"usbliter8" Cracked Every A12/A13 iPhone — And Apple Can't Ever Patch It

:mobile_phone: “usbliter8” Just Broke Open Every A12 & A13 iPhone — And Apple Literally Can’t Fix It

A hardware bug baked into the chip forever. No update saves you. And a $5 board unlocks the whole thing.

Affects A12 + A13 chips (iPhone XR, XS, 11, SE 2, iPad 8/9, Apple TV 4K) · Full proof-of-code dropped June 18, 2026 · Zero chance of a patch — ever

A research crew called Paradigm Shift published the whole thing, working demo included, after quietly telling Apple first. The flaw lives in the silicon itself — the tiny “startup brain” of the chip that runs before iOS even wakes up. You can’t patch a physical chip with a software update. So these phones stay crackable for the rest of their lives. Here’s the full write-up on 9to5Mac.

Soldering iPhone board GIF

Okay so. You know how Apple’s whole personality is “our security is a fortress, don’t even try”? Yeah. Somebody just found a hole in the fortress that’s part of the WALL ITSELF. Not a door they left unlocked — the actual bricks. And bricks don’t get software updates. I mean. Read that again. Apple can ship a hundred iOS updates and this thing still works. Are you hearing me right now?

🧩 Dumb Mode Dictionary (read this first, everything clicks)
Nerd word What it actually means
BootROM / SecureROM The chip’s “first breath.” A tiny bit of code physically burned into the silicon that runs the SECOND you power on — before the operating system. Read-only forever. That’s why this can’t be fixed.
Unpatchable Apple can’t send an update to fix it. The bug is in the metal, not the software. Permanent.
A12 / A13 The brains (processor) inside older iPhones/iPads from roughly 2018–2021. Millions still in pockets and drawers.
DFU mode A special “totally blank, listen to USB” state you put the phone in by holding buttons. The exploit only works from here.
RP2350 A $5 microchip (it’s the brain of the Raspberry Pi Pico 2). You flash the hack onto it, plug it into the phone, done.
Secure Enclave A SEPARATE mini-vault inside the chip that holds your passcode + fingerprint. Good news: this exploit does NOT crack it. Your locked data stays locked.
Jailbreak Removing Apple’s “you can only do what we allow” leash so you can run whatever you want.
🔧 What actually broke (the short version)
  • The exploit is nicknamed usbliter8. It abuses a real hardware flaw in the chip’s USB controller, combined with a firmware slip-up.
  • Because it’s a physical chip bug, there is no patch coming. Not now, not ever. These devices are exposed for life.
  • Affected brains: A12, A13 — plus the S4 and S5 (the chips in older Apple Watches).
  • It lets someone run their own code BEFORE iOS loads, skip Apple’s “is this software approved?” check, and boot custom stuff.
  • The technical breakdown is on The Hacker News if you want the gory details.
🛡️ The part that saves your butt (don't panic)

This is NOT a “hacker in another country steals your phone over wifi” situation. Big difference:

  • It needs physical hands on your device. Someone has to actually hold your phone, put it in DFU mode, and plug in a USB board.
  • It does NOT break the Secure Enclave — so your passcode, Face ID data, and encrypted files stay safe.
  • Translation: a random thief can’t drain your bank app. But anyone who owns the device (you!) can now do whatever they want with it. That’s the fun part.

Think of it like this: it’s not a lockpick for other people’s houses. It’s a master key for houses YOU already own but Apple wouldn’t give you the deed to.

📊 The receipts — which gadgets just got cracked open
Chip Devices in the blast radius
A12 iPhone XR, iPhone XS / XS Max, iPad Air 3, iPad mini 5, iPad 8, Apple TV 4K (2nd gen)
A13 iPhone 11 / 11 Pro / 11 Pro Max, iPhone SE (2nd gen), iPad 9th gen, Studio Display
S4 / S5 Apple Watch Series 4 & 5

That’s not some rare museum lineup. That’s hundreds of millions of devices — half of them sitting dead in a drawer right now. Yours included, probably. MacRumors has the full device list.

🗣️ What the timeline's saying
  • Old-school jailbreak fans are LOSING it — this is basically the sequel to the legendary checkm8 exploit from 2019, which cracked every older iPhone the exact same “can’t be patched” way. usbliter8 pushes that same magic two chip-generations forward.
  • Repair shops and right-to-repair folks are hyped — permanent low-level access means reviving “bricked” hardware Apple wanted you to toss.
  • Security nerds keep repeating the calm-down line: no Secure Enclave = no mass data theft. It’s a tinkerer’s dream, not a doomsday. The Hacker News thread is a goldmine of both hype and reality-checks.

Cool. A Dead iPhone in Your Drawer Just Became a Blank Canvas… Now What the Hell Do We Do? (ง •̀_•́)ง

Diy electronics tinkering GIF

Here’s the thing nobody’s saying out loud: there’s a giant pile of “worthless” old A12/A13 devices out there — people think they’re junk because Apple stopped caring. But a permanent unlock means junk becomes raw material. And you’re early. Let’s go.

🧟 The Zombie Phone Reviver

Everyone’s dumping “parts only” A12 iPhones and iPads for scraps because they’re old and locked to no carrier. But a forever-unlock means you can boot a clean, lightweight custom setup on them and flip them as retro handhelds, kids’ cameras, or dashboard players — no monthly plan needed.

:brain: Example: A 23-year-old tinkerer in Manila scoops “cracked screen, parts only” iPad 8s off Facebook Marketplace for ₱1,500 each, swaps the glass (₱600 kit), loads a stripped-down media/emulator setup via the checkra1n jailbreak scene, and resells them as “retro tablets” for ₱6,000. Net ~₱3,000 a unit, ~8 a week.

:chart_increasing: Timeline: First flip in ~10 days once you nail the screen swap. Stays juicy ~6–9 months until local resellers all catch on and cheap-device prices creep up.

🪛 Sell the Picks, Not the Gold

Everybody’s gonna want to try this, but 90% of normies freeze the second they hear “flash a microcontroller board.” So don’t unlock phones — sell the tool that does it. Pre-flash a $5 Raspberry Pi Pico 2 board with the exploit + a one-page printed guide, ship it as a plug-and-play “old-iPhone unlock dongle.”

:brain: Example: A hardware hobbyist in Poland buys Pico 2 boards in bulk (~€4), flashes them from the public proof-of-concept code, drops each in a bag with a QR-code setup video, and sells on Tindie and Etsy for €22. Costs ~€5 all-in. Move 40 a week, that’s ~€680/week clean.

:chart_increasing: Timeline: Sales spark the moment the how-to videos go viral (~2–3 weeks out). Expect a good 4–5 month run before a dozen copycats flood the same listings.

🕹️ The Junk-Drawer Kiosk Factory

An old iPad locked into ONE app is worth way more than a dead iPad. With permanent access you can nail a device to a single purpose — restaurant menu screen, gym check-in tablet, smart-home wall panel — and small businesses will pay for a “just works, never updates itself” unit.

:brain: Example: A college kid in Nairobi grabs dead iPad Air 3s for ~KSh 2,000, boots them into a locked-down single-app “kiosk mode,” and rents them to local cafés as digital menu boards for KSh 1,500/month per screen. Ten screens out = KSh 15,000/month recurring, hardware paid off in the first month. Guides on single-app kiosk setups are all over here.

:chart_increasing: Timeline: First paying café in ~3 weeks. Recurring rent can run for a year+ — the honest catch is you’re now on the hook for support calls, so cap it at ~20 screens solo.

📖 Be the Dictionary Before Anyone Else Is

A brand-new exploit means a brand-new pile of confusing steps, error messages, and “wait which button combo?” questions. Whoever writes the ONE clean, screenshot-heavy walkthrough owns the search traffic — and you can charge for the tidy version.

:brain: Example: A 21-year-old in Brazil spends a weekend turning the messy Paradigm Shift technical notes into a dead-simple illustrated PDF (“usbliter8 for total beginners”), sells it on Gumroad for $7, and seeds it in jailbreak subreddits + Discords. 300 sales in month one = ~$2,100 from one weekend of writing.

:chart_increasing: Timeline: Traffic peaks in the first 60 days while it’s fresh and confusing. Refresh it once when tools update, or it goes stale by month 4.

🚪 The Back-Room Security Sweep

Blackhat tone, white-hat move: TONS of small shops run their card readers, check-in tablets, and POS screens on exactly these old iPads. They have no clue a physical-access forever-crack now exists. Offer a paid “is your front-desk tablet exploitable?” audit before they find out the hard way.

:brain: Example: A 24-year-old IT freelancer in Indonesia DMs local gyms and clinics: “Your reception iPad uses a chip that just got permanently cracked — I’ll audit + lock it down for Rp 800,000.” Locking it down = disabling DFU access, physical port blockers, supervised-device settings. Five clients a week = Rp 4,000,000. Legit skill, MDM lockdown basics here.

:chart_increasing: Timeline: First client within days if you cold-DM hard. Demand stays warm for months as the news spreads to non-tech business owners last.

🛠️ Follow-Up Actions
Move First step (do it this week)
:zombie: Flip zombie devices Search “parts only iPad A12” on FB Marketplace, buy 2 cheap
:screwdriver: Sell unlock dongles Order 5 Pico 2 boards, list on Tindie
:joystick: Kiosk rentals Set one old iPad to single-app mode, pitch a local café
:open_book: Write the guide Draft the beginner PDF, publish on Gumroad
:door: Security sweeps Cold-DM 10 local shops running iPad front desks

:high_voltage: Quick Hits

You Want To… Do This
:magnifying_glass_tilted_left: Check if YOUR device is affected Match your chip on the MacRumors device list
:brain: Understand the actual bug Read the Hacker News technical breakdown
:joystick: Revive a dead old iPhone/iPad Start with the checkra1n jailbreak scene
:shield: Lock down a business tablet Disable DFU + apply Apple supervised settings
:books: Learn the history (checkm8) Skim the checkm8 Wikipedia page

Apple spent a decade telling you these phones were dead. Turns out they were just waiting for the right $5 chip.

1 Like