Understanding the Checkm8

The introduction of Checkm8

What’s checkm8?

Checkm8 is a bootrom exploit that affects many Apple devices. Checkm8 takes advantage of a SecureROM (bootrom) vulnerability, a read-only memory sector that boots the device upon turning it on. Because the bootrom cannot be updated or patched by Apple in a software update, the Checkm8 exploit is an unpatchable, permanent hardware bug on affected devices.

Because the bootrom is read-only and cannot be modified after the device leaves the factory, this exploit enables persistent low-level access for security researchers, jailbreak developers, and forensic analysts. It allows for actions such as jailbreaking, bypassing certain security restrictions, and accessing data for forensic extraction while requiring physical access to the device.

The application of Checkm8

Applications of Checkm8: Activation Lock Bypass, Jailbreaking, and Data Extraction

The Checkm8 exploit enables several important practical applications in security research, device forensics, and advanced device management on Apple devices. Key use cases include:

Jailbreaking:

• Allows users and researchers to bypass Apple’s software restrictions.
• Enables installation of unauthorized apps, system customizations, and access to system files.
• Checkm8-based jailbreaks persist across firmware versions due to targeting the SecureROM.

Activation Lock Bypass:

• Activation Lock is designed to prevent unauthorized access to an Apple device linked to an Apple ID.
• Checkm8-based tools can bypass Activation Lock when legally authorized, enabling forensic access to locked devices.
• Useful for investigators to access devices without the associated Apple ID credentials.

Data Extraction and Forensics:

• Facilitates the extraction of user data and system files from locked devices for forensic analysis.
• Allows retrieval of critical evidence in lawful investigations where the device is locked or encrypted.
• Enables low-level device analysis without requiring the passcode.

Important Note: Checkm8 requires physical access to the device to execute, which limits its misuse in remote attacks while making it valuable for legitimate research and forensics.

A Technical Overview of How Checkm8 Works

Exploitation Point: SecureROM / BootROM Stage

Device boot sequence:

1. ROM (SecureROM / BootROM): The first piece of code executed during device boot-up, responsible for verifying and loading the subsequent iBoot.

2. iBoot: Apple’s proprietary bootloader responsible for verifying and loading the system kernel.

3. Kernel: The core of the iOS operating system.

4. OS: Refers to the non-kernel components of the iOS system, including the user interface, background services, and supporting frameworks.

iPhone’s Boot Sequence

Checkm8 targets the BootROM stage because:

• It exists at the hardware level and cannot be updated.

• By exploiting a vulnerability in SecureROM to gain code execution, it becomes possible to inject subsequent jailbreak loaders (such as checkra1n).

Technical Core: USB DFU Mode Heap Overflow

Checkm8’s key exploitation pathway:

• DFU (Device Firmware Update) mode
• A length-check insufficiency during USB control request handling in BootROM.
• By crafting specific USB control requests, attackers can trigger a heap overflow, overwrite critical structures, and control execution flow.

In practice:

• Attackers send specially crafted USB configuration requests with specific sizes and arrangements.
• This triggers the overflow within SecureROM, allowing function pointers or return addresses to be overwritten.
• Once arbitrary code execution is achieved, the attacker can patch memory to place the device in a controllable state.

Limitations of Checkm8

• Requires physical access to the device and entering DFU mode; it cannot be exploited remotely.

• The exploit state is lost upon reboot, requiring re-exploitation each time.

• Only affects A5 to A11 chips, and A12 (iPhone XS/XR), A13 (iPhone 11), and newer chips are not affected.