The One Weird Trick SecureROM Hates

Explore the intricacies of the unfixable Checkm8 vulnerability affecting millions of iPhones' SecureROM in this 39-minute conference talk from the 36C3 event. Dive deep into the process of building an iOS jailbreak from scratch by exploiting a use-after-free vulnerability in Apple's SecureROM. Learn about the DFU interface, the techniques used for exploitation, and how this vulnerability enables full control over the application processor. Discover the implications for security researchers, including the ability to enable debugging functionalities like JTAG. Analyze the root cause of the vulnerability, explore the challenges faced in creating a reliable jailbreak, and gain insights into future plans for this project. Cover topics such as SecureROM, Secure Boot, DFU Protocol, USB Control Transfer, practical trigger methods, Secure ROM Exploitation for A8 and A9 chips, Bootkit ELIS, Bootkit Development, and Jailbreak Development.