What needs to be done, to get from root to system rw in iOS?

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

What needs to be done, to get from root to system rw in iOS?

Postby eltong » Fri Dec 16, 2016 11:21 pm

Since the iOS 10.1.1 exploit came out, I've become curious as to what needs to be done in order to gain write permissions.

I've read something about LwVM and some MAC hooks, but that's it. I'm just trying to come up with something myself, as I'm still learning.

Thank you!
eltong
 
Posts: 6
Joined: Sun Aug 28, 2016 8:44 pm

Re: What needs to be done, to get from root to system rw in

Postby morpheus » Sat Dec 17, 2016 12:08 am

I was going to answer this, but then realized it's already covered in the book... so see attached.

Ian doesn't want to deal with KPP, so he avoids patching LwVM (which can be done easily still in 32-bit)
Attachments
Screen Shot 2016-12-16 at 7.00.50 PM.png
Screen Shot 2016-12-16 at 7.00.50 PM.png (393.69 KiB) Viewed 1736 times
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: What needs to be done, to get from root to system rw in

Postby eltong » Sat Dec 17, 2016 9:52 am

Thank you. As always, very helpful.

P.S. Your book does look like the best resource for macOS/iOS security enthusiasts. I'm seriously considering to buy it.
eltong
 
Posts: 6
Joined: Sun Aug 28, 2016 8:44 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 4 guests