[Unconfirmed] New Bootrom Exploit For All iOS Devices?

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
In case you guys haven't already seen this, one of the unaffiliated iPhone hackers, pod2g, has done a backdoor announcement for a new exploit for the iPhone by posting the decryption keys for iBSS (part of the Bootrom). As iBSS is a part of the Bootrom, the only known way to currently recover those keys is to take control of the Bootrom, which isn't currently possible with a userland jailbreak like Spirit or JailbreakMe. Thus this heavily implies (but does not confirm) that he has a Bootrom exploit all the new-generation Bootrom devices.

For those of you unaware, the importance of a Bootrom exploit is that the Bootrom is a true ROM, programmed when the device is manufactured. As it can't be rewritten Apple can not patch it in the field, and any exploit in the Bootrom is thereby permanent. Furthermore the Bootrom is the lowest level of the chain of trust, so compromising the Bootrom allows for compromising the rest of the device (excluding the independent modem) including not just the OS, but more trivial matters such as Restore mode and the boot logos.

Ultimately if this exploit is real and if it's an untethered exploit, then all existing iOS devices (including the iPod Touch 4G, it would seem) would be pwned for life, something only iPhones up to the old-generation 3GS were vulnerable to. It would also be an impressive technical matter, since Apple runs a tight ship with the Bootrom and it's extremely hard to find an exploit in it (which is why the new-generation 3GS effectively went a year unbroken). And of course, updating to a newer version of a jailbroken OS on these devices would be as easy as patching the kernel with tools such as RedSn0w/PwnageTool, as iPhone hackers would no longer have to chase suitable OS vulnerabilities.
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
RedmondPie is the Weekly World News of the internet. Despite what they say, none of this confirms a Bootrom exploit. They just like jumping the gun.