Exploit

Checkra1n team teases pwned Mac Pro, ‘the most expensive device ever jailbroken’

Anthony Bouchard ∙ May 7, 2020

Most associate the term jailbreaking with devices like the iPhone, iPad, and in some cases, even the Apple TV. But when gifted hackers began experimenting with the powerful checkm8 hardware-based bootrom exploit earlier this year, things got more interesting. In March, for example, checkra1n team member Luca Todesco demonstrated nifty hacks on the OLED Touch Bar of a T2 chip-equipped MacBook Pro.

But the MacBook Pro isn’t the only Apple computer that sports a T2 chip. As a matter of fact, many do, and with that in mind, it may not come as much of a surprise that the checkra1n team has taken things a step further by jailbreaking yet another T2-equipped Mac – the elaborate and expensive Mac Pro:

Alleged kernel-level jailbreak bypass may let jailbreakers evade detection in apps [U]

Anthony Bouchard ∙ April 29, 2020

Anyone using a jailbroken iPhone or iPad as their daily driver has likely experienced the aching inconvenience of something called jailbreak detection. This is essentially where an app developer implements some kind of trap in their app that detects if your handset is jailbroken and then responds one of two ways: 1) by denying the user access to the app on the jailbroken handset; or 2) banning the user for the use of potential third-party hacks.

Jailbreak detection has been a pain (to say the least) for users who enjoy the freedoms made possible by liberating their handset from Apple’s control, and the feeling is made worse when you find out that an account for one of your favorite games was banned for accessing said game on a jailbroken device. These issues have raised community-driven demands for jailbreak bypasses, especially one at the kernel level that would be far more robust than the traditional variety.

Ryan Petrich’s MailMend jailbreak tweak fixes a vulnerability in iOS’ Mail app

Anthony Bouchard ∙ April 24, 2020

Earlier today, we showed you a new jailbreak tweak called CaptureTheFlag that could be installed to patch a rather tedious text message-centric bug in which someone could send you a string of text from the Sindhi language to ‘freeze’ or ‘crash’ your iPhone. A great add-on to have if you’re jailbroken, but perhaps not the only one…

Yet another new jailbreak tweak release dubbed MailMend by iOS developer Ryan Petrich claims to patch a vulnerability that was only just recently discovered and disclosed in iOS’ native emailing app (Mail) by cybersecurity company ZecOps.

Security researcher achieves tfp0 exploit on A13 device running iOS 13.4.1

Anthony Bouchard ∙ April 19, 2020

Jailbreakers with access to an A7-A11 device pretty much have it made thanks to the hardware exploit-based checkra1n jailbreak that can’t be patched by Apple in a software update. Those handling newer devices, such as the A12 and A13 varieties, instead depend on infrequently released tfp0 exploits. These seem to surface sporadically with no rhyme or reason, and they can unfortunately be patched by Apple’s software updates.

On a more positive note, it does appear that a skilled security researcher going by the Twitter handle @ProteasWang has achieved tfp0 on an A13-equipped handset running iOS 13.4.1. This is currently the latest version of iOS available from Apple, and with that in mind, the news has particularly exciting implications for jailbreaks such as unc0ver and the to-be-released Chimera13 tool.

Checkra1n v0.10.1 released with support for iOS 13.4 & 13.4.1, bug fixes

Anthony Bouchard ∙ Updated May 27, 2020

Apple released iOS 13.4.1 to the general public yesterday, and as you might come to expect, this has a few implications for the jailbreak community. Obviously, the unc0ver jailbreak doesn’t support the new firmware, as it can only jailbreak iOS 13.0-13.3. Checkra1n users, on the other hand, should be in the clear following a new update to the jailbreak tool on Wednesday.

Checkra1n co-developer Jamie Bishop took to Twitter this evening to share that checkra1n v0.10.1 had been released. This new update incorporates support for iOS/iPadOS 13.4 & 13.4.1, enabling handsets susceptible to the checkm8 bootrom exploit (A7-A11) to be jailbroken even on Apple’s latest and greatest software updates:

New kernel bug POC raises hopes for an iOS 13.3.1 jailbreak

Anthony Bouchard ∙ March 26, 2020

Jailbreak tools like unc0ver rely on frequently-released exploits to extend firmware support as Apple launches new versions of iOS. In the past couple of months, unc0ver has picked up support for iOS 13.0-13.3, leaving iOS 13.3.1 users in the dust. Now that iOS 13.4 is publicly available, the golden jailbreaker’s rule that is to ‘stay on the lowest possible firmware’ comes into focus again.

