Difference between revisions of "User:Userlandkernel"

From The iPhone Wiki
Jump to: navigation, search
Line 11: Line 11:
 
* assetsd type-confusion
 
* assetsd type-confusion
 
* iBooks Denial-of-Service
 
* iBooks Denial-of-Service
- Shortcuts App, partial sandbox escape
+
* Shortcuts App, partial sandbox escape
   
 
== Current projects ==
 
== Current projects ==

Revision as of 16:55, 13 February 2020

About me

  • @userlandkernel on Twitter
  • Hacking stuff (literally anything, web / networks, vending machines, radio etc etc) since 2012
  • Love developing nerdy debug tools and documenting the unknown
  • Am more known for my interest in iOS
  • I am a fast learner
  • I like hardware based side channel attacks (CoreSight KTRW, WatchTower defeat with CPACR, Meltdown & Spectre)

Disclosed iOS Vulnerabilities

  • IOUSBFamily use after free
  • assetsd type-confusion
  • iBooks Denial-of-Service
  • Shortcuts App, partial sandbox escape

Current projects

  • Reverse engineering the NVME firmware
  • Flashing custom-made NVME firmware
  • Testing whether NVME firmware can turn off or alter IOMMU.
  • Research whether NVME can be a persistent side-channel to patching iBoot at SecureBoot time