Great news. More freedom for iOS users who wish to downgrade. Tethered most likely, unfortunately, but still useful progress in this regards.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Checkm8 Exploit Opens Door to Unpatchable Jailbreak on iPhone 4S Through iPhone X
- Thread starter MacRumors
- Start date
- Sort by reaction score
6 number passcode is only 1000000 different combinations so that should be relatively quick? The hard part is if someone is using many character text passcode.
Does this allow for a bypass of the time lockout when trying to brute-force the passcode?
Last edited:
Long story short:
Lots of clickbait articles and fear mongering, while pretty much nothing security related happened at all.
Lots of clickbait articles and fear mongering, while pretty much nothing security related happened at all.
Why? I thought the problem of NAND mirroring was the AES keys stored within the A CPU. Now that we have full control over this and can extract decryption keys we should be able to dump the NAND and use the keys to brute force the passcode without restriction.
Yes, I personally use a mixture of numbers, alpha, lower and upper case.
They can’t fix this though. Lol It’s an exploit that can’t be fixed.
On older devices without a Secure Enclave (iPhone 5 and 5C) you could likely do a brute force of the PIN. But you can’t on any device with an A7 processor and up since this exploit has no ability to access the Secure Enclave.
Sadly, while many iOS6 apps still run, the servers they connect to (eBay etc) aren't happy with the vintage software and don't play nicely.
How? “The reason that bootrom is special is part of the chip Apple made for the phone. So whatever code is put there in the factory, it will be there for the rest of your life. So if there is any vulnerability inside the bootrom, it cannot be patched.”
Yay! Now, everyone with an iPhone 6 can have an overheating iPhone that glitches, crashes, and runs through battery life like crazy!
Jailbreaking was useful when the App Store and iOS were in their infancy. But now I can think of nothing I would need that jailbreaking would provide. And I won't have to deal with instability, battery drain, and possibility of infection.
Jailbreaking was useful when the App Store and iOS were in their infancy. But now I can think of nothing I would need that jailbreaking would provide. And I won't have to deal with instability, battery drain, and possibility of infection.
I never claimed the bootrom itself could be patched.
In the past Apple has placed restrictions on the Lightning (USB) connection to stop certain types of hacks. So Apple may again change how USB connections are made.There’s no need to patch the bootrom if the access is denied through another method.
I don’t know if this is possible - I’m making an educated guess based on previous fixes Apple has done. It could turn out Apple can’t mitigate this due to hardware design. We’ll have to wait and see.
Regardless, this isn’t the doom & gloom security risk people make it out to be.
The boot ROM works below the level of the OS. There's nothing Apple can do to block it.
if your company owns the iPads then they can have Apple unlock them couldn't they? perhaps they have a corporate sales rep at Apple that can arrange this.
Before iOS 13 was released I had the latest JB which covered up to iOS 12.1.2 Other than the dark mode, volume HUD tweaks which I was using (these are now in iOS 13 of course) these are a few things I used JB for:
-Always on display with time and notifications - worked great and did not drain battery on my XS Max OLED display
-Going straight to lock screen when there are no notifications and unlocking with face ID (no need to swipe up)
-Multi-tasking - ability to run 2 apps on the screen at the same time (worked wonderfully on XS Max screen size)
- Picture in Picture for videos (like youtube, safari videos etc) worked the same as iPad
-Use any app in Carplay. so I was able to watch netflix, stream my live tv PS Vue and use full apps like the full version of spotify, waze, etc... and not the watered down carplay version
-Able to set seperate volume for my alarms so it wasnt dependent on the ringer volume
- A few aesthetics like change the layout of homescreen, including resize icons, move icons anywhere, add widgets like weather and calendar to the home screen
- Change the look of the lock screen, add widgets, clock style, etc...
- change shortcut buttons on the lock screen
- Change the dock so I can add as many apps as I want, by making the icons smaller or making it a scrolling a dock
That's only a few of the things I can remember right now, but there were definitely more.
It did actually. I took my iPhone 4 in for service and they turned me away at the Apple store. I had to do a restore and come back, which was an easy fix, but I had to jailbreak again after the screen was fixed.
Great so now we can use the 4 apps left on the jailbreak scene which are actively supported and updated! I got a very bad taste in my mouth last time I did a jailbreak, and that was 2-3 years ago. Zero support from Cydia for apps purchased from them, and the vast majority of apps I wanted hadn't been updated in years and years and didn't work.
But you were still able to get it fixed under warranty. They didn't permanently deny you warranty over it. That was my point.
lol
okey-dokey.
"The device’s unique IDs (UIDs) and group IDs (GIDs) are AES-256 bit keys fused (UID) or compiled (GID) into the application processor and Secure Enclave during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed by dedicated AES engines implemented in silicon using the UID or GID as a key. The application processor and Secure Enclave each have their own UID and GID. The Secure Enclave UID and GID can only be used by the AESengine dedicated to the Secure Enclave. "
Beginning of Page 15
..plus allot of other goodies.
Last edited:
Wow!
How much have you paid for all of those, if anything?
Can you list all the apps you need to download for all those tweaks?
Interesting that this exploit doesn't work on A12 and A13 devices. Makes you wonder if they knew about the flaw, and patched it intentionally, or they patched the flaw unintentionally/accidentally?
Last edited: