Skip to content

cxdxn1/hardbird_attack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
PongoOS @ 1c73c83
PongoOS @ 1c73c83
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
hardbird.c
hardbird.c
 
 
pongo.h
pongo.h
 
 

Repository files navigation

hardbird_attack

PoC showcasing the SEPROM hardbird attack on Apple A7 SoCs by getting TZ r/w.

Usage

Compile the hardbird_attack Pongo module:

git clone https://github.com/cxdxn1/hardbird_attack/
cd hardbird_attack
make all

Use my PongoOS fork (linked as a gitmodule) as it has a fix for non A10 devices where it uses a 4KB offset for calculating the mailbox register ptr instead of 16KB that stock Pongo uses:

git submodule update --init --recursive
cd PongoOS
make all

Boot Pongo with checkra1n-1337:

checkra1n-1337 -cpk build/Pongo.bin
cd scripts
make
./pongoterm

Then finally, send and run the hardbird_attack Pongo module within pongoterm:

/send <path-to-module>
modload hardbird_attack
hardbird_attack

Credits

Proteas - discovered the hardbird vulnerability

checkra1n - developed PongoOS, etc

TheRealClarity - helped me get started, helped me understand the vulnerability significantly and informed me about the mailbox register ptr issue + fix

Alfie - also helped me understand the vulnerability

License

This software is licensed under the MIT license.

About

PoC for the SEPROM hardbird attack on Apple A7 SoCs

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages