usbliter8: An A12/A13 SecureROM exploit
usbliter8 Tethered bootrom exploit for Apple A12, S4/S5 & A13 SoCs (A12X/Z can theoretically be supported as well, but it's not implemented yet). Bug & exploit write-up Available in our blogpost. Usage Hardware requirements The exploit abuses a very low level bug of the USB controller.
- ▪usbliter8 Tethered bootrom exploit for Apple A12, S4/S5 & A13 SoCs (A12X/Z can theoretically be supported as well, but it's not implemented yet).
- ▪Bug & exploit write-up Available in our blogpost.
- ▪Usage Hardware requirements The exploit abuses a very low level bug of the USB controller.
Opening excerpt (first ~120 words) tap to expand
usbliter8 Tethered bootrom exploit for Apple A12, S4/S5 & A13 SoCs (A12X/Z can theoretically be supported as well, but it's not implemented yet). Bug & exploit write-up Available in our blogpost. Usage Hardware requirements The exploit abuses a very low level bug of the USB controller. This means that default Mac/PC USB stack can't normally reach it. So instead we use Raspberry Pi's RP2350-based microcontroller boards. The board we use is Waveshare RP2350 USB-A with Lightning to USB-A cable and R13 resistor optionally removed. Other RP2350-based boards can be used as well if you cut a Lightning cable and solder it directly to corresponding pins. Typically GPIO12 & 13 are used for D+ & D- signals respectively, but that's configurable.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.