Difference between revisions of "Up to Speed"

From The iPhone Wiki
Jump to: navigation, search
(adding more links)
(Ways to get started: fixed title)
Line 16: Line 16:
 
* Listen to the [[25C3 presentation "Hacking the iPhone"]]. This was in 2008, but it explains the basics in detail.
 
* Listen to the [[25C3 presentation "Hacking the iPhone"]]. This was in 2008, but it explains the basics in detail.
   
* See [http://techchannel.att.com/play-video.cfm/2013/1/8/Conference-TV-CSAW-THREADS-2012-iOS-Jailbreak-Analysis the presentation "Analysis of the iOS Development Community"] by Dino Dai Zovi in November 2012.
+
* See [http://techchannel.att.com/play-video.cfm/2013/1/8/Conference-TV-CSAW-THREADS-2012-iOS-Jailbreak-Analysis the presentation "Strategic Analysis of the iOS Jailbreaking Development Community"] by Dino Dai Zovi in November 2012.
   
 
* [[i0n1c]] has given several presentations on iOS jailbreaking techniques, and there are PDFs of his slides available online, including: [https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf "iOS Kernel Exploitation"], [http://reverse.put.as/wp-content/uploads/2011/06/D2T1-Stefan-Esser-iPhone-Exploitation-One-ROPe-to-Bind-Them-All.pdf "iPhone Exploitation: One ROPe to bind them all?"], and [http://antid0te.com/CSW2012_StefanEsser_iOS5_An_Exploitation_Nightmare_FINAL.pdf "iOS 5: An Exploitation Nightmare?"]. He has also recommended a couple of books: [http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X ''The Shellcoder's Handbook''] and [http://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426 ''The Art of Software Security Assessment'']. You may also find it interesting to read [https://www.sektioneins.de/en/blog/13-07-03-trainingFrankfurt.html his outline for a workshop on developing kernel exploits] - note the requirements (knowing ARM assembly, ROP, buffer overflows, integer overflows; having access to IDA Pro, Hexrays, BinDiff).
 
* [[i0n1c]] has given several presentations on iOS jailbreaking techniques, and there are PDFs of his slides available online, including: [https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf "iOS Kernel Exploitation"], [http://reverse.put.as/wp-content/uploads/2011/06/D2T1-Stefan-Esser-iPhone-Exploitation-One-ROPe-to-Bind-Them-All.pdf "iPhone Exploitation: One ROPe to bind them all?"], and [http://antid0te.com/CSW2012_StefanEsser_iOS5_An_Exploitation_Nightmare_FINAL.pdf "iOS 5: An Exploitation Nightmare?"]. He has also recommended a couple of books: [http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X ''The Shellcoder's Handbook''] and [http://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426 ''The Art of Software Security Assessment'']. You may also find it interesting to read [https://www.sektioneins.de/en/blog/13-07-03-trainingFrankfurt.html his outline for a workshop on developing kernel exploits] - note the requirements (knowing ARM assembly, ROP, buffer overflows, integer overflows; having access to IDA Pro, Hexrays, BinDiff).

Revision as of 10:22, 25 September 2013

So, all of this sounds intimidating. Jailbreak, sign, secpack, unlock, baseband, iBoot, seczone, JailbreakMe, pwnage - there are lots of terms to learn, but most of them are defined here on the wiki. The basics:

  • Activation - to bypass the required iTunes signup.
  • Jailbreak - to allow full write and execute privileges on the iPhone, iPod touch, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPad and iPad2.
  • Unlock - to allow the use of any mobile phone carrier's SIM.

Think of iPhone as a little computer, even though Apple doesn't want you to. It has a processor, RAM, a "hard drive", an operating system, and a cellular modem on the serial port.

Ways to get started

  • Read iOS Hacker's Handbook, published in May 2012: "The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it."
  • If you want to really get started, learn assembler for ARM processors. Open Security Training has "Introduction to ARM" materials, for example.

Now