matteyeux
@matteyeux
Followers
10K
Following
8K
Media
3K
Statuses
28K
I still find this funny that Apple keeps adding this stop sign on some rkos fw even on the Vision Pro one
8
94
946
Patched version of checkra1n + working KPF on iPhone 7/14.0 (no sep stuff)
55
92
634
Pangu Team showed iOS 15 beta 4 jailbreak on iPhone 11 Pro at MOSEC.
41
55
450
George Hotz | Programming | Exploring checkm8: a brand new iOS bootrom exploit by axi0mX.
1
78
382
Seems like someone pushed a bunch of iBoot symbols to Hexrays's Lumina server
9
56
384
Well, a decryption tool is now available .
0
62
291
How to decompress iOS 14.3 sep-firmware for A10 :.1. decrypt file.2. extract compressed part : dd if=sep-firmware.d10.RELEASE.im4p.dec of=sep.compressed skip=65536 bs=1.3. decompress with lzvn : ./lzvn -d sep.compressed sep.bin
5
78
274
SSD Advisory – iOS Jailbreak via Sandbox Escape and Kernel R/W leading to RCE.
5
90
251
Looks like someone got a 0day burned ?
🚨 $1,000,000 Bounty for iOS Zero-Day! 🚨. ZeroZenX is offering a $1M reward for a working zero-day exploit that bypasses USB Restricted Mode on the latest version of iOS. If you’re a top-tier security researcher and have a reliable exploit, we want to hear from you!. 💰.
2
24
253
PoC tool for setting nonce without triggering KPP/KTRR/PAC. (requires tfp0).
7
58
234
[Slides] The hitchhacker’s guide to.iPhone Lightning & JTAG hacking.
6
80
241
CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesigning bypass.
2
74
230
iOS 15 (19A5261w) .iBoot : iBoot-7429.0.72.112.2.Kernel : Darwin Kernel Version 21.0.0: Sat May 22 02:37:35 PDT 2021; root:xnu-7938.0.0.112.1~5/RELEASE_ARM64_T8030.
7
19
201
Recreating an iOS 0-day jailbreak out of Apple’s security patches.
2
53
212
Wipe and reinstall a running Linux system via SSH, without rebooting. You know you want to.
4
83
199
The making of an iOS 11 jailbreak - Kiddie to kernel hacker in 14 sleepless nights .
1
92
201
iOS 15.0 RC (19A344) iBoot d53g .f616222bda5f10aadc5dd206c4cfb9dd9f287480e05bb40a61f6b6220412e7b01a7358245838fe2ce2dcce179341bbe3
1
31
197
iOS 13.3.1. (17D6050) Homepod iBoot. bae48ea04ae32b1cb8c17c9b4120ef332b7aa58fae9a0f4393f3698799b02a4de497b0ca369b450c2ab27e7fa2d1701c
7
27
193
Since checkra1n 0.9.8.1 you can access AES engine from userland to decrypt kbags. I updated autodecrypt to grab keys from a device
7
25
178
Here is a script to split 64 bits Mach-O files from a decrypted sep-firmware (A11+).
5
39
184
Apple added firebloom 🔥🌸 in A12 (except TV) and A12X iBoot in iOS 14.5
5
27
166
Mandatory step: open twitter[.]com and brag about Linux on Apple, because internet
3
9
168
To decrypt sep kbag with checkra1n 0.12.0 :.- sep auto.- sep decrypt <kbag>
6
27
166
I finally have a working setup with the Raspberry Pico and the tamarin fw
11
16
159
PoC for the iOS 11.4.1 and MacOS 10.13 kernel vulnerability in lio_listio.
12
69
150
Is jailbreak still dying ? This month we got : .- Houdini.- v0rtex.- Ian Beer's tfp0 + kdbg.- JailbreakMe for 32bits devices.
7
39
143
iPhone 16e IPSW firmware is available for download. C1 firmware : Firmware/c4000v59/Release/patched/ftab.bin. Uses cL4 kernel as expected
3
14
152
The qemu fork by @ntrung03 is pretty cool ! It's also possible to debug the A9 SecureROM in IDA 😁.
1
31
146
iOS 11.2 kernel pointer disclosure introduced by Apple's Meltdown mitigation.
7
62
141
iOS 16.0 - 20A5283p.iBoot-8419.0.42.112.1.Darwin Kernel Version 22.0.0: Thu May 26 20:49:02 PDT 2022; root:xnu-8792.0.50.112.3~4/RELEASE_ARM64_T8020.
4
17
132
Recreating An iOS 0-Day Jailbreak Out Of Apple's Security Updates.
1
34
132
iBoot* for n301 (Apple Vision Pro). 1.0 - 21N5165g. e93c560966ad2d584c5fb86f7c32ab2e003739b11d51fdddc3a76eed70ae05422419d89983a4b796d3b68f9ec82c0370. *iBEC.n301.RELEASE.im4p
0
17
119
A tool for analyzing and find vulnerabilities in macOS and iOS kernel drivers.
1
41
120
Real question is : can we use checkra1n for Linux on an iPhone running Linux.
4
3
108
An iOS kernel exploit designated to work on all iOS devices <= 10.3.1.
4
72
122
Interesting talk about ITW exploit chains caught by Google TAG. No surprise, they use Google's internal resources and Chrome crash dumps to catch exploits.
0
36
120
Mapping physical memory to user space (EL0) on iOS. (+ AES PoC)
3
31
111
Twitter does not allow anymore to tweet hashes. So it's not possible to publish iOS bootloader keys here ¯\_(ツ)_/¯
5
4
113
CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple SEAR and CitizenLab. Seems to be one of the bugs in ImageIO exploited in the latest iMessage exploit chain (BLASTPASS).
2
30
115