YoVDO

iOS Dual Booting Demystified

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Reverse Engineering Courses

Course Description

Overview

Delve into the intricacies of iOS dual booting in this comprehensive Black Hat conference talk. Explore the secure iOS boot process, including low-level component verification and boot-time process loading. Gain insights into reverse engineering techniques, common handlers, and supported commands. Learn about Kloader, Kernel Patch Protector, and IBootDebug. Understand additional mitigations like code signing, MCC, and sleep mode. Discover how to patch RAM disks, manipulate physical storage, and work with trust caches. Witness a live demonstration of booting a custom firmware image on an iOS device. Enhance your knowledge of iOS security and bootloader manipulation in this 51-minute presentation by Max Bazaliy.

Syllabus

Introduction
What is Dual Boot
Apple Secure Boot
Boot ROM
Boot Loaders
Hardware Mappings
Kernel
RAM Disk
Reverse Engineer
Common Handler
Supported Commands
Booting
Kloader
Kernel Patch Protector
IBoot
Debug
Relocate KLR
Go
KTR
KPP
XNU
Additional Mitigation
Code Sign
MCC
Sleep Mode
Static Maps
Patching
RAM Disk Patches
Physical Storage
Trust Cache
Combining all components
Booting the whole system
Demo
Discussion
Thanks


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube