Checkm8 Bootrom Jailbreak Exploit Makes iPhone X To iPhone 4S Pwned For Life For Jailbreaks, Downgrades, Custom Firmwares, More
Checkm8 bootrom jailbreak exploit has been announced which makes iPhone X to iPhone 4S pwned for life. Here are the details.
axi0mX, the relatively well-known security researcher, has stunned the jailbreak community – and likely Apple – by announcing a new bootrom exploit which is capable of working all devices in the A5-A11 range.
It’s fair to suggest that the jailbreak community has become synonymous with the “peaks and troughs” concept in that we often find ourselves experiencing miraculous highs followed closely by soul-destroying lows. Over the last six months, there have been more highs than lows, which is always positive for jailbreakers when the tide sways away from Apple’s control, and the announcement of this bootrom exploit – dubbed ‘checkm8‘ – once again ups the ante in the ongoing cat and mouse game between Apple and researchers/jailbreakers.
It’s worth noting that axi0mX is not releasing a full, workable jailbreak solution for compatible devices but a single unpatchable exploit which developers can use to “dump SecureROM,” as he stipulated on Twitter:
What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.
That all sounds impressive enough but it becomes even more impressive when you start to understand the vast scale of compatibility. Checkm8 is an exploit which is workable on all iPhones, iPads, and iPod touches from iPhone 4S through to iPhone X. So yes, that does exclude devices like iPhone XS range and the recently released iPhone 11, but it works will all units up until after iPhone X when Apple moved away from the A11.
axi0mX describes this on Twitter as a “permanent unpatchable bootrom” which has the potential to be used as an exploit on “hundreds of millions of iOS devices.” It’s been a while since the community has been blessed with a rare bootrom exploit which is capable of exploiting the device at a hardware level and not just software-based. In fact, it was as far back as 2010 when we were last blessed with an exploit of this nature in the form of limera1n by geohot for iPhone 4 and below devices.
This is, it’s worth remembering, just an exploit at this stage and will actively require someone to take ownership of it and turn it into something more which can be used by the community. We expect this to happen soon though. Given the hardware nature of exploit, Apple can’t patch it with any software update which means the aforementioned devices are jailbroken for life. Not just that, this will also allow for things like installation of custom firmware IPSWs, downgrade to any firmware, and much more. Stay tuned for more on this!