Usbliter8 an A12/A13 SecureROM Exploit
9 hours ago
- #BootROM Exploit
- #iPhone Security
- #Hardware Vulnerability
- Detailed explanation of an iPhone BootROM vulnerability exploiting a USB controller hardware bug and firmware configuration flaw.
- Affected SoCs: A12, S4/S5, A13; A12X/Z possible but not implemented; A11 not vulnerable due to manual DMA reset; A14+ have DART configured securely.
- Bug involves USB Setup packets causing a DMA buffer underflow via mismatched pointer increments/decrements, enabling SRAM overwrite.
- A12 exploitation: Overwrites saved LR on stack for PC control via ROP, then injects shellcode into boot trampoline via DMA.
- A13 exploitation: Bypasses PAC via multi-step technique involving zero/0xf writes, critical-section depth manipulation, and IRQ handler overwrite.
- Post-exploitation achieves EL1 privilege via SVC 0, patches ROM, restarts SecureROM with custom MMU mappings to persist changes.
- Custom USB handler added for demotion and unsigned iBoot booting, with PWND string injected into USB serial.
- Emphasizes real-world impact of hardware vulnerabilities in immutable BootROM, contributing to SecureROM security understanding.
- Coordination with Apple Product Security on disclosure, highlighting ongoing hardware-level risks in older iPhones.