Usbliter8: an A12/A13 SecureROM Exploit

Posted by givinguflac 7 days ago

Usbliter8: an A12/A13 SecureROM Exploit(ps.tc)

https://www.macrumors.com/2026/06/18/a12-and-a13-chips-facin...

192 points | 37 comments

ndiddy 1 day ago|

I'm curious what this will lead to, both security wise and jailbreak hobbyist wise. I saw this overview: https://www.reddit.com/r/jailbreak/comments/1ua58xd/usbliter... which mentions that it won't let an attacker gain full access to iOS on a passworded device without another exploit:

> BPR, or Boot Process Register, was a feature implemented in iOS 14 in order to additionally secure devices from bootROM based attacks. Crucially, it restricts data access when a device is booted directly from DFU mode, which is required by both checkm8 and usbliter8. In iOS 14 and 15, this manifested as the requirement to disable your passcode when jailbreaking A11 devices with checkra1n/palera1n, and is the reason why A11 devices must be first erased if they previously had a passcode before jailbreaking with palera1n. A10 devices were not affected by this as they had a SEP exploit, known as blackbird, which prevented this issue from arising. We do not have a SEP exploit for A11 and newer.

nfriedly 5 days ago||

This is awesome news! It isn't a jailbreak in and of itself, but it is the first step.

Right now we only have a reliable jailbreak (checkm8) for up to iOS 18 (and that's only thanks to one iPad model). Some app developers are pretty aggressive about dropping support for older iOS versions.

This affects iPhone XR, XS, 11, SE 2nd gen, and a smattering of iPads. Many of these devices got the iOS 27 beta and will likely see future iOS versions for at least another year or two.

Edit: here's the affected iPads:

* iPad Pro 11" (gen 1-2)

* iPad Pro 12.9" (gen 3-4)

* iPad mini (gen 5)

* iPad Air (gen 3)

* iPad (gen 8-9)

jojobas 1 day ago|

Also great new for Cellebrite?

inigyou 1 day ago|||

Reboot your phone after the feds have it before you unlock it again

matheusmoreira 1 day ago||

Once the feds have the phone, they aren't going to allow him to touch it, much less reboot it.

inigyou 1 day ago||

They have to reboot it to use a bootloader exploit. Reboot it again after you get it back to erase whatever they did.

inigyou 1 day ago|||

I realized they might have added a fake reboot menu. So either use the exploit yourself to check it's the real bootloader (no realistic chance the FBI made a fake bootloader exploit in the fake reboot menu) or let the battery run out or remove it.

purkka 1 day ago|||

All Apple mobile devices I've used have had some form of low-level forced reboot method, akin to holding down your PC's power button. Though I can't say whether it's also something one could subvert with a BootROM exploit.

https://support.apple.com/guide/iphone/force-restart-iphone-...

saagarjha 1 day ago|||

Nobody is going to add a fake reboot menu

throwaway375 1 day ago||

Or they wouldn’t have, until they saw this thread, just for the sport

akimbostrawman 1 day ago|||

seems like a huge amount of effort when they could simply give you a bugged phone of the same model that automatically transmits the passcode to them when you enter it. Newest ios are usually vulnerable to Cellebrite anyways.

Retr0id 1 day ago|||

Not unless they also have a SEP exploit.

nayuki 2 days ago||

I first thought of SecuROM, a CD/DVD copy protection scheme applied to computer game discs: https://en.wikipedia.org/wiki/SecuROM

Scoundreller 1 day ago||

Time for my annual check, and yep, gamecopyworld.com is still kickin' with roughly the same theme since 1998

d3Xt3r 2 days ago|||

That's what I thought as well. I read the headline and was surprised that SecuROM was still around and was confused what it had to do with Apple... until I saw your comment.

nekitamo 1 day ago||

They are still around, under the name Denuvo :)

Velocifyer 2 days ago||

A DRM scheme that often failed to work and had a limit to the amount of installs.

thenthenthen 6 days ago||

Ohhhh this is interesting!!!!! I really miss the glory days of jailbreaking, it just unlocked so many handy, fun, and cool stuff. From running webservers to speeding up the terribly slow animations.

wowczarek 2 days ago|

...or adding system-wide Copy and Paste when the iPhone first launched without it...

iririririr 1 day ago||

ouch. imagine going back in time and tell someone that in your own pocket computers, it would be a forbidden art to spend 2min to code, and be allowed to run, a copy and paste application.

(well, to be honest this is a bad example to show the system is closed, because copy and paste was difficult on linux too during wayland)

codedokode 1 day ago||

Where did they get the code for SecureROM? Also, why is the ROM code so large, I thought the BootROM should contain the minimal code to boot from flash memory and that's all.

Retr0id 1 day ago||

Many are dumped publicly at https://securerom.fun/

Some were dumped via known exploits, but I don't know how A12/A13 were dumped in the first place. I'd guess someone got code exec via fault injection and dumped it out that way, or perhaps just a privately known vuln.

iBoot source code has also been leaked, in the past.

ACCount37 1 day ago||

Do you want to break out a flash programmer and disassemble the entire smartphone whenever someone bricks it via firmware?

If not, you need to have unbrick-capable DFU straight in BootROM.

Which typically means: ROM code that carries an entire USB stack, as well as means of validating and booting executables from the USB stack.

An alternative would be to have BootROM recovery off MicroSD, but, iPhone lmao. They didn't chase the trend of "no expandable storage" - they created it.

1over137 1 day ago||

So will this let us install apps (on suitably old hardware) without needing an AppleID?

djfergus 2 days ago||

Sounds like it’s a low level hardware/firmware hole that can’t be patched.

edelbitter 6 days ago||

Since this can only underflow and some written bits are not attacker-chosen, does this not imply that the patchable part of the software could reliably detect this just in time and panic on suspected USB DMA corruption? Where is the catch?

auguzanellato 6 days ago||

The exploit grants arbitrary code execution, it can just fix up the telltale signs of the USB DMA corruption before jumping to an updatable part of the boot flow

edelbitter 5 days ago||

Ah, the exploit is all done before that!

Retr0id 1 day ago||

The exploit happens before any patchable software is running, it's not called ROM for nothing.

raffael_de 6 days ago||

supposedly an unfixable vulnerability possibly affecting several iPhone models. should be more relevant than 4 points imho.

Cider9986 6 days ago|

Feel free to repost or email hn@ycombinator.com to have it put in pool.

xphos 6 days ago||

Yeah this is definitely a front pager big news in the Jailbreaking world

empath75 1 day ago|

The articles have been unclear about this: Does this let attackers unlock a stolen iphone, for example, or is this just about jailbreaking a phone that you own and control.

More comments...