Umang Raghuvanshi


Talk Title:

Putting it all together: building an iOS jailbreak from scratch


iOS jailbreaks have always been shrouded in mystery, with their inner workings known only to a select few. In this talk, I embark upon a journey with the audience to lift the curtain and put together a semi-untethered iOS jailbreak from the ground up. Starting from a memory corruption vulnerability, this talk covers defeating Kernel Address Space Layout Randomisation, escaping the iOS sandbox, remounting the root filesystem and defeating code signing and library validation to inject code into other processes. Also, for the first time ever, this talk details how all of this can be done on the latest Apple devices without having to bypass ARMv8.3’s Pointer Authentication.


Umang Raghuvanshi is a Security Researcher, specializing in iOS kernel and browser exploitation. He is a member of the Electra jailbreak team, and frequently releases the results of his research to the public, including exploits targeting the latest versions of the XNU kernel.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved