Demystifying the Secure Enclave Processor
LytVKz
LytVKz
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Stack Corruptions<br />
• SEP applications are compiled with stack cookie<br />
protection<br />
▫ Cookie value is fixed to ‘GARD’<br />
▫ Trivial to forge/bypass<br />
• Stack addresses are in most cases known<br />
▫ Main thread stack is at a known address<br />
▫ Addresses of subsequent thread stacks are<br />
predictable