Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Pangu 9 Internals

Black Hat via YouTube

Overview

Explore the inner workings of the Pangu 9 untethered jailbreak tool for iOS 9 in this 47-minute Black Hat conference talk. Delve into the sequence of vulnerabilities exploited in the iOS userland to achieve arbitrary code execution in the kernel and persistent code signing bypass. Discover the logical error in a system service that allows container apps to gain arbitrary file read/write privileges. Learn how Pangu 9 leverages the system debugging feature to execute code outside the sandbox. Examine the vulnerability in the dyld_shared_cache file loading process that enables persistent code signing bypass. Investigate the backup-restore process vulnerability that permits execution of apps signed by revoked enterprise certificates without user approval. Gain insights into iOS jailbreaking techniques, dynamic libraries, TeamID validation, and kernel patching through this comprehensive exploration of iOS security vulnerabilities and exploitation methods.

Syllabus

Introduction
Outline
About us
iOS
Jailbreak
Tradeoff
Dynamic Libraries
TeamID Validation
AnyAgent
iOS 83
Challenges
Userland
XP
API
Entitlement
Fortisbox
Pangu Agent
Jailbreak iOS 91
Jailbreak iOS 93
Kernel Patch
Sandbox Extension
Debugger
Attacks
Code Audit
Shared Cache
Kernel
Conclusion

Taught by

Black Hat

Reviews

Start your review of Pangu 9 Internals

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.