It looks like the great minds of our wonderful community never stop surprising us. Why? Well, 10 hours ago @axi0mX on Twitter published this tweet:
Yes, it's real. Yes, it's what you read. The exploit is called checkm8, and it's a bootrom exploit. For those of you who don't know what a bootrom exploit is, it's basically a program that makes advantage of a bug in your device's boot sequence (when the Apple logo is displayed, essentially) and allows us to take complete control over what we can and cannot do. Bootrom exploits cannot be patched by Apple with a software update; however they can and probably will be patched with new hardware revisions.
IMPORTANT NOTICE: This exploit is tethered, because it can only be enabled through an USB connection, which inevitably requires another device. This means: no untethered jailbreaks, no untethered downgrades, essentially everyting you do with this will result in your device being dependant on another device to boot.
The awesome fact is that's compatible with most iPhones, iPads and iPod touches that have an A5, A6, A7, A8, A9, A10 or A11 SoC (and everything in-between), whihc is something truly amazing.
For another example, a bootrom exploit allows us to downgrade without SHSH blobs. You can finally restore your iPhone 5S to iOS 7.1! Or, if you don't like iOS 13 on your iPhone X and want to restore to iOS 11 (which I don't see why but to each their own I guess), you can!
It’s been a long time since there’s been a bootrom exploit released to the public. The last instance was when the iPhone 4 was still the latest device back in 2010, and all exploits after that have been software-based and easily patchable in software updates.
It's not ready for users, though. As of now, the GitHub page only contains the exploit. Some skilled developer, like @Pwn20wnd, has to include/bundle it in a jailbreaking tool. In fact, @Pwn20wnd already expressed interest in this:
Some users on Twitter already tried this exploit and sent their devices to pwned DFU (device firmware update) mode. That's because checkm8 is part of ipwndfu, a tool to send iDevices to DFU mode. Why is it important? Because custom IPSWs have to be restred with pwned DFU mode, this opens up a world of possibilities. Heck, one could even be an IPSW to install Android 10 on an iPhone X (which was not possible and isn't possible until someone makes it).
So here's for this post, share it if you liked it. See you next post!