Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @i41nbeer
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @i41nbeer
-
Slides from my
#MOSEC2018 talk "build your own iOS kernel debugger": https://bugs.chromium.org/p/project-zero/issues/attachment?aid=346425&signed_aid=drSMyPfPWvCZgYKtiwI2iA== …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Fixing that in combination with enabling 20 spinner threads seems to show reliability closer to 50% in some very unscientific testing, but I'm sure there are still plenty of bugs.
@Externalist's writeup had plenty more good ideas for improving reliability.Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
credit to
@Externalist for spotting a bug in empty_list: on devices with 16k pages there are 0x61 ipc_port allocations per zone refill (not sure where 0xe0 came from...); so it should look like this: int ports_per_zcram = kernel_page_size == 0x1000 ? 0x49 : 0x61;Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
empty_list, a proof-of-concept exploit for the getvolattrlist iOS 11.3.1 kernel bug: https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 … Please read the README.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
(footnote: for the vfs bug technically you can control a handful of bits in the 8 overflow bytes, the overflow value is actually two 4 byte flag fields. This may or may not help.)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Finally: always keep your personal iOS devices up to date and only use these tools on devices which don't have any personal information and are only used for research.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The trigger is here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 … If you're in to iOS exploit dev take a go at it and blog about it! I'll publish what I have soon, hopefully this week.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
see eg The Poisoned Nul Byte, 2014 by
@scarybeasts https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html … . But it takes time. The mptcp exploit is mostly recycled bits of earlier exploits. The getvolattrlist bug needs some new techniques.Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The vfs bug doesn't require an Apple developer cert but is considerably harder to exploit. You get to write 8 NULL bytes off the end of a kalloc.16 buffer. It's sufficiently hard to exploit that it's worth trying just to demonstrate that such issues are reliably exploitable...
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
That is the same bug as already publicly documented from the patch by
@elvanderb and exploited by@jaakerblom, see John's repo here:https://github.com/potmdehex/multipath_kfree …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
iOS 11.4 patched kernel memory corruption bugs I reported in two distinct areas: mptcp and vfs. My exploit for the mptcp bug is here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1558 … Please read the README. It requires an Apple developer cert.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
If you're interested in bootstrapping iOS kernel security research keep a research-only device on iOS 11.3.1 for more tfp0. Release probably next week. Oh, and the 11.1.2 KDP-compatible kernel debugger really is coming soon!
Thanks. Twitter will use this to make your timeline better. UndoUndo -
tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
iOS 11.1.2, now with more kernel debugging: https://bugs.chromium.org/p/project-zero/issues/detail?id=1417#c3 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.
Thanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.