Low-level iOS forensics

Thu 28 June 2012 by jean

iOS filesystem encryption and data protection mechanisms are now well documented and supported by many forensics tools. iOS devices use NAND flash memory as their main storage area, but physical imaging usually refers to a "dd image" of the logical partitions. The iOS Flash Translation Layer for current devices is ...

read more

iOS 5 data protection updates

Sun 09 October 2011 by jean

iOS 5 was released this week, and introduced some changes to the data protection features we described at HITB Amsterdam. This post highlights the updates made since iOS 4.

LwVM partition scheme

The GPT partition table used on iOS 4 was replaced by Apple's proprietary Lightweight Volume Manager (LwVM ...

read more

Analysis of the jailbreakme v3 font exploit

Sat 16 July 2011 by jean

Two weeks ago, comex released the third version of jailbreakme. Two exploits are used to jailbreak Apple devices by opening a PDF file in the MobileSafari browser: initial code execution is obtained through a vulnerability in the Freetype Type 1 font parser, allowing subsequent exploitation of a kernel vulnerability to ...

read more

CVE-2010-3830 - iOS < 4.2.1 packet filter local kernel vulnerability

Thu 09 December 2010 by jean

This post will describe a recent iPhone kernel vulnerability discovered by comex and used in the limera1n and Greenpois0n jailbreaking tools. Both tools exploit a BootROM vulnerability found by geohot to get initial code execution on the device, and comex's kernel exploit is then used to make the jailbreak ...

read more

hack.lu CTF - Challenge 12 WriteUp

Mon 29 November 2010 by jean

Here is the missing Hack.lu CTF write-up for the "seamonster" challenge. It was a Windows reverse engineering challenge, with a nice anti-debugging trick.

The challenge objective is to give "Ring3" the correct password to keep our ship afloat and get the gold ! Let's have a look at the ...

read more