This talk will be showcasing the work @coolStar and @tihmstar performed on jailbreaking iOS via a side-loaded app (and the challenges associated with jailbreaking newer iPhones models on newer iOS versions)

We will be discussing how Apple has enforced sandbox and code signing on iOS throughout the years and the way we have bypassed them: 

Code signing is used on iOS both to enforce Apple’s platform policies (ensure that only software provided by Apple [either as part of iOS, or from the App Store] runs), and that no code can be downloaded without being authorized by Apple.

  • Sandbox is used on iOS to keep apps in a relatively isolated environment, to enforce that they can not modify or access anything else on the system.
  • The two work in tandem to enforce platform security, as any 3rd party code without the right entitlements (which can only be granted by Apple) is kept sandboxed or is simply not run at all.

The talk walks the audience through the basics of iOS security, the requirements needed to break them and jailbreak the phone, as well as both mitigations Apple has added throughout the years (both in software and hardware) and the bypass we have used.

Encountered problems are outlined with their solutions and are fully described in the presentation.

The talk falls under the following topics:

  • OS Kernel Exploitation
  • Mobile Exploitation
  • Mitigation Bypass Techniques (KTRR, CoreTrust, PAC, PPL)
  • Software reverse engineering

About the speakers

@CoolStar, a reverse engineer focused on iOS, Windows & drivers is an expert in runtime modifications of software, working on Windows drivers and boot firmware (coreboot and UEFI), and reverse engineering drivers. 

CoolStar Previously worked on jailbreaking all Apple products, starting with 5S up until recent models.

@Tihmstar is a vulnerability researcher, focused on mobile with a hobby of hacking iOS devices. 

Tihmstar worked on jailbreaking iOS devices including iPhone, iPad, iPod, Apple Watch and Apple TV covering a wide range of devices from old ones like iPhone4s up to the most recent ones including iPhone12 pro.