Brandon Azad

Brandon Azad

Talk Title:

KTRW: The journey to build a debuggable iPhone


Development-fused iPhones with hardware debugging features like JTAG are out of reach for many iOS security researchers. This talk takes you along my journey to create a similar capability using off-the-shelf iPhones.
We'll look at a way to break KTRR, a custom hardware mitigation Apple developed to prevent kernel patches, and use this capability to load a kernel extension that enables full-featured, single-step kernel debugging with LLDB on production iPhones. Finally, I'll show how I used the resulting KTRW debugger to discover and exploit the oob_timestamp vulnerability (CVE-2020-3837).


Brandon Azad is a security researcher at Google Project Zero focusing on iOS/macOS security.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved