Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The One Weird Trick SecureROM Hates

media.ccc.de via YouTube

Overview

Explore the intricacies of the unfixable Checkm8 vulnerability affecting millions of iPhones' SecureROM in this 39-minute conference talk from the 36C3 event. Dive deep into the process of building an iOS jailbreak from scratch by exploiting a use-after-free vulnerability in Apple's SecureROM. Learn about the DFU interface, the techniques used for exploitation, and how this vulnerability enables full control over the application processor. Discover the implications for security researchers, including the ability to enable debugging functionalities like JTAG. Analyze the root cause of the vulnerability, explore the challenges faced in creating a reliable jailbreak, and gain insights into future plans for this project. Cover topics such as SecureROM, Secure Boot, DFU Protocol, USB Control Transfer, practical trigger methods, Secure ROM Exploitation for A8 and A9 chips, Bootkit ELIS, Bootkit Development, and Jailbreak Development.

Syllabus

Intro
whoami
whoareus
whatis SecureROM
whatis Secure Boot
DFU Protocol
USB Control Transfer
USB and DFU
Practical Trigger
Secure ROM Exploitation (A8, A9)
Bootkit ELIS
Bootkit Development
Jailbreak Development
Future Plans

Taught by

media.ccc.de

Reviews

Start your review of The One Weird Trick SecureROM Hates

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.