John Åkerblom

@jaakerblom

RE and language enthusiast

Vrijeme pridruživanja: studeni 2014.

Tweetovi

Blokirali ste korisnika/cu @jaakerblom

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jaakerblom

  1. 29. pro 2019.
    Poništi
  2. 17. stu 2019.
    Prikaži ovu nit
    Poništi
  3. 15. stu 2019.

    Curious to see which bugs will be used to pwn iOS in Tianfu Cup

    Prikaži ovu nit
    Poništi
  4. 8. stu 2019.

    It’s not a real conference if the monitors in the venue’s lobby aren’t showing blue screens by the end

    Poništi
  5. proslijedio/la je Tweet
    28. lis 2019.

    I built an iOS kernel debugger called KTRW based on a KTRR bypass for the iPhone X. It is capable of patching kernel __TEXT_EXEC, loading kernel extensions, and performing single-step kernel debugging with LLDB and IDA Pro over USB:

    Prikaži ovu nit
    Poništi
  6. 25. ruj 2019.

    recvmsg_x, used in one of the chains documented by here also gets tripped like this and won’t work in the iOS 13 Safari sandbox. Still works in app sandbox so still good for jailbreakers

    Poništi
  7. proslijedio/la je Tweet
    11. srp 2019.

    My iOS 12.2 exploit is now available! Thanks again to Brandon for his help in getting through the Mach trenches from BSD.

    Poništi
  8. proslijedio/la je Tweet
    9. svi 2019.

    Glad that we have 2 talks accepted to 2019. With , we will talk about how to exploit a kernel bug in XNU that affects iOS up to 12.1.4 against iPhone XS Max. With Tao Huang, we will talk about remote heap/stack overflows in FaceTime.

    Poništi
  9. 27. ožu 2019.

    KASLR bypass/kernel base finding code is impacted by iOS 12.2 for jailbreaking (for some bugs/methods). Note how the kernel base isn’t always xxxxxxxxxxxx4000 anymore. Looks like KASLR has been improved

    Poništi
  10. proslijedio/la je Tweet
    18. ožu 2019.
    Poništi
  11. 8. srp 2018.

    How to root/sandbox escape iOS12: proc 11.4->12 0x100->0xf8 0x10->0x60 0x268->0x250 0xa8->0xa0 0x2c0->0x2a8 0x30->0x28

    Poništi
  12. proslijedio/la je Tweet
    17. lip 2018.

    Safari exploit for iPhone 8, iOS 11.3.1 NOT USEFUL FOR USERS. Stage 2 is not open source so people can't abuse it easily. Won't have time to work on this more, but as a developer lmk if you want to turn this into something cool and I can share sources.

    Poništi
  13. 6. lip 2018.

    (2/2) This is good to know as there is another overflow in mptcp_subflow_add() which has its own new check in the kernel. This one can be reached through connectx with entitlement check, but there is another path where it's not as clear if the entitlement is actually needed

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    5. lip 2018.

    iOS 11.4 patched kernel memory corruption bugs I reported in two distinct areas: mptcp and vfs. My exploit for the mptcp bug is here: Please read the README. It requires an Apple developer cert.

    Prikaži ovu nit
    Poništi
  15. 4. lip 2018.

    Regarding multipath bugs: 3rd overflow looks reachable without entitlement. It also has a separate fix in the kernel code from the first two, which should warrant a CVE. So my current guess is 1 Ian CVE for first 2, 1 for 3rd. See mptcp_subflow_add

    Poništi
  16. 3. lip 2018.

    The iOS 11.3.1 kernel exploit has been reliable on my test device, but some users have been reporting very low reliabiltity. A solution that worked for those who tried was to disable Siri. I've updated the repo with a note and a few details about this:

    Poništi
  17. proslijedio/la je Tweet
    3. lip 2018.
    Odgovor korisnicima i sljedećem broju korisnika:

    Talked to Ian, he said one bug requires the entitlement, the other doesn't.

    Poništi
  18. 3. lip 2018.

    To anyone banking on Ian's upcoming exploit using different bugs: could be the case, but you are overlooking what we know so far if you don't see the risk (unless you mistrust Apple): Surprised no one agrees. No doubt Ian will make a dope exploit though

    Poništi
  19. 3. lip 2018.

    To average JB users: wait for a developer like who focuses on the part after all exploitation (all public since June 1, reliability/non-X aside). He hasn't shown any interest in my 11.3.1 exploit but he is welcome to use it. My focus is research, not development

    Poništi
  20. 2. lip 2018.

    Added root and sandbox escape to the iPhone X 11.3.1 exploit using QiLin by : Anyone care to explain what the big circlejerk about tfp0 is about? has made clear in the past it's not needed for his jailbreak framework

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·