This talk will be showcasing the work @coolStar and @tihmstar performed on jailbreaking iOS via a side-loaded app (and the challenges associated with jailbreaking newer iPhones models on newer iOS versions)

We will be discussing how Apple has enforced sandbox and code signing on iOS throughout the years and the way we have bypassed them: 

Code signing is used on iOS both to enforce Apple’s platform policies (ensure that only software provided by Apple [either as part of iOS, or from the App Store] runs), and that no code can be downloaded without being authorized by Apple.

• Sandbox is used on iOS to keep apps in a relatively isolated environment, to enforce that they can not modify or access anything else on the system.
• The two work in tandem to enforce platform security, as any 3rd party code without the right entitlements (which can only be granted by Apple) is kept sandboxed or is simply not run at all.

The talk walks the audience through the basics of iOS security, the requirements needed to break them and jailbreak the phone, as well as both mitigations Apple has added throughout the years (both in software and hardware) and the bypass we have used.

Encountered problems are outlined with their solutions and are fully described in the presentation.

The talk falls under the following topics:

• OS Kernel Exploitation
• Mobile Exploitation
• Mitigation Bypass Techniques (KTRR, CoreTrust, PAC, PPL)
• Software reverse engineering