Archive

Posts Tagged ‘hacking’

Shellcode on an iPhone

June 16, 2009 Leave a comment

The details are very sparse but in a week or so all bets will be off. According to Ars Technica, Charlie Miller and Vincenzo Iozzo will be presenting a technique at BlackHat USA that allows an attacker to run arbitrary shellcode on an iPhone. The only real details about the attack are that they figured out a way around code signing protections. Code signing protections made it very hard to exploit vulnerable programs on the iPhone since the only code that could be run was code that Apple has reviewed. This makes it much easier for viruses, worms, etc to be written for the iPhone!

Categories: iPhone Tags: ,

Phrack on Objective C and Rootkits

June 11, 2009 Leave a comment

The 2009 edition of Phrack Magazine has an article called “The Objective-C Runtime: Understanding and Abusing“. This is probably a great read for anyone interested in iPhone hacking. I haven’t looked at it yet, but when I get the time, I’ll post my thoughts. There is also an article on OS X rootkits. So check out these two articles and post your comments.

Categories: iPhone Tags: , ,

From BlackHat Europe 09

April 22, 2009 Leave a comment

Charlie Miller and Vincenzo Iozzo did a wonderful presentation at BlackHat – Europe 2009 on Mac OS X and iPhone hacking. You can find video and a paper from their presentation here. Sections 4 and 5 (of the paper) are on the iPhone. They give a brief introduction to the ARM architecture and iPhone OS security.

It turns out that Apple has done a decent job of making it very hard to execute shellcode on the iPhone. Pretty much all memory except the programs (and libraries) on the phone are not executable and cannot be made executable (at least not yet). This means no executing shellcode on the stack or in the heap; your only attack vector is large return-to-libc attacks. They give some example shellcode in their paper that will run on a “virgin” iPhone (not jailbroken).

Return-to-libc attacks work by tricking the machine into running code in libraries or the loaded program in such a way that you accomplish some malicious task (or benign but unintended like the vibrate code in the paper). It is a pretty standard way to exploit systems with non-executable stacks and/or heaps.

Categories: iPhone Tags: ,