Overview
Explore the intricacies of iOS 6 security and jailbreaking techniques in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the enhanced security features of iOS 6, including Kernel ASLR, protected kernel code pages, and reinforced heap structures. Learn about the discovery and exploitation of eight vulnerabilities that led to the public iOS 6 jailbreak. Examine the enforcement of Mandatory Code Signing and various approaches to payload injection, userland code triggering, and kernel exploitation. Gain insights from four renowned iOS security experts as they discuss modern security protections and methods to bypass them. Discover the technical details behind modifying apps, backup restoration, filesystem manipulation, code signing weaknesses, and real-world examples of exploiting iOS vulnerabilities.
Syllabus
Intro
Modifying the app
Backup restore
Mobile backup trick
Remount filesystem
Upload payload
File system
Code signing
No blobs
CSkill
Signature
Dependencies
AMFI
Weaknesses
Library Loading
DoID
Data Pages
Load Comments
Macro Header
MF ID
Wall Security
Real World Example
Binary
USB
Create Data
StopPipe
Address
CreateData
Header
Reference Code
Indirect
Exception Vectors
DataAbort Handler
ThreadException Handler
Questions
Taught by
Hack In The Box Security Conference