11
Parzi
23d

Going out on a limb here... have any of you done any bare-metal phone programming (not counting compiling like AOSP and such, like totally arbitrary code at boot-time, or bootloader coding, ideally) or know someone that has? A friend got bit by a bad iOS app on a jailbroken iPhone 8 (checkra1n, so no unsigned firms or anything) that has installed a bad iCloud lock on the device, and I need checkm8 shellcode to zero most of if not all of the NAND to get rid of it (since an iTunes restore preserves that data) and I can't figure out jack shit about how any of this works, since ARM isn't strict on what goes where in the address space or how to access hardware.

Comments
  • 5
    This is one of those "hours of work to fix" vs "buy a new phone and lesson learned scenarios.

    You might get real lucky and solve it in a few hours. More likely you'll just burn more time than the phone is worth trying to save it.
  • 1
    Who knew using unverified wares could cause such harm 🤦‍♂️
  • 0
    @SortOfTested a new iPhone 8 received as a present by someone who can't just drop the money for a new one.
    @C0D4 verified shit can still be malicious
  • 2
    @SortOfTested where's the fun in that
  • 1
  • 1
    I don't work with iPhones but considering it's ARM and apple I doubt you would be able to flash something on it.

    This is one of the times when you just have to buy a new phone cause you will waste time.
  • 0
    @Haxk20 I have DFU code exec, again, checkm8. The issue is, *what boot?* i need something very much like CWM or TWRP here.
  • 1
    Also considering you would need to zero entire MMC then you would wipe bootloader. Making the phone dead.
  • 0
    @Haxk20 boot0 (and DFU) are their own ROM chips (no idea what kind tho), which is why checkm8 works. They're separate (that's why it can't be patched out!)
  • 1
    @Parzi I'm sorry mate. I don't work with apple devices. If it was android you could wipe it easily. On apple I doubt that would be the case.
  • 0
    @Haxk20 hence my issue, yes. It took forever for the checkra1n team to get a framebuffer, much less anything else.
  • 0
    @Haxk20 hear me out:
  • 1
    @Parzi yes but the partition scheme is different and the storage is emulated I suppose.
  • 0
    @Haxk20 yes but linux with root exposed? idk if it'd have access to emmc but it might and gdi that's exactly what i need rn
Add Comment