Saturday, 27 February 2016

JailBreaking in iOS: Helpful for users to come out of limitations

JailBreaking

Application processor firmware modification to allow unsigned code to run (i.e. applications from outside the AppStore)


  • Similar to other OSes, the iPhone OS is loaded in stages
    • Boot ROM loads the LLB
    • LLB loads the Firmware
    • At each stage, signature checks performed to validate the next stage
  • In theory...
    • The boot ROM does not perform a signature check on the LLB
    • More recently, the LLB is subject to a buffer overflow which allows unsigned code to be loaded that can override the signature checks of all subsequent checks.

No comments:

Post a Comment