|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "T8012"
(Release exploit) |
|||
| Line 66: | Line 66: | ||
==Bootrom Exploits== |
==Bootrom Exploits== |
||
| − | The T8012 uses Bootrom version [[Bootrom_3401.0.0.1.16]] which is vulnerable to [[checkm8]]. |
+ | The T8012 uses Bootrom version [[Bootrom_3401.0.0.1.16]] which is vulnerable to [[checkm8]]. A fork of [[checkm8]] with support for the t2 exists at [https://github.com/h0m3us3r/ipwndfu h0m3us3r]. The adaption of checkm8 was performed by [[t8012 checkm8]] by brute forcing the various locations from ROM. The copyright string reads <code>SecureROM for t8012si, Copyright 2007-2016, Apple Inc</code>, for version [[Bootrom_3401.0.0.1.16]]. |
[https://twitter.com/axi0mX/status/1182915286858522624 axi0mX T2 support tweet] |
[https://twitter.com/axi0mX/status/1182915286858522624 axi0mX T2 support tweet] |
||
Revision as of 06:42, 7 March 2020
T8012 is the CPU introduced in the second-generation iBridge processor, the processor found on the iMac Pro, and used on all subsequent T2 enabled Mac products.
Enabled Mac Products
Devices sourced from [1]
| iBridge Product ID | Board ID | Board Minor | Description (Product ID) |
|---|---|---|---|
| iBridge2,1 | j137ap | 0x0A | Apple T2 iMacPro1,1 (j137) |
| iBridge2,3 | j680ap | 0x0B | Apple T2 MacBookPro15,1 (j680) |
| iBridge2,4 | j132ap | 0x0C | Apple T2 MacBookPro15,2 (j132) |
| iBridge2,5 | j174ap | 0x0E | Apple T2 Macmini8,1 (j174) |
| iBridge2,6 | j160ap | 0x0F | Apple T2 MacPro7,1 (j160) |
| iBridge2,7 | j780ap | 0x07 | Apple T2 MacBookPro15,3 (j780) |
| iBridge2,8 | j140kap | 0x17 | Apple T2 MacBookAir8,1 (j140k) |
| iBridge2,10 | j213ap | 0x18 | Apple T2 MacBookPro15,4 (j213) |
| iBridge2,12 | j140aap | 0x37 | Apple T2 MacBookAir8,2 (j140a) |
| iBridge2,14 | j152f | 0x3A | Apple T2 MacBookPro16,1 (j152f) |
T2 Recovery USB Device ID
During the restore process, the T2 presents as a Restore Mode com.apple.recoveryd service, but uses the USB product ID of 0x8086 instead of the iPhone's 0x1290-0x12AF.[2]
Bootrom Exploits
The T8012 uses Bootrom version Bootrom_3401.0.0.1.16 which is vulnerable to checkm8. A fork of checkm8 with support for the t2 exists at h0m3us3r. The adaption of checkm8 was performed by t8012 checkm8 by brute forcing the various locations from ROM. The copyright string reads SecureROM for t8012si, Copyright 2007-2016, Apple Inc, for version Bootrom_3401.0.0.1.16.
|
This hardware article is a "stub", an incomplete page. Please add more content to this article and remove this tag. |
