iOS Dual Booting Demystified
Offered By: Black Hat via YouTube
Course Description
Overview
Delve into the intricacies of iOS dual booting in this comprehensive Black Hat conference talk. Explore the secure iOS boot process, including low-level component verification and boot-time process loading. Gain insights into reverse engineering techniques, common handlers, and supported commands. Learn about Kloader, Kernel Patch Protector, and IBootDebug. Understand additional mitigations like code signing, MCC, and sleep mode. Discover how to patch RAM disks, manipulate physical storage, and work with trust caches. Witness a live demonstration of booting a custom firmware image on an iOS device. Enhance your knowledge of iOS security and bootloader manipulation in this 51-minute presentation by Max Bazaliy.
Syllabus
Introduction
What is Dual Boot
Apple Secure Boot
Boot ROM
Boot Loaders
Hardware Mappings
Kernel
RAM Disk
Reverse Engineer
Common Handler
Supported Commands
Booting
Kloader
Kernel Patch Protector
IBoot
Debug
Relocate KLR
Go
KTR
KPP
XNU
Additional Mitigation
Code Sign
MCC
Sleep Mode
Static Maps
Patching
RAM Disk Patches
Physical Storage
Trust Cache
Combining all components
Booting the whole system
Demo
Discussion
Thanks
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube