logo
allArticlesConferencesPresentations

Booting the iOS Kernel to an Interactive Bash Shell on QEMU

Conference:  BlackHat EU 2019

2019-12-04

Summary

The presentation discusses a research project that aims to create a virtualized iOS environment for security research purposes.
  • The project involves creating a virtualized iOS environment for security research purposes
  • The virtualized environment is created using an emulator and a custom kernel
  • The project aims to support more iOS versions and devices, as well as implement IP communication and support for non-RAM disk disks
  • The presentation includes a demonstration of how the project can be used to research vulnerabilities
  • The presenter does not expect any legal difficulties with Apple
The presenter demonstrates how the project can be used to research vulnerabilities by showing how a voucher swap vulnerability can be exploited in the virtualized environment

Abstract

Booting the iOS kernel on QEMU with an interactive bash shell and a live debugger attached to the kernel. A major step forward in the direction of having a full iOS open source system emulator on QEMU. The research details and demo will be presented in this talk.
Materials:
Slides
Paper
Tags:

Post a comment

Related work

TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator

Conference:  Black Hat USA 2022
Authors:
2022-08-11

ECMO: Rehost Embedded Linux Kernels via Peripheral Transplantation

Conference:  BlackHat USA 2021
Authors:
2021-11-11

Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime

Conference:  Defcon 27
Authors:
2019-08-01

Everything has Changed in iOS 14, but Jailbreak is Eternal

Conference:  BlackHat USA 2021
Authors:
2021-08-05

All You Ever Wanted to Know about the AMD Platform Security Processor and were Afraid to Emulate - Inside a Deeply Embedded Security Processor

Conference:  BlackHat USA 2020
Authors:
2020-08-05

To Flexibly Tame Kernel Execution With Onsite Analysis

Conference:  Black Hat USA 2022
Authors:
2022-08-10