BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

iOS Jailbreak Internals - Userland Read-Only Memory Can Be Dangerous

Black Hat via YouTube

Start learning Write review

Overview

Limited-Time Offer: Up to 75% Off Coursera Plus!
7000+ certificate courses from Google, Microsoft, IBM, and many more.
India: 75% Off World: 40% Off
This course aims to teach the dangers of userland read-only memory in iOS jailbreak internals. The learning outcomes include understanding userland memory sharing, breaking the trust boundary, and exploiting DMA vulnerabilities. The course covers skills such as DMA overview, IOMMU, IOSurface, and IOSurfaceAccelerator. The teaching method involves a detailed exploration of low-level implementation and practical exploitation techniques. The intended audience for this course is individuals interested in iOS security, memory management, and vulnerability research.

Syllabus

Intro
Userland read-only memory mappings
Userland memory sharing in ios
Breaking the trust boundary
DMA overview
IOMMU(input/output memory management unit) and DART
Host-to-device DMA and device-to-host DMA
Long distance remote attack?
Indirect userland DMA
IOSurface and IOSurfaceAccelerator
Low level implementation of IOSurfaceAccelerator
IOSurfaceAccelerator TransferSurface Internals
Map IOSurface buffer via DMA
Obtain the IOSurface address in IOSpace
Start the scaler
IOMMU memory protection
Apple Graphics workflow
GPU notification architecture
Stamp address array
IOAccelEvent object
1. The DMA mapping vulnerability
2. The out-of-bound write vulnerability
Exploitability
Craft memory layout
Feasibility of memory layouting
Arbitrary read and write?
First attempt to exploit
KASLR bypass
Code execution
Overall exploit workflow
Post exploitation
Conclusion

Taught by

Black Hat

Reviews

Start your review of iOS Jailbreak Internals - Userland Read-Only Memory Can Be Dangerous

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.