ax🔥🌸mX Profile picture
Bootrom exploit philanthropist. Apple silicon hacker. iOS jailbreaker. Join us as we dance madly on the lip of a volcano.
Oct 6, 2020 9 tweets 4 min read
I agree with @chronic. There was no attempt to verify facts or claims with our team. There is no demo or proof of concept.

For example, the timeline in ironpeak post has many inaccurate or misleading claims, and it is not even in chronological order. To be clear, the public @checkra1n jailbreak does not currently have any SEP exploit or mitigation bypass whatsoever for any device. Ironpeak claims that it does.

When we write things for public consumption, it is important that we are clear, accurate, and get basic facts right.
Sep 22, 2020 4 tweets 2 min read
IMPORTANT POINT 👇

Apple has the option of empowering users who #checkm8, while protecting users who do not #checkm8.

Instead, they decided that even users who want to #checkm8 cannot have a fully functioning iOS 14 jailbreak without a SEPROM exploit. Apple could allow jailbreaking to continue without SEPROM exploits, while protecting users who do not want to jailbreak. It would take slightly more engineering effort to make that happen, but it is not difficult to do.

Political barriers are more difficult to overcome.
Jul 25, 2020 8 tweets 3 min read
Security implications of this SEPROM vulnerability are not as bad as you might think:

(1) Browser-based (nation states) or app-based (community) jailbreaks cannot use it, because the value in TZ0 register is locked and cannot be changed after boot.

1/

(2) Apple's HW and SW uses many different mitigations, and they work together to limit the impact of a single vuln. This vuln cannot even be triggered without a vuln like #checkm8. Unless something like #checkm8 is found for A12/A13, we cannot even check if this issue exists.

2/
Dec 11, 2019 4 tweets 2 min read
Wow, even the #checkra1n announcement post on Reddit has been taken down. 🤯

I assume that this is an unfortunate mistake and it will be fixed soon. I do not see any reason at all why Apple would intentionally do this now.

"Sorry, this post was removed by Reddit's Legal Operations team."

reddit.com/r/jailbreak/co… Image
Sep 27, 2019 13 tweets 3 min read
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.

Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

github.com/axi0mX/ipwndfu 1/ The last iOS device with a public bootrom exploit until today was iPhone 4, which was released in 2010. This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.