- CXO Track
- For You
- Horror Stories from Hacker World
- Resume Clinic
- Goa 2020
- Brandon Azad
KTRW: The journey to build a debuggable iPhone
Development-fused iPhones with hardware debugging features like JTAG are out of reach for many iOS security researchers. This talk takes you along my journey to create a similar capability using off-the-shelf iPhones.
We'll look at a way to break KTRR, a custom hardware mitigation Apple developed to prevent kernel patches, and use this capability to load a kernel extension that enables full-featured, single-step kernel debugging with LLDB on production iPhones. Finally, I'll show how I used the resulting KTRW debugger to discover and exploit the oob_timestamp vulnerability (CVE-2020-3837).
Brandon Azad is a security researcher at Google Project Zero focusing on iOS/macOS security.