Secure Enclave

FAQ: iOS 14 checkra1n jailbreak

The checkra1n jailbreak recently picked up support for iOS 14 on devices equipped with Apple’s A8-A9X processors, but as many noticed on the night this happened, the checkra1n team also elucidated on how it would take more time to add support for A10 and A10X devices and that they weren’t even sure if they would be able to add support for A11-equipped devices like the iPhone 8, 8 Plus, and X.

Given the rather unexpected and uncertain circumstances, we’re sure there are a lot of questions about the checkra1n jailbreak and when or if it will receive updates to support newer devices. With that in mind, we wanted to take a moment to deliver an FAQ-style post that would discuss many of the most common questions and the best answers for those questions that we have at the time of this writing.

Luca Todesco teases SEPROM code execution with checkra1n

Nearing the end of last month, the Pangu Team took the stage at MOSEC 2020 to discuss a plethora of interesting topics, one of which really stood out from the rest. We’re of course talking about the unpatchable hardware based SEPROM vulnerability that targets a device’s secure enclave processor (SEP).

It wasn’t long after the SEPROM vulnerability was discovered and notes about it were published that famous hackers like Luca Todesco of the checkra1n team began tinkering with it. In fact, it was only yesterday that Todesco Tweeted some particularly eye-catching photos of checkra1n integration on an iOS device and of a T2-equipped Mac running the vulnerability as shown by the Touch Bar’s OLED display:

Pangu Team teases unpatchable SEP vulnerability at Mosec 2020

It was a pleasant surprise waking up this morning to learn that the Pangu Team had successfully pwned iOS 14 using their own proprietary exploits and demoed it at the Mosec 2020 conference. Although this jailbreak in particular isn’t likely to be released, it shows that there’s a light at the end of the tunnel despite Apple’s ongoing efforts to snuff out jailbreaking once and for all.

But an iOS 14 jailbreak wasn’t the only thing that the Pangu Team shared during their presentation. Team member @windknown also discussed details encompassing security research with Apple’s proprietary SEP (Secure Enclave Processor) chips, which are used for storing valuable data including Face ID & Touch ID information and passcode data, among other things of utmost confidentiality.