Explore the intricacies of iOS jailbreaking and the checkm8 vulnerability in this comprehensive conference talk from NULLCON Goa 2020. Delve into the development of pongoOS, a modular pre-boot execution environment for iOS devices, and understand the challenges faced in creating jailbreak tools for non-macOS platforms. Learn about the unfixable SecureROM vulnerability affecting millions of iPhones, its impact on Apple's Secure Boot model, and how it enables full control over the application processor. Gain insights into building an iOS jailbreak from scratch, exploiting a use-after-free vulnerability in Apple's SecureROM, and the techniques used for reliable exploitation. Discover the speaker's background in reverse engineering, iOS security research, and his contributions to major jailbreaking projects and open-source initiatives.
Overview
Syllabus
Intro
whatis SecureROM
whatis Secure Boot
DFU Protocol
USB Control Transfer
USB and DFU
The bug
Practical Trigger
SecureROM Exploitation (A8, A9)
Bootkit Development
Jailbreak Development
wen ela Linux version?? Why did Linux support take so long?
wen eta Windows version??
So, what's new?
What's pongoOS?
Demo - Windows
Demo - Android (project sandcastle)
Taught by
nullcon
