Page 1 of 1

What needs to be done, to get from root to system rw in iOS?

PostPosted: Fri Dec 16, 2016 11:21 pm
by eltong
Since the iOS 10.1.1 exploit came out, I've become curious as to what needs to be done in order to gain write permissions.

I've read something about LwVM and some MAC hooks, but that's it. I'm just trying to come up with something myself, as I'm still learning.

Thank you!

Re: What needs to be done, to get from root to system rw in

PostPosted: Sat Dec 17, 2016 12:08 am
by morpheus
I was going to answer this, but then realized it's already covered in the book... so see attached.

Ian doesn't want to deal with KPP, so he avoids patching LwVM (which can be done easily still in 32-bit)

Re: What needs to be done, to get from root to system rw in

PostPosted: Sat Dec 17, 2016 9:52 am
by eltong
Thank you. As always, very helpful.

P.S. Your book does look like the best resource for macOS/iOS security enthusiasts. I'm seriously considering to buy it.