented hackers from flexing their l33t dexterities:

New checkm8 bootrom exploit ensures lifetime jailbreakability for A5-A11 devices

It’s an exciting time to be an active member of the jailbreak community. Security researcher axi0mX has released a powerful new bootrom exploit targeting A5-A11 devices, and for veteran jailbreakers who remember the action-packed limera1n days of yore, this might feel like a blast from the past.

Axi0mx announced his new bootrom exploit, dubbed checkm8, via Twitter just this morning, noting that it would work on all iPhones, iPads, and iPod touches from the iPhone 4s to the iPhone X:

Axi0mX announces an update to his Alloc8 untethered bootrom exploit for iPhone 3GS

In April of last year, iOS hacker axi0mX came forward with the alloc8 untethered bootrom exploit for all models of the tried and true iPhone 3GS. But as of this weekend, he announced an update for the exploit that brings improvements to stability and usability.

As per one of the axi0mX’s most recent Tweets, the updated exploit does away with a bothersome three-second delay that typically transpires when waking the device from sleep:

Parts of iBoot and SecureROM source code from iOS 9 leaked online

Bits and pieces of iBoot and Bootrom (SecureROM) source code from an iOS 9 build have been leaked to the public for specific devices via GitHub, and this has the potential to spell out good news for the jailbreak community.

For those who don’t already know, these software components help ensure that the iOS devices we use each and every day boot up securely. Exploiting these components of iOS can yield permanent jailbreaks for supported devices, which underscores the significance of this leak.

iPhone 3GS untethered bootrom exploit released

Today saw the release of a new bootrom exploit for the iPhone 3GS, an unpatchable vulnerability which gives jailbreakers total control of this device forever.

Although the iPhone 3GS is now very much a legacy device and few users will be actively using them, the rarity of a bootrom exploit makes it worthy of note. There have been no publicly released exploits of this kind since limera1n, which supported only up to the iPhone 4.

MuscleNerd: no A5+ bootrom exploit

For those of you holding out hope that a bootrom exploit has been discovered for newer iOS devices, you're going to have to keep hoping. That's because famed iOS hacker, MuscleNerd, has confirmed that no A5+ bootrom exploit exists. A bootrom exploit is extremely desirable, because it means that the device could be permanently susceptible to a tethered jailbreak, much in the same vein as limera1n for pre A5 devices.

RedSn0w 0.9.15b2 released to add fixes for 3GS and iPad owners

The iPhone Dev Team has released RedSn0w 0.9.15b2, which fixes a few items for owners of older devices.

The most outstanding fix is for 3GS owners with old bootroms — RedSn0w 0.9.15b2 brings back untethered jailbreak support for end users who fall into that category.

Most of the changes don't pertain to owners of newer devices, but it's always a good idea to ensure that you're running the latest and greatest version anyway. Take a look inside for the full release notes.