Where did they get the code for SecureROM? Also, why is the ROM code so large, I thought the BootROM should contain the minimal code to boot from flash memory and that's all.
Some were dumped via known exploits, but I don't know how A12/A13 were dumped in the first place. I'd guess someone got code exec via fault injection and dumped it out that way, or perhaps just a privately known vuln.
iBoot source code has also been leaked, in the past.
Do you want to break out a flash programmer and disassemble the entire smartphone whenever someone bricks it via firmware?
If not, you need to have unbrick-capable DFU straight in BootROM.
Which typically means: ROM code that carries an entire USB stack, as well as means of validating and booting executables from the USB stack.
An alternative would be to have BootROM recovery off MicroSD, but, iPhone lmao. They didn't chase the trend of "no expandable storage" - they created it.
Some were dumped via known exploits, but I don't know how A12/A13 were dumped in the first place. I'd guess someone got code exec via fault injection and dumped it out that way, or perhaps just a privately known vuln.
iBoot source code has also been leaked, in the past.