Háló Zsolt @ Deloitte CRS Jailbreak & Behind.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Vpn-info.com.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Dongyan Wang GlobalPlatform Technical Program Manager
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Introduction to Kernel
G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Case study 2 Android – Mobile OS.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
An Introduction to Device Drivers Sarah Diesburg COP 5641 / CIS 4930.
Presentation By Deepak Katta
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,
Computer and Information Sciences
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.
Mobile Device Security
Section 3.1: Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random.
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
4P13 Week 1 Talking Points. Kernel Organization Basic kernel facilities: timer and system-clock handling, descriptor management, and process Management.
Module 7: Managing the User Environment by Using Group Policy.
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
Operating Systems David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 432.
Android Security Auditing Slides and projects at samsclass.info.
An Introduction to Device Drivers Ted Baker  Andy Wang COP 5641 / CIS 4930.
Wireless and Mobile Security
The Unix File system (UFS) Presented by: Gurpreet Singh Assistant Professor Department of School of Computing and Engineering Galgotias University.
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
Trusted Operating Systems
Race conditions and synchronization issues Exploiting UNIX.
Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Chapter 2: The Linux System Part 2.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
By Collin Donaldson.   In conventional OS architectures, the user accesses the OS via an account that has certain privileges (admin, guest). They can.
Kyler Rhoades. What is Jailbreaking? History The evais0n Jailbreak How evais0n Works.
2Operating Systems  Program that runs on a computer  Manages hardware resources  Allows for execution of programs  Acts as an intermediary between.
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.
Hardware-rooted Trust for Secure Key Management & Transient Trust
Introduction to Kernel
Trusted Computing and the Trusted Platform Module
WELCOME Mobile Applications Testing
ABYSS : An Architecture for Software Protection
Chapter 1: Introduction
Trusted Computing and the Trusted Platform Module
Outline What does the OS protect? Authentication for operating systems
Outline What does the OS protect? Authentication for operating systems
NEED OF JAILBREAKING IN IOS PENETRATION TESTING
Introduction to the Kernel and Device Drivers
Device Guard: AppLocker on steroids
Chapter 14: Protection.
TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh
An Introduction to Device Drivers
Chapter 2: The Linux System Part 2
COMPSCI210 Recitation 5 Oct 2012 Vamsi Thummala
Sai Krishna Deepak Maram, CS 6410
CS-3013 Operating Systems Hugh C. Lauer
Reverse engineering through full system simulations
SCONE: Secure Linux Containers Environments with Intel SGX
Outline Operating System Organization Operating System Examples
O/S Organization © 2004, D. J. Foreman.
O/S Organization © 2004, D. J. Foreman.
Preventing Privilege Escalation
Presentation transcript:

Háló Zsolt @ Deloitte CRS Jailbreak & Behind

Why iOS is „secure” by design? Filesystem SOFTWARE Kernel Secure Enclave Secure Element HARDWARE Crypto Engine Device Key Group Key Apple Root Cert

Secure Enclave Physically separate processor Own independent boot sequence Hardware based true random number generator Crypto operations necessary for seamless en/decryption of data Has the device ID fused into it @ manufacture time TNO (Trust No One paradigm)

Code Signing All apps must be signed by a signing cert that was issued by Apple Must be distributed via the Apple App Store (with some exception) Hash Private Key Signature Code to be signed Signing Certificate Signed code

Privilege Separation Process separation like in traditional UNIX file permission mechanism owner, user and group. Apps run as user “mobile” Critical stuff runs as “root” Limiting exploit damage

Sandboxing Further enforcing security than UNIX permissions Cannot modify each other's data (permission required) Can only access files in other sandbox via API-s

Jailbreaking Actively circumventing code signature checks and other OS security controls Tethered Untethered Can use all API-s Removing sanboxing restrictions You get a cool computer with a nice UI

Why should I care? Not my device/data ^^ Credential reuse of your users! API keys Connection strings/credentials Full infrastructure reverse

Detection methods File presence (Cydia.app, /bin/bash…) File permissions (/root has write access) Process forking (popen and fork returned pid) System Properties (symlinks from the small partation) dyld calls (dyld get image name, dyld image count) to check if certain dylibs are loaded Privileged action (System call or write outside of sandbox) SSH Loopback (if you can connect to 127.0.0.1:22)

Detection evasion Binary patching Dynamic hooking/instrumentation Temporary disable jailbreak xCon open source project, automagically hides the jailbroken status, usually  (good to test against)

Frida Ole André Vadla Ravnås https://www.frida.re/ Classdump 

Frida frida-trace -i "open*" -i "close*" Safari frida-trace -U -f com.app.to.test -I "libcommonCrypto*„

Suggestion Tie to the application Use separate lib a dependency for your app Obfuscate C++/C code Make it independent

Thanks \O/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.