Secure Enclave

FAQ: iOS 14 checkra1n jailbreak

Anthony Bouchard ∙ May 11, 2021

The checkra1n jailbreak recently picked up support for iOS 14 on devices equipped with Apple’s A8-A9X processors, but as many noticed on the night this happened, the checkra1n team also elucidated on how it would take more time to add support for A10 and A10X devices and that they weren’t even sure if they would be able to add support for A11-equipped devices like the iPhone 8, 8 Plus, and X.

Given the rather unexpected and uncertain circumstances, we’re sure there are a lot of questions about the checkra1n jailbreak and when or if it will receive updates to support newer devices. With that in mind, we wanted to take a moment to deliver an FAQ-style post that would discuss many of the most common questions and the best answers for those questions that we have at the time of this writing.

Luca Todesco teases SEPROM code execution with checkra1n

Anthony Bouchard ∙ August 9, 2020

Nearing the end of last month, the Pangu Team took the stage at MOSEC 2020 to discuss a plethora of interesting topics, one of which really stood out from the rest. We’re of course talking about the unpatchable hardware based SEPROM vulnerability that targets a device’s secure enclave processor (SEP).

It wasn’t long after the SEPROM vulnerability was discovered and notes about it were published that famous hackers like Luca Todesco of the checkra1n team began tinkering with it. In fact, it was only yesterday that Todesco Tweeted some particularly eye-catching photos of checkra1n integration on an iOS device and of a T2-equipped Mac running the vulnerability as shown by the Touch Bar’s OLED display:

Pangu Team teases unpatchable SEP vulnerability at Mosec 2020

Anthony Bouchard ∙ July 24, 2020

It was a pleasant surprise waking up this morning to learn that the Pangu Team had successfully pwned iOS 14 using their own proprietary exploits and demoed it at the Mosec 2020 conference. Although this jailbreak in particular isn’t likely to be released, it shows that there’s a light at the end of the tunnel despite Apple’s ongoing efforts to snuff out jailbreaking once and for all.

But an iOS 14 jailbreak wasn’t the only thing that the Pangu Team shared during their presentation. Team member @windknown also discussed details encompassing security research with Apple’s proprietary SEP (Secure Enclave Processor) chips, which are used for storing valuable data including Face ID & Touch ID information and passcode data, among other things of utmost confidentiality.

How to clear your MacBook Pro Touch Bar data

Anthony Bouchard ∙ October 19, 2017

Apple’s 2016 and 2017 MacBook Pros sport an optional OLED Touch Bar that lets you interact with apps in remarkable new ways, but it's also home to the Touch ID fingerprint sensor. With it, your Mac compares your fingerprint against samples stashed inside the secure enclave for authentication.

If you intend to donate or sell your Touch Bar-enabled MacBook Pro in the future, then you might aspire to erase your Mac's Touch Bar data. This procedure can also be beneficial if you're experiencing difficulties with the Touch Bar or Touch ID's standard functionality and want to troubleshoot what's going on.

Apple’s Secure Enclave team is hiring

Christian Zibreg ∙ August 25, 2017

Apple is currently advertising job openings for its Secure Enclave team, seeking several software engineers and managers through its Jobs website in the United States.

Apple won’t release a fix for Secure Enclave’s exposed decryption key

Christian Zibreg ∙ August 18, 2017

Following the exposure of the decryption key protecting the firmware software running on the iPhone 5s's Secure Enclave coprocessor that was posted on GitHub yesterday, an Apple source has reportedly said that any customer data securely stored in the cryptography coprocessor remains protected and that the company does not intend to roll out a fix at this time.

Decryption key for iPhone 5s’s Touch ID Secure Enclave coprocessor has been exposed

Christian Zibreg ∙ October 17, 2018

Ahead of this year’s Hack in the Box (HITB) conference in Singapore, security researcher who goes by the Twitter handle “xerub” has managed to expose the fully grown decryption key for the iPhone 5s's cryptographic coprocessor that handles Touch ID, called Secure Enclave.