Jailbreaking iOS - tihmstar
35c3 - Security - 12/28/2018
This talk aims to give a general overview of iOS Jailbreaking by starting at what jailbreaking was back in the days and how it evolved up until today, while also taking a quick look at how it might evolve in future.
Therefore the following topics are covered:
- Jailbreaking goals (technical)
- Types of jailbreak and it's origins (tethered, untethered, semi-tethered, semi-untethered)
- Exploit mitigations (ASLR, iBoot-level AES, KPP, KTRR, PAC)
- Kernel patches (h3lix)
- Kppless jailbreaks
The goal is to give an insight into the jailbreak terminology, exploit mitigations and how these are dealt with in past and modern jailbreaks.
I will give an introduction in jailbreak terminology and walk through the jailbreak history, thus presenting how iOS devices have been hacked/jailbroken in the past while focusing on what mitigations Apple added over the years.
Therefore i will discuss what effects these mitigations have on jailbreaking and how they were (and still are) dealt with.
This should be interesting for hackers new in the iOS game, as several technical aspects are covered, but also for people who jailbreak their devices and want to get a better understanding of what is happening under the hood of jailbreaks as well as what challenges hackers have to face and why things evoled the way they are right now.
This talk is structured somewhat similar to my previous talk 2 years ago "iOS Downgrading - From past to present".
Watching my previous talk is not neccessary for understanding this one, but is suggested to get a better overall image of iOS hacking.