Dive into the world of iOS 11 jailbreaking with this 40-minute conference talk from Derbycon 2018. Explore the journey from novice to kernel hacker in just two weeks, covering topics such as XNU micro history, kernel tasks and ports, exploit chains, and the intricacies of jailbreaking. Learn about information leaks, running unsigned code, and overcoming sandbox limitations. Gain insights into the TEPO Kernel Codex and the Async Wake exploit chain, and understand the process of achieving root access and platformizing. Perfect for those interested in iOS security and jailbreaking techniques.
Overview
Syllabus
Intro
XNU micro history
Warning
The kernel isn't complicated
XNU Tasks
XNU Ports
Leading up to the exploit
TEPO Kernel Codex
Information Leak (CVE-2017-13865)
Async Wake exploit chain // Getting TEPO
Running the exploit
Jailbreaking
Getting root
Platformizing
Sandbox limitations - recap
Running unsigned or self-signed code
Conclusion