At the time of this writing, the lowest possible firmware that Apple continues to sign is iOS 13.3.1, but unc0ver doesn’t yet support this version of iOS. Fortunately, a promising new kernel bug proof of concept supporting iOS 13.3.1 has been shared by Twitter user @_simo36, and while it remains to be confirmed whether this bug can achieve tfp0 (read/write into the kernel memory), it can purportedly be accessed from sandbox.

Checkra1n experimental pre-release adds preliminary support for iOS 13.4, Mac T2 chip

Anthony Bouchard ∙ March 18, 2020

The checkra1n team launched an experimental pre-release build of the checkra1n jailbreak tool Wednesday afternoon with preliminary support for Apple’s upcoming iOS and iPadOS 13.4 release, which Apple intends to release to the public next week. Developers got their hands on the iOS and iPadOS 13.4 Golden Master earlier this afternoon just after Apple finished announcing its 2020 iPad Pro and brand-new Magic Keyboard.

The experimental checkra1n build, dubbed v0.9.9 experimental isn’t available from the official checkra1n website, but rather from a link that was included in one of checkra1n team member Luca Todesco’s Tweets.

Ra1nbox is a NanoPi Neo2-powered box that can deploy checkra1n without a computer

Anthony Bouchard ∙ March 15, 2020

The checkra1n jailbreak is driven by a powerful bootrom exploit that can’t be patched with a software update from Apple, and with that in mind, it’s easy to see why some people may opt to use checkra1n over some of the other jailbreaks available, such as unc0ver for example.

While it’s a great jailbreak, Windows users have relentlessly expressed dissatisfaction about having to borrow friends’ Macs or run Linux on their machines. With no certain ETA for a Windows-based checkra1n release, third parties are now cooking up interesting solutions. One is Ra1nbox, a small and portable box powered by a NanoPi Neo2 that can be used to deploy the checkra1n jailbreak from anywhere without the need for a computer.

Luca Todesco teases checkra1n hacks on a T2-equipped MacBook Pro’s Touch Bar

Anthony Bouchard ∙ March 10, 2020

The checkra1n team is best known for its checkm8 bootrom exploit-based jailbreak tool for A9-A11 devices. But those closely following outspoken members of the team on Twitter, namely Luca Todesco (@qwertyoruiopz), likely took note of some particularly interesting teasers Tweeted Tuesday morning and afternoon.

A series of images shared by Todesco himself appear to depict checkra1n-centric hacks being deployed and displayed on a MacBook Pro’s OLED Touch Bar:

Chimera13 jailbreak release cancelled despite recent hype

Anthony Bouchard ∙ March 10, 2020

It was only last month that Pwn20wnd released an updated version of the unc0ver jailbreak with official support for iOS 13.0-13.3 on a plethora of different device types. Unsurprisingly, it wasn’t long before CoolStar began hyping Chimera13 – a project that was expected to add similar device and firmware support to the Electra Team’s competing jailbreak solution.

But citing a series of Tweets shared by Electra Team lead developer CoolStar on Tuesday, it seems that Chimera13 won’t be released to the general public after all:

Unc0ver v4.3.1 brings ‘biggest feature and stability update’ to jailbreak yet

Anthony Bouchard ∙ Updated May 27, 2020

Hacker and unc0ver lead developer Pwn20wnd cooked up a brand-new update for his renowned jailbreak tool and released it to the public on Sunday, officially bringing it up to version 4.3.1.

Pwn20wnd announced the latest update in a Tweet shared this afternoon, adding that it would introduce more than 30 bug fixes and stability improvements for jailbreakers:

Redditor demos Android device being used to run the checkra1n jailbreak

Anthony Bouchard ∙ March 3, 2020

The bootrom exploit-based checkra1n jailbreak initially started out as a macOS-only utility for pwning compatible iOS devices, but it soon picked up official Linux support in a later update.

While the circumstances still aren’t ideal for Windows users, it is both possible and somewhat easy to dual-boot Linux on a Windows PC. But that may not be entirely necessary if you have certain Android devices laying around…