Skip to content
/ checkm8 Public

Implementation of checkm8 BootROM exploit for iPhone 7 written in C

License

GPL-3.0 license
55 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

matteyeux/checkm8

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

bin

bin

 
 

include

include

 
 

src

src

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

Repository files navigation

checkm8

C version of checkm8 exploit

Support

This has been tested on an iPhone 7 on a Linux host. Some USB controllers may not work.

Build

Install libusb and run make :

λ ~/checkm8(master) » make
gcc -I. -g -Wall -Wextra -c src/checkm8.c -o src/checkm8.o
gcc -I. -g -Wall -Wextra -c src/usbexec.c -o src/usbexec.o
gcc -I. -g -Wall -Wextra -c src/main.c -o src/main.o
gcc src/checkm8.o src/usbexec.o src/main.o -o checkm8 -lusb-1.0

Run

Run checkm8 as root and make sure you are in the root directory of this project. If not, the tool won't find the payloads.

λ ~/checkm8(master) » sudo ./checkm8
[i] CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:00XXXXXXXXXXXXXX IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
[i] heap grooming
[i] preparing for overwrite
[i] sending overwrite
[i] sending payload
[i] reseting device...
[i] CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:00XXXXXXXXXXXXXX IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[checkm8]
[+] device is now in pwned DFU mode

Credits

  • axi0mx for checkm8 BootROM exploit
  • synackuk for some usbexec stuff
  • Gregor Haas : A10 payloads

About

Implementation of checkm8 BootROM exploit for iPhone 7 written in C

Resources

Readme

License

GPL-3.0 license
Activity

Stars

55 stars

Watchers

4 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages