usbliter8: Exploiting the DWC2 USB DMA Bug in Apple's BootROM

In this video, we dive into usbliter8, a novel BootROM vulnerability discovered by the Paradigm Shift team that compromises the boot-chain of Apple A12, S4/S5, and A13 SoCs. We break down the underlying hardware bug found in the Synopsys DWC2 USB controller. By analyzing how the device handles USB Setup packets, we explain how a mismatch in pointer increments during consecutive transactions leads to a 12-byte DMA buffer underflow. The video explores the complex exploitation techniques required to gain Program Counter (PC) control. We look at the straightforward approach on the A12 chip via stack overwrites, and the much more complex, multi-step heap corruption strategy needed to bypass Pointer Authentication (PAC) mitigations on the A13 chip. Finally, we cover the post-exploitation process, demonstrating how the exploit transitions to privileged EL1 mode, manipulates the boot trampoline, and even utilizes a full ROM restart from SRAM on A13 devices to maintain control. Because this vulnerability resides in immutable BootROM code, it cannot be patched via software updates, leaving these specific devices permanently susceptible. However, we also discuss how Apple's Secure Enclave Processor (SEP) still maintains a critical security boundary for user data. #usbliter8 #iPhoneExploit #SecureROM #BootROM #CyberSecurity #AppleA13 #DMAExploit #Vulnerability #Infosec #ParadigmShift