Skip to content
Permalink
Browse files

checkm8 bootrom exploit

  • Loading branch information...
axi0mX committed Sep 27, 2019
1 parent 0da9adb commit 2d0abd321dfc947899f6b79cf2d189be9a622ab0
@@ -1,8 +1,11 @@
all:
all: armv6 armv7 arm64

armv6:
arm-none-eabi-as -march=armv6 -mthumb --fatal-warnings -o bin/steaks4uce-shellcode.o src/steaks4uce-shellcode.S
arm-none-eabi-objcopy -O binary bin/steaks4uce-shellcode.o bin/steaks4uce-shellcode.bin
rm bin/steaks4uce-shellcode.o

armv7:
arm-none-eabi-as -mthumb --fatal-warnings -o bin/limera1n-shellcode.o src/limera1n-shellcode.S
arm-none-eabi-objcopy -O binary bin/limera1n-shellcode.o bin/limera1n-shellcode.bin
rm bin/limera1n-shellcode.o
@@ -22,3 +25,24 @@ all:
arm-none-eabi-as -mthumb --fatal-warnings -o bin/ibss-flash-nor-shellcode.o src/ibss-flash-nor-shellcode.S
arm-none-eabi-objcopy -O binary bin/ibss-flash-nor-shellcode.o bin/ibss-flash-nor-shellcode.bin
rm bin/ibss-flash-nor-shellcode.o

arm-none-eabi-as -mthumb --fatal-warnings -o bin/usb_0xA1_2_armv7.o src/usb_0xA1_2_armv7.S
arm-none-eabi-objcopy -O binary bin/usb_0xA1_2_armv7.o bin/usb_0xA1_2_armv7.bin
rm bin/usb_0xA1_2_armv7.o

arm-none-eabi-as -mthumb --fatal-warnings -o bin/checkm8_armv7.o src/checkm8_armv7.S
arm-none-eabi-objcopy -O binary bin/checkm8_armv7.o bin/checkm8_armv7.bin
rm bin/checkm8_armv7.o

arm64:
xcrun -sdk iphoneos clang src/usb_0xA1_2_arm64.S -target arm64-apple-darwin -Wall -o bin/usb_0xA1_2_arm64.o
gobjcopy -O binary -j .text bin/usb_0xA1_2_arm64.o bin/usb_0xA1_2_arm64.bin
rm bin/usb_0xA1_2_arm64.o

xcrun -sdk iphoneos clang src/checkm8_arm64.S -target arm64-apple-darwin -Wall -o bin/checkm8_arm64.o
gobjcopy -O binary -j .text bin/checkm8_arm64.o bin/checkm8_arm64.bin
rm bin/checkm8_arm64.o

xcrun -sdk iphoneos clang src/t8010_t8011_disable_wxn_arm64.S -target arm64-apple-darwin -Wall -o bin/t8010_t8011_disable_wxn_arm64.o
gobjcopy -O binary -j .text bin/t8010_t8011_disable_wxn_arm64.o bin/t8010_t8011_disable_wxn_arm64.bin
rm bin/t8010_t8011_disable_wxn_arm64.o
@@ -85,10 +85,11 @@ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.

You will not need to use `make` or compile anything to use ipwndfu. However, if you wish to make changes to assembly code in `src/*`, you will need to use an ARM toolchain and assemble the source files by running `make`.

If you are using macOS with Homebrew, you can use gcc-arm-embedded. You can install it with this command:
If you are using macOS with Homebrew, you can use binutils and gcc-arm-embedded. You can install them with these commands:

```
brew cask install gcc-arm-embedded
brew install binutils
brew cask install https://raw.githubusercontent.com/Homebrew/homebrew-cask/b88346667547cc85f8f2cacb3dfe7b754c8afc8a/Casks/gcc-arm-embedded.rb
```

## Credit
BIN +4 Bytes (100%) bin/SHAtter-shellcode.bin
Binary file not shown.
BIN +328 Bytes bin/checkm8_arm64.bin
Binary file not shown.
BIN +372 Bytes bin/checkm8_armv7.bin
Binary file not shown.
BIN +4 Bytes (100%) bin/ibss-flash-nor-shellcode.bin
Binary file not shown.
Binary file not shown.
BIN +528 Bytes bin/usb_0xA1_2_arm64.bin
Binary file not shown.
BIN +292 Bytes bin/usb_0xA1_2_armv7.bin
Binary file not shown.

10 comments on commit 2d0abd3

@angpug1

This comment has been minimized.

Copy link

angpug1 replied Sep 27, 2019

It's beautiful.
Thank you, you amazing human being.

@0njzy0

This comment has been minimized.

Copy link

0njzy0 replied Sep 27, 2019

Historic moment

@Bas83

This comment has been minimized.

Copy link

Bas83 replied Sep 27, 2019

Wow, this is gonna be big!

@dingelish

This comment has been minimized.

Copy link

dingelish replied Sep 27, 2019

Really amazing!

@Harkunwar

This comment has been minimized.

Copy link

Harkunwar replied Sep 27, 2019

Great job!

@SoKamil

This comment has been minimized.

Copy link

SoKamil replied Sep 28, 2019

I was here

@skykistler

This comment has been minimized.

Copy link

skykistler replied Sep 28, 2019

Well this is certainly going to change things for a while 🤔

@androidmalin

This comment has been minimized.

Copy link

androidmalin replied Sep 28, 2019

Good job

@smokinjs247

This comment has been minimized.

Copy link

smokinjs247 replied Sep 29, 2019

Beautiful job thank you sir
And very much appreciate you leaving it free to public cus it’s not fair to be ripped off on a phone and apple say well to bad no info no working phone I believe there should’ve always been an option to skip Accessing one account there should be an option or should’ve beenTo start the device fresh android phones are the same way so they’re not any more vulnerable to being stolen

I personally don’t use it for incriminating shit but I can Google bypass a phone within 30 minutes of having it doesn’t make it any more tempting to rob /steal off someone. That card still falls under being scum and I don’t believe in it

The work and time you have invested to make this possible is a blessing to honest people that got treated like a theif by apple
Suck it apple

@SergeWinters

This comment has been minimized.

Copy link

SergeWinters replied Oct 3, 2019

A commit to be remembered..!

Please sign in to comment.
You can’t perform that action at this time.