|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Up to Speed"
m (moved Up to speed to Up to Speed) |
(adding a bunch of links that may be useful to the beginner) |
||
| Line 9: | Line 9: | ||
Think of iPhone as a little computer, even though Apple doesn't want you to. It has a [[S5L8900|processor]], RAM, a "[[NAND|hard drive]]", an operating system, and a [[Baseband Device|cellular modem]] on the serial port. |
Think of iPhone as a little computer, even though Apple doesn't want you to. It has a [[S5L8900|processor]], RAM, a "[[NAND|hard drive]]", an operating system, and a [[Baseband Device|cellular modem]] on the serial port. |
||
| + | === Ways to get started === |
||
| − | If you want to get started, first you should listen to the [[25C3 presentation "Hacking the iPhone"]]. This was in 2008, but it explains the basics in detail. You should also learn assembler for [[ARM]] processors. |
||
| + | * You can read about general exploitation techniques on Wikipedia, starting with [https://en.wikipedia.org/wiki/Vulnerability_(computing)#Software_vulnerabilities software vulnerabilities] and [https://en.wikipedia.org/wiki/Privilege_escalation privilege escalation]. |
||
| + | |||
| + | * Read the [[how to reverse]] page when you realize most of those tasks require reversing and you have no idea how. |
||
| + | |||
| + | * Learn assembler for [[ARM]] processors. |
||
| + | |||
| + | * Listen to the [[25C3 presentation "Hacking the iPhone"]]. This was in 2008, but it explains the basics in detail. |
||
| + | |||
| + | * Read [http://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123 ''iOS Hacker's Handbook''], published in May 2012: "The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it." |
||
| + | |||
| + | * [[i0n1c]] has given several presentations on iOS jailbreaking techniques, and there are PDFs of his slides available online, including: [https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf "iOS Kernel Exploitation"], [http://reverse.put.as/wp-content/uploads/2011/06/D2T1-Stefan-Esser-iPhone-Exploitation-One-ROPe-to-Bind-Them-All.pdf "iPhone Exploitation: One ROPe to bind them all?"], and [http://antid0te.com/CSW2012_StefanEsser_iOS5_An_Exploitation_Nightmare_FINAL.pdf "iOS 5: An Exploitation Nightmare?"]. He has also recommended a couple of books: [http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X ''The Shellcoder's Handbook''] and [http://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426 ''The Art of Software Security Assessment'']. You may also find it interesting to read [https://www.sektioneins.de/en/blog/13-07-03-trainingFrankfurt.html his outline for a workshop on developing kernel exploits] - note the requirements (knowing ARM assembly, ROP, buffer overflows, integer overflows; having access to IDA Pro, Hexrays, BinDiff). |
||
| + | |||
| + | * Check out [http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit this analysis of JailbreakMe 3.0] ([[Saffron]]). |
||
| + | |||
| + | * If you're interested in [[Baseband Device|baseband]] hacking and unofficial software unlocks, there are slides from a presentation by [[MuscleNerd]]: [http://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20MuscleNerd%20-%20Evolution%20of%20iPhone%20Baseband%20and%20Unlocks.pdf "Evolution of the iPhone Baseband and Unlocks"] (PDF). |
||
| + | |||
| + | * Members of the team that built [[Corona]] for iOS 5.0.1 gave presentations about it, and there are PDFs of their slides available here: [http://conference.hitb.org/hitbsecconf2012ams/materials/D2T2%20-%20Jailbreak%20Dream%20Team%20-%20Corona%20Jailbreak%20for%20iOS%205.0.1.pdf Corona for A4] and [http://conference.hitb.org/hitbsecconf2012ams/materials/D2T2%20-%20Jailbreak%20Dream%20Team%20-%20Absinthe%20Jailbreak%20for%20iOS%205.0.1.pdf Corona/Absinthe for A5]. |
||
| + | |||
| + | * Here's some analysis of [[evasi0n]] [http://blog.accuvantlabs.com/blog/bthomas/evasi0n-jailbreaks-userland-component from Accuvant Labs] and [http://blog.azimuthsecurity.com/2013/02/from-usr-to-svc-dissecting-evasi0n.html from Azimuth Security], along with [http://www.forbes.com/sites/andygreenberg/2013/02/05/inside-evasi0n-the-most-elaborate-jailbreak-to-ever-hack-your-iphone/ a high-level explanation from planetbeing]. The evad3rs team gave [https://conference.hitb.org/hitbsecconf2013ams/materials/D2T1%20-%20Pod2g,%20Planetbeing,%20Musclenerd%20and%20Pimskeks%20aka%20Evad3rs%20-%20Swiping%20Through%20Modern%20Security%20Features.pdf a presentation about evasi0n with slides available]. |
||
===Now=== |
===Now=== |
||
| − | * Read the [[timeline]] |
+ | * Read the [[timeline]]. |
* Read the [[unsolved problems]] page to see where you can help. |
* Read the [[unsolved problems]] page to see where you can help. |
||
| − | * Read the [[how to reverse]] page when you realize most of those tasks require reversing and you have no idea how. |
||
Revision as of 05:52, 7 September 2013
So, all of this sounds intimidating. Jailbreak, sign, secpack, unlock, baseband, iBoot, seczone, JailbreakMe, pwnage.
Don't worry, this should bring you up to speed.
- Activate - to bypass the required iTunes signup.
- Jailbreak - to allow full write and execute privileges on the iPhone, iPod touch, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPad and iPad2.
- Unlock - to allow the use of any mobile phone carrier's SIM.
Think of iPhone as a little computer, even though Apple doesn't want you to. It has a processor, RAM, a "hard drive", an operating system, and a cellular modem on the serial port.
Ways to get started
- You can read about general exploitation techniques on Wikipedia, starting with software vulnerabilities and privilege escalation.
- Read the how to reverse page when you realize most of those tasks require reversing and you have no idea how.
- Learn assembler for ARM processors.
- Listen to the 25C3 presentation "Hacking the iPhone". This was in 2008, but it explains the basics in detail.
- Read iOS Hacker's Handbook, published in May 2012: "The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it."
- i0n1c has given several presentations on iOS jailbreaking techniques, and there are PDFs of his slides available online, including: "iOS Kernel Exploitation", "iPhone Exploitation: One ROPe to bind them all?", and "iOS 5: An Exploitation Nightmare?". He has also recommended a couple of books: The Shellcoder's Handbook and The Art of Software Security Assessment. You may also find it interesting to read his outline for a workshop on developing kernel exploits - note the requirements (knowing ARM assembly, ROP, buffer overflows, integer overflows; having access to IDA Pro, Hexrays, BinDiff).
- Check out this analysis of JailbreakMe 3.0 (Saffron).
- If you're interested in baseband hacking and unofficial software unlocks, there are slides from a presentation by MuscleNerd: "Evolution of the iPhone Baseband and Unlocks" (PDF).
- Members of the team that built Corona for iOS 5.0.1 gave presentations about it, and there are PDFs of their slides available here: Corona for A4 and Corona/Absinthe for A5.
- Here's some analysis of evasi0n from Accuvant Labs and from Azimuth Security, along with a high-level explanation from planetbeing. The evad3rs team gave a presentation about evasi0n with slides available.
Now
- Read the timeline.
- Read the unsolved problems page to see where you can help.
