Low-level iOS forensics
iOS filesystem encryption and data protection mechanisms are now well documented and supported by many forensics tools. iOS devices use NAND flash memory as their main storage area, but physical imaging usually refers to a "dd image" of the logical partitions. The iOS Flash Translation Layer for current devices is ...read more
iOS 5 data protection updates
iOS 5 was released this week, and introduced some changes to the data protection features we described at HITB Amsterdam. This post highlights the updates made since iOS 4.
LwVM partition scheme
The GPT partition table used on iOS 4 was replaced by Apple's proprietary Lightweight Volume Manager (LwVM ...
Analysis of the jailbreakme v3 font exploit
Two weeks ago, comex released the third version of jailbreakme. Two exploits are used to jailbreak Apple devices by opening a PDF file in the MobileSafari browser: initial code execution is obtained through a vulnerability in the Freetype Type 1 font parser, allowing subsequent exploitation of a kernel vulnerability to ...read more
CVE-2010-3830 - iOS < 4.2.1 packet filter local kernel vulnerability
This post will describe a recent iPhone kernel vulnerability discovered by comex and used in the limera1n and Greenpois0n jailbreaking tools. Both tools exploit a BootROM vulnerability found by geohot to get initial code execution on the device, and comex's kernel exploit is then used to make the jailbreak ...read more
hack.lu CTF - Challenge 12 WriteUp
Here is the missing Hack.lu CTF write-up for the "seamonster" challenge. It was a Windows reverse engineering challenge, with a nice anti-debugging trick.
The challenge objective is to give "Ring3" the correct password to keep our ship afloat and get the gold ! Let's have a look at the ...read more