Page 1 of 1

Book update: Chapter 21

PostPosted: Wed Nov 16, 2016 4:19 pm
by morpheus
I published the very small but detailed Chapter 21, dealing with Pangu's 9.3.3 jailbreak, for free. This way if you got the initial version you can get the PDF as well. Anybody ordering the book as of today will get this built-in .

http://NewOSXBook.com/articles/nuwashi.pdf

Re: Book update: Chapter 21

PostPosted: Thu Nov 17, 2016 2:56 pm
by vega01
Great! Thank you for creating and sharing this!

Re: Book update: Chapter 21

PostPosted: Thu Dec 08, 2016 4:13 am
by backendbilly
Administrator wrote:I published the very small but detailed Chapter 21, dealing with Pangu's 9.3.3 jailbreak, for free. This way if you got the initial version you can get the PDF as well. Anybody ordering the book as of today will get this built-in .

http://NewOSXBook.com/articles/nuwashi.pdf


I gotta say, very impressive write up J. Special attention is given to the kalloc.1024, KASLR defeat by leaking the vtable address, and IOMFBSwapIORequest::release in user mode :P.

I have to say, for someone to be able to put together in good detail on how the exploit was carried out with emphasis on vulnerability reuse is no short of spectacular. This requires having very deep knowledge in the underlying architecture. In these 6 pages, so much has been covered that seriously makes you feel like an ignorant bastard. Please keep it coming.

Is there any information on the payload they used in those gadgets?