DEF CON 30 – stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking – YouTube (using Raspberry Pi Zero and hand modified lightning extension cable)

From a few years back when Lightning debugging cables were either expensive, hard or not to get at all: [Wayback/Archive] DEF CON 30 – stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking – YouTube.

Basically it is a Raspberry Pi Zero with adapted firmware connected to half a lightning extension cable.

A textual description (I wish it was linked from the above video) is at [Wayback/Archive] stacksmashing – The hitchhacker’s guide to iPhone Lightning & JTAG hacking – DEF CON Forums, which in turn refers to:

• [Wayback/Archive] Apple Lightning has a deceptively short title, but is a brain dump by [Wayback/Archive] john (@nyan_satan) about all their knowledge on this versatile cable: very much essential reading.
  

  my little article about (almost) everything I know about Apple Lightning and related technologies: Tristar, Hydra, HiFive, SDQ, IDBUS and etc.

• [Wayback/Archive] Debugging an iPhone using our Bonobo cable with OpenOCD | LambdaConcept Blog (which still is out of stock)
• [Wayback/Archive] axi0mX/ipwndfu: open-source jailbreaking tool for many iOS devices
• [Wayback/Archive] Giulio Zompetti on Twitter: “@axi0mX’s #checkm8 is out and let’s you debug your device (up to A11). But how is this done? Here is a little thread on dumping the bootrom (SecureROM) on demoted devices with Apple’s official tools. 1/ connect the cable using the correct lighting orientation and launch astris ….” is the start of a long (10 message) thread threaded at [Wayback/Archive] Thread by @1nsane_dev: “@axi0mX’s is out and let’s you debug your device (up to A11). But how is this done? Here is a little thread on dumping the bootrom […]” #checkm8
• [Wayback/Archive] nezza/SDQAnalyzer: A Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol.
  • It is part of many other interesting repositories at [Wayback/Archive] github: nezza (Thomas Roth)

Similarly, there is [Wayback/Archive] stacksmashing (@ghidraninja), the blog [Wayback/Archive] stacksmashing and [Wayback/Archive] github: stacksmashing having interesting repositories like for instance:

• [Wayback/Archive] stacksmashing/tamarin-firmware.
• [Wayback/Archive] stacksmashing/pico-serprog: Flashrom/serprog compatible firmware for the Raspberry Pi Pico
• [Wayback/Archive] stacksmashing/openocd
  

  OpenOCD provides on-chip programming and debugging support with alayered architecture of JTAG interface and TAP support

• [Wayback/Archive] stacksmashing/swd-analyzer: Saleae ARM Serial Wire Debug (SWD) Analyzer
• [Wayback/Archive] stacksmashing/pdnd-serprog: flashrom compatible serprog firmware for the Pico Debug’n’Dump

Via [Wayback/Archive] Jilles.com on Twitter: “Love how @ghidraninja did it again. Listen to this awesome @defcon talk about how Apple cables are true chameleon and can turn into anything: … Another shiny @ghidraninja gadget appears.”

--jeroen

#checkm8

Три причины не выбрасывать старый айфон

Привет, Хабр! Меня зовут Виталий, в Positive Technologies занимаюсь расследованиями инцидентов, произошедших с мобильными устройствами. Всего мобильной криминалистикой занимаюсь уже больше шести лет. За это время я исследовал много разных телефонов: от самых простых вариантов — без запароленного доступа к содержимому, до телефонов с разбитым экраном, поврежденным интерфейсным разъемом, утопленных, заблокированных и сброшенных. Много среди них было и айфонов. Недавно, перебирая вещи в квартире, я наткнулся на старый айфон, который долгое время пылился на полке. Включив устройство, я увидел не слишком обнадеживающее сообщение: «iPhone отключен. Подключитесь к iTunes». Оно чаще всего говорит о том, что доступ к данным безвозвратно утерян. Однако кое-что исследователю всё же доступно. О том, что мне удалось откопать — рассказываю под катом. Погрузиться

https://habr.com/ru/companies/pt/articles/885370/

#iphone #checkm8 #аппаратная_уязвимость #айфоны #извлечение_данных #данные_приложения #данные_пользователя #файловые_системы #iphone_x

Decided to fork #pongoos and work on a new project called "secuOS".

What is secuOS?

secuOS aims to be an alternative OS to #ios for #checkm8 capable #iphone devices using the #checkra1n application.

It aims to support A6-A11 chips/devices. (A5 excluded, nightmarish and 32-bit so no 4s)

"SecureROM? More Like InSecureROM."

GitHub: https://github.com/AFellowSpeedrunner/secuOS

Using the 6s on this project as of now.

#apple #securerom #exploit #tech #technology #osdev #programming #operatingsystems #development

News on my legacy #ipad3: It turns out the A5X chip is technically prone to #checkm8 but it requires some sort of #arduino uno trickery. This should maybe help me boot linux from that machine.

After roughly 1.5 weeks of forced #covid downtime, I'm feeling a little better. Still positive though. I hate it.

One more year of #checkm8!

iPadOS 17
A10 iPad (6th generation)
A10 iPad (7th generation)
A10X 10.5-inch iPad Pro
A10X 12.9-inch iPad Pro (2nd generation)

tvOS 17
A8 Apple TV HD
A10X Apple TV 4K

Currently installing Palera1n (http://github.com/palera1n/palera1n), feeling good.

#Palera1n #Checkm8 #iOSJailbreak #Jailbreak #iOS #iOS15