Delve into the intricacies of iOS dual booting in this comprehensive Black Hat conference talk. Explore the secure iOS boot process, including low-level component verification and boot-time process loading. Gain insights into reverse engineering techniques, common handlers, and supported commands. Learn about Kloader, Kernel Patch Protector, and IBootDebug. Understand additional mitigations like code signing, MCC, and sleep mode. Discover how to patch RAM disks, manipulate physical storage, and work with trust caches. Witness a live demonstration of booting a custom firmware image on an iOS device. Enhance your knowledge of iOS security and bootloader manipulation in this 51-minute presentation by Max Bazaliy.
Overview
Syllabus
Introduction
What is Dual Boot
Apple Secure Boot
Boot ROM
Boot Loaders
Hardware Mappings
Kernel
RAM Disk
Reverse Engineer
Common Handler
Supported Commands
Booting
Kloader
Kernel Patch Protector
IBoot
Debug
Relocate KLR
Go
KTR
KPP
XNU
Additional Mitigation
Code Sign
MCC
Sleep Mode
Static Maps
Patching
RAM Disk Patches
Physical Storage
Trust Cache
Combining all components
Booting the whole system
Demo
Discussion
Thanks
Taught by
Black Hat
