Abstract:
At the beginning of the presentation Mach-O file format is discussed, after that a way to store code inside a binary is explained. Then the basic technique is discussed, specifically how XNU loads binaries and how to impersonate the kernel in order to avoid any execve(). Differences between Mac OS X desktop and the iPhone will be shown. From a Metasploit meterpreter session, it will be demonstrated that an arbitrary binary can be uploaded and launched without it touching the disk. Finally, iPhone signing and file system restrictions will be discussed and the methods of this talk will be shown to circumvent them.
Slides:
