Antid0te 2.0 - ASLR in iOS - Reverse Engineering Mac OS X

More documents

Recommendations

Info

Changes in Memory Page Handling • sliding whole cache is too slow • Apple changed page handler to relocate each page on access • works on the kernel buffer filled by syscall 437 • made decrypting the new dyld_shared_cache file format easy Stefan Esser • Antid0te 2.0 - ASLR in iOS • May 2011 • 42
dyld_shared_cache Header in iOS 4.3.x Stefan Esser • Antid0te 2.0 - ASLR in iOS • May 2011 • 43
Page 1 and 2: Antid0te 2.0 - ASLR in iOS Stefan E
Page 3 and 4: Part I Introduction Stefan Esser
Page 5 and 6: iPhone Security in 2011 • Apple r
Page 7 and 8: Part II ASLR vs. iOS Stefan Esser
Page 9 and 10: Libraries where are thou? • since
Page 11 and 12: dyld_shared_cache Header in iOS
Page 13 and 14: dyld_shared_cache vs. ASLR • libr
Page 15 and 16: Antid0te • Antid0te‘s goals wer
Page 17 and 18: How does this help us ? • same bi
Page 19 and 20: What to compare against each other
Page 21 and 22: Results of first diffing attempts
Page 23 and 24: Analysing the results (II) more car
Page 25 and 26: Large unknown values in libobjc.dyl
Page 27 and 28: Reversing the objc differences •
Page 29 and 30: iPhone libobjc does not match the s
Page 31 and 32: Analysing the small values • reas
Page 33 and 34: Part IV Apple‘s ASLR in iOS 4.3.x
Page 35 and 36: Randomization in iOS 4.3 • jailbr
Page 37 and 38: Randomization of Dyld • dyld was
Page 39 and 40: Randomization of dyld_shared_cache
Page 41: New Syscall - vm_shared_region_slid
Page 45 and 46: Part V Antid0te 2.0 ??? Stefan Esse
Page 47 and 48: What is different with iOS 4.3.x? (
Page 49 and 50: What is different with iOS 4.3.x? (
Page 51 and 52: Why is the iPhone more Secure with
Page 53 and 54: Limitations of iOS 4.3.x ASLR (main
Page 55 and 56: Limitations of Antid0te (main binar
Page 57 and 58: Final Words • Antid0te 1.0 works

Antid0te 2.0 - ASLR in iOS - Reverse Engineering Mac OS X

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?