OPTIMIZED FUZZING IOKIT IN IOS

Recommendations

Info

Information Extraction(II): Basic Information virtual methods’ “overwritten” virtual method 0 virtual method 1 virtual method 2 virtual method 3 …. virtual method N-3 virtual method N-2 virtual method N-1 if( address∈(KERNEL_TEXT_StartAddress, KERNEL_TEXT_EndAddress) { //implementation in XNU without overwriting …… } else { //overwritten implementation …… } virtual method N
Information Extraction(II): Basic Information Overwritten virtual methods symbolization • Assumption • The same names and sequences in the same iOS version in different devices • Obtaining names and sequences from kernelcaches with leaked decrypting-keys http://theiphonewiki.com/wiki/Firmware_Keys: kernelcache.release.n94 IV: ae291ecd536ab102e6975a730f065f2f Key: c45aac2036dea7bf564bd99399e6ff35b241b580afd323a7aee1b6e9162b1d4f TextBlock 10 • deducing the symbolization in those encrypted kernelcaches without keys
Page 1 and 2: OPTIMIZED FUZZING IOKIT IN IOS LEI
Page 3 and 4: Outlines • Introduction • Infor
Page 5 and 6: Introduction(I) IOKit App-0 App-1
Page 7 and 8: Introduction(I) Our Work • Not on
Page 9 and 10: Part II Information Extraction
Page 11 and 12: Information Extraction(II) Basic In
Page 13 and 14: Information Extraction(II): Basic I
Page 21: Information Extraction(II): Basic I
Page 25 and 26: Information Extraction(II): IOUserC
Page 33 and 34: Information Extraction(II): IOExter
Page 43 and 44: Part III Fuzzing
Page 45 and 46: Fuzzing(III):Fuzzing Preparation Fu
Page 47 and 48: Fuzzing(III):Fuzzing Preparation Un
Page 49 and 50: Fuzzing(III): Fuzz Thread Client-0
Page 51 and 52: Part IV Experimental Results
Page 53 and 54: Experimental Results(IV) Vulnerabil
Page 55 and 56: Experimental Results(IV) Vulnerabil
Page 57 and 58: Experimental Results(IV): Vulnerabi
Page 59 and 60: Last Black Hat Sound Bytes

OPTIMIZED FUZZING IOKIT IN IOS

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?