ax🔥🌸mX Profile picture
Sep 22, 2020 4 tweets 2 min read Read on X
IMPORTANT POINT 👇

Apple has the option of empowering users who #checkm8, while protecting users who do not #checkm8.

Instead, they decided that even users who want to #checkm8 cannot have a fully functioning iOS 14 jailbreak without a SEPROM exploit.
Apple could allow jailbreaking to continue without SEPROM exploits, while protecting users who do not want to jailbreak. It would take slightly more engineering effort to make that happen, but it is not difficult to do.

Political barriers are more difficult to overcome.
It is the prisoner's dilemma: Two completely rational individuals might not cooperate, even if it appears that it is in their best interests to do so.

Unpatchable exploits cannot be stopped, but if they remove the incentive to release them publicly, they might just stay private.
Cooperation can be a win-win for everyone involved. Read this Wikipedia article to learn more.

en.wikipedia.org/wiki/Prisoner%…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ax🔥🌸mX

ax🔥🌸mX Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @axi0mX

Oct 6, 2020
I agree with @chronic. There was no attempt to verify facts or claims with our team. There is no demo or proof of concept.

For example, the timeline in ironpeak post has many inaccurate or misleading claims, and it is not even in chronological order.
To be clear, the public @checkra1n jailbreak does not currently have any SEP exploit or mitigation bypass whatsoever for any device. Ironpeak claims that it does.

When we write things for public consumption, it is important that we are clear, accurate, and get basic facts right.
Good writing about deeply technical topics requires collaboration with subject-matter experts. It requires editing and peer review. There is no way around it.

I do not know what "vulnerability details" ironpeak emailed to Apple, but it was most likely a low quality bug report.
Read 9 tweets
Jul 25, 2020
Security implications of this SEPROM vulnerability are not as bad as you might think:

(1) Browser-based (nation states) or app-based (community) jailbreaks cannot use it, because the value in TZ0 register is locked and cannot be changed after boot.

1/

(2) Apple's HW and SW uses many different mitigations, and they work together to limit the impact of a single vuln. This vuln cannot even be triggered without a vuln like #checkm8. Unless something like #checkm8 is found for A12/A13, we cannot even check if this issue exists.

2/
(3) A #checkm8-based jailbreak can use this vuln to exploit SEPROM, patch SEP/OS in a meaningful way, and then protect SEP from further access after iOS boots. SEP could then still be secure against accesses from the AP, and apps and tweaks will not be able to exploit it.

3/
Read 8 tweets
Dec 11, 2019
Wow, even the #checkra1n announcement post on Reddit has been taken down. 🤯

I assume that this is an unfortunate mistake and it will be fixed soon. I do not see any reason at all why Apple would intentionally do this now.

"Sorry, this post was removed by Reddit's Legal Operations team."

reddit.com/r/jailbreak/co… Image
Read this tweet to understand why it is not likely this was taken down by Apple.

Read 4 tweets
Sep 27, 2019
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.

Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

github.com/axi0mX/ipwndfu
1/ The last iOS device with a public bootrom exploit until today was iPhone 4, which was released in 2010. This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.
2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(