This talk will be showcasing the work @coolStar and @tihmstar performed on jailbreaking iOS via a side-loaded app (and the challenges associated with jailbreaking newer iPhones models on newer iOS versions)
We will be discussing how Apple has enforced sandbox and code signing on iOS throughout the years and the way we have bypassed them:
Code signing is used on iOS both to enforce Apple’s platform policies (ensure that only software provided by Apple [either as part of iOS, or from the App Store] runs), and that no code can be downloaded without being authorized by Apple.
The talk walks the audience through the basics of iOS security, the requirements needed to break them and jailbreak the phone, as well as both mitigations Apple has added throughout the years (both in software and hardware) and the bypass we have used.
Encountered problems are outlined with their solutions and are fully described in the presentation.
The talk falls under the following topics:
About the speakers
@CoolStar, a reverse engineer focused on iOS, Windows & drivers is an expert in runtime modifications of software, working on Windows drivers and boot firmware (coreboot and UEFI), and reverse engineering drivers.
CoolStar Previously worked on jailbreaking all Apple products, starting with 5S up until recent models.
@Tihmstar is a vulnerability researcher, focused on mobile with a hobby of hacking iOS devices.
Tihmstar worked on jailbreaking iOS devices including iPhone, iPad, iPod, Apple Watch and Apple TV covering a wide range of devices from old ones like iPhone4s up to the most recent ones including iPhone12 pro.