Hardware-based bootrom exploits like limera1n and checkm8 can't be patched by Apple via software updates and are infrequent occurrences that we’d consider ourselves lucky to witness once every several years. With that in mind, a newly announced bootrom exploit for the iPod Nano 3rd, 4th, and 5th generation dubbed wInd3x may pique some interest.
We’ve witnessed a plethora of teasers from Pwn20wnd and the rest of team unc0ver throughout the past week. That said, it might come off as somewhat of a surprise that the checkra1n team launched an updated public beta version of the checkra1n jailbreak Wednesday afternoon, seemingly out of the blue.
The announcement, shared first by checkra1n team member Luca Todesco, denoted that the latest version of the checkra1n jailbreak tool would be v0.9.8.1 and that it would incorporate substantial changes:
The bootrom exploit-based checkra1n jailbreak initially started out as a macOS-only utility for pwning compatible iOS devices, but it soon picked up official Linux support in a later update.
While the circumstances still aren’t ideal for Windows users, it is both possible and somewhat easy to dual-boot Linux on a Windows PC. But that may not be entirely necessary if you have certain Android devices laying around…
The checkra1n team is out with a brand-new update for the macOS-centric checkra1n jailbreak tool Saturday morning with official support for Apple’s newly-released iOS 13.3 and several bug fixes and improvements.
The checkra1n team shared news of the latest public beta, dubbed v0.9.7 via Twitter just this morning:
With a resource as powerful as @axi0mX’s checkm8 bootrom exploit floating around in the wild, it’s should come as no surprise to anyone that prominent members of the jailbreak community are actively working on tools that take advantage of it. One of the most significant of those is checkra1n, a project that is currently being spearheaded by renowned hacker and Yalu jailbreak lead developer Luca Todesco.
It’s been a little over a week since we last heard anything new about checkra1n, but based on what we saw at the time, it would seem things are falling into place quite nicely. Now, a new Tweet shared Sunday afternoon by the official checkra1n Twitter page reveals what appears to be working package managers installed on an iPhone X, iPhone SE, and a seventh-generation iPod touch.
If you’ve been paying any attention to the jailbreak community recently, then you’ve undoubtedly caught wind about the new checkm8 bootrom exploit.
Given how checkm8 is a bootrom exploit, it can’t be patched with a software update, and it works on all A5-A11 devices up to and including the iPhone X. With that in mind, it should come as no surprise to anyone that avid jailbreak developers are attempting to get their hands dirty with it.
The tides of the jailbreak community forever changed for the better on Friday when hacker and security researcher @axi0mX released checkm8, the first publicly-released bootrom exploit for iOS-powered devices since the iPhone 4 in 2010. Captivatingly, checkm8 works on a significant number of handsets ranging from the antiquated iPhone 4s to the not-so-old iPhone X.
Checkm8 is, in and of itself, an exploit. That said, it’s not a jailbreak, but rather a powerful tool that jailbreak developers could use to devise a USB-based tethered or semi-tethered jailbreak tool for A5-A11 devices. Given how recently checkm8 was released, it should come as no surprise to anyone that public jailbreak tools don’t yet utilize the exploit, but that hasn’t stopped some talented hackers from flexing their l33t dexterities:
It’s an exciting time to be an active member of the jailbreak community. Security researcher axi0mX has released a powerful new bootrom exploit targeting A5-A11 devices, and for veteran jailbreakers who remember the action-packed limera1n days of yore, this might feel like a blast from the past.
Axi0mx announced his new bootrom exploit, dubbed checkm8, via Twitter just this morning, noting that it would work on all iPhones, iPads, and iPod touches from the iPhone 4s to the iPhone X:
In April of last year, iOS hacker axi0mX came forward with the alloc8 untethered bootrom exploit for all models of the tried and true iPhone 3GS. But as of this weekend, he announced an update for the exploit that brings improvements to stability and usability.
As per one of the axi0mX’s most recent Tweets, the updated exploit does away with a bothersome three-second delay that typically transpires when waking the device from sleep:
Bits and pieces of iBoot and Bootrom (SecureROM) source code from an iOS 9 build have been leaked to the public for specific devices via GitHub, and this has the potential to spell out good news for the jailbreak community.
For those who don’t already know, these software components help ensure that the iOS devices we use each and every day boot up securely. Exploiting these components of iOS can yield permanent jailbreaks for supported devices, which underscores the significance of this leak.
Today saw the release of a new bootrom exploit for the iPhone 3GS, an unpatchable vulnerability which gives jailbreakers total control of this device forever.
Although the iPhone 3GS is now very much a legacy device and few users will be actively using them, the rarity of a bootrom exploit makes it worthy of note. There have been no publicly released exploits of this kind since limera1n, which supported only up to the iPhone 4.
For those of you holding out hope that a bootrom exploit has been discovered for newer iOS devices, you're going to have to keep hoping. That's because famed iOS hacker, MuscleNerd, has confirmed that no A5+ bootrom exploit exists. A bootrom exploit is extremely desirable, because it means that the device could be permanently susceptible to a tethered jailbreak, much in the same vein as limera1n for pre A5 devices.