The Apple T2 security chip has finally been jailbroken! Here’s all you need to know about it.
The Apple T2 Security chip now has a jailbreak
The latest update of checkra1n adds support for bridgeOS – the operating system that powers the Apple T2 security chip.
For what it’s worth, the T2 chip is not A10 per se but it is derived from the Apple A10 Fusion architecture.
bridgeOS is a proprietary operating system created by Apple for its hardware. It is responsible for operating the Touch Bar and managing secure data.
Here’s what hacker Jamie Bishop had to say about this development.
With @checkra1n 0.11.0, you can now jailbreak the T2 chip in your Mac. An incredible amount of work went into this and it required changes at multiple levels.
There’s too many people to tag, but shoutout to everyone who worked on getting this incredible feature shipped.
— Jamie Bishop (@jamiebishop123) September 22, 2020
Since checkra1n is still in beta, there are a few issues you need to be aware of. Firstly, you might have to reconnect your device after jailbreaking for bootstrap upload.
Secondly, macOS takes over the USB connection and blocks communication after bootup.
If you are interested in jailbreaking the T2 chip, download checkra1n jailbreak v0.11 from this link.
What can a bridgeOS jailbreak be used for?
The T2 security processor and the Touch Bar can run while the operating system is shutdown.
Apparently, jailbreak tweak developers could develop tweaks for the Touch Bar if it gets Substrate support in the future.
At present, there are no publicly dumped headers available for bridgeOS. It lacks a MobileSubstrate port too. However, that could change in the future because it shares some of the components of watchOS and iOS frameworks.
Once we get Substrate working, tweaking and theming could become possible.
The ability to exploit the T2 processor could also allow you to bypass the anti-repair mechanism built into the Touch Bar. Further, it may allow hackers to get rid of the password or unlock MDM-locked systems.
As far as the OS goes, we could also add secure boot certificates like Microsoft’s secure boot signing or a self-signed Linux certificate.
It will definitely be interesting to see what the future holds for the T2 security chip following the release of checkra1n.
Don’t forget to follow us on Twitter and Facebook for the latest jailbreak news and updates.