Breakthrough: iBoot And SecureROM Source Code Has Leaked, Could Lead To Permanent Bootrom iPhone Jailbreak
It hasn’t been a great few weeks or months for Apple as far as jailbreaking is concerned, with kernel-level bug discoveries and multiple jailbreak tools releasing left and right for various versions of iOS 11. Now, to add further concern to Apple’s hierarchy, the iBoot and SecureROM source code have leaked into the public domain, potentially offering an easier route to further bootrom-based jailbreaks in future.
As outlined by well-known Siguza via Twitter in the third-quarter of 2017, Apple had initially taken the decision to issue unencrypted IPSW files to developers in addition to allowing them to get their hands on the ARM64 source.
Siguza then joked that it’s likely that we could possibly see the source code to Apple’s iBoot come along as the third unexpected gift. Well, skip forward five months, and here we are with exactly that thanks to a file titled iBoot_BootROM_iBSS_iBSS_iLLB_Source_Code being shared around social media. Twitter account @apple_external has confirmed that the iBoot source is for iOS 9.x, but has also confirmed that it comes with certain limitations. Those limitations are mainly the fact that you can’t actually compile the code due to certain files being missing. There is also confirmation that the code being shared also includes the bootrom source for a number of Apple’s devices:
This is the SRC for 9.x. Even though you can’t compile it due to missing files, you can mess with the source code and find vulnerabilities as a security researcher. It also contains the bootrom source code for certain devices.
Additionally, if that wasn’t enough, the leak also contains a very handy “docs” directory which provides additional information pertaining to iBoot. For security researchers and those involved in attempting to find bugs, this is essentially the gift that keeps on giving and will make it exponentially easier for those individuals to find an iBoot or bootrom exploit for permanently jailbreaking iPhones and iPads to which this code is applicable.
With that said, this is the source for iOS 9.x, so it remains to be seen how relevant any findings will actually be in today’s climate when we are sitting with 64-bit devices running iOS 11.2.5 as the latest build.
It’ll be extremely interesting to see what people with the requisite knowledge do with this leak. If anything comes of it, we will be sure to let you know.