Skip to content

A6 BootROM

Organized by: Wesley Lipscomb

Wesley's Photo

THE STORY:

-Some Background Info

Thanks for taking the time to read this. My name is Wesley. I am working to become one of the best programmers out there. One of my primary interests is Apple's iOS operating system. Specifically for the iPhone, as it tends to be a main device for many people, but I do work with all iOS devices. I'll just cut to the chase without getting too technical.

-Apple's Restrictions

iOS devices are arguably the fastest, smoothest, and most efficient mobile devices ever. They would be the absolute best but they have one major flaw. Apple has placed heavy restrictions on these devices, and while some of these restrictions are understandable, and even helpful, other restrictions do nothing more than limit the potential of iOS devices. The most direct response to this issue would be to jailbreak, but that isn't exactly what i'm getting at here.

-What I Have Now

After messing around with an iPhone 5 that my relative let me use for a little while, I stumbled upon a "back door" in the iBoot level of the iOS boot chain.

-Some Context

In short, when an iOS device boots up, it goes through several layers of code, with each layer being excecuted by the layer below it, untill you finally reach your lockscreen. Apple has this entire process locked down tight in order to maintain its restrictions on iOS.

-More Details

I'll give a simplified explanation. The first layer is the BootROM, which is also called the SecureROM. This code is stored in a read-only section of the device, which means apple can't edit this code. The BootROM loads the layer called iBoot. iBoot is the first re-writable code that runs when booting. iBoot is where firmware related code is executed, such as restoring and loading the firmware. iBoot then loads the firmware, which is what brings us to our lockscreen.

-Regular Solutions Aren't Permanent

Traditionally, programmers aim to modify iOS at the firmware layer to remove the restrictions imposed by Apple, Usually resulting in what is called a "Jailbreak." While this does somewhat accomplish the goal of removing restrictions, it is limited at best, and is also temporary.

-What Makes This Different

Any modifications made to iOS or the boot process, with the exception of changes made to the BootROM layer, are prompty removed by apple in the next firmware update, which reinstates these restrictions. What I have currently is a way to modify the code in the iBoot layer. This allows for much more than a standard Jailbreak. Modifying the iBoot layer allows devices to downgrade its firmware, upgrade to a specific firmware that is not currently available, modify the rest of the boot process, recover precious data from a locked or broken device, and so much more! These are the privledges a device can obtain when using a back door in the iBoot or the BootROM layer.

-Why I'm Not There Yet

While I do have something on the iBoot level, this isn't enough. The iBoot and the BootROM basically allow for the same capabilities, but theres one major difference. The iBoot layer can be modified by Apple at any given moment, but the BootROM, by design, cannot by modified by Apple at all.

-Specifically Why I Need Funding

Unfortunately, my iBoot trick has actually been closed in the latest firmware, but there is still hope! I have located an iPhone 5 on eBay with a firmware on it that is still susceptible to my iBoot trick. Using this iBoot trick, I can research the inner workings of the BootROM on devices with an A6 processor. If successful, all A6 Devices will have the privledges I stated above!

-This Can Apply to The Newest Devices Too!!!

In addition to A6 Devices, if the code in the BootROM layer of A7 devices is similar enough to the code in A6 Devices, The newest devices will also have these provledges! Please help me reach my goal so I can continue my research. This could benefit everyone with an iOS device!

$0

MONEY RAISED
  •  
  •  
  •  
Organized by

Wesley Lipscomb

This is a direct to organizer fundraiser.

Donor Comments

Wesley is still setting up this fundraiser so please check back so you can support A6 BootROM.

Report this page — Let Us Know if you think this page is breaking the law or the CrowdRise Terms