KTRW - The Journey to Build a Debuggable iPhone

Explore the journey of creating a debuggable iPhone using off-the-shelf devices in this 55-minute conference talk. Delve into the process of breaking KTRR, Apple's custom hardware mitigation designed to prevent kernel patches, and learn how to load a kernel extension enabling full-featured, single-step kernel debugging with LLDB on production iPhones. Discover the hardware debug registers on the iPhone X that allow low-level debugging of a CPU core at any point during operation. Follow the speaker's methodology for modifying register state to disable KTRR and remap the kernel as writable. Gain insights into the development of an iOS kext loader and the KTRW kernel extension for debugging the kernel with LLDB over USB. This talk is ideal for security researchers and iOS enthusiasts interested in advanced iPhone debugging techniques.

36C3 - KTRW: The journey to build a debuggable iPhone