Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Optimized Fuzzing IOKit in iOS

Black Hat via YouTube

Overview

Explore an advanced approach to optimizing IOKit fuzzing in iOS through a Black Hat conference talk. Delve into techniques for dynamically resolving symbols and parameter information using a kernel patch, overcoming the challenges posed by symbol hiding since iOS 7. Learn how to build an efficient fuzzing framework that generates inputs capable of passing basic parameter checks in IOKit interfaces. Discover methods for extracting valuable information from IOKit, including standard parameters and supplementary data. Examine the talk's coverage of vtable characteristics, metaclass layout, and KEXT functionality. Gain insights into client name retrieval, IOExternal Method Dispatch extraction, and complemental mechanisms. Study the architecture of a carrier fuzzing application and its key elements. Conclude with a real-world vulnerability case study, demonstrating the effectiveness of this optimized fuzzing approach for uncovering IOKit vulnerabilities in iOS.

Syllabus

Intro
Previous Research
Motivation Of Basic Information Extraction
Vtable Characteristic
MetaClass Layout
Functionality Provided by KEXT
Overwritten virtual methods symbolization
Example
Detail Steps
Retrieve Client Name
Extracting IOExternal Method Dispatch
Complemental Mechanism
Carrier
Fuzzing Application's Architecture
Fuzzing Elements
Unavailable interfaces Identification
Setup
Vulnerability Case #1

Taught by

Black Hat

Reviews

Start your review of Optimized Fuzzing IOKit in iOS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.