0% Privacy
канал про анонимность, ИБ и бред автора в конвульсиях шизофрении. The channel is about anonymity, information security and the author's delirium in the convulsions of schizophrenia.
Show more- Subscribers
- Post coverage
- ER - engagement ratio
Data loading in progress...
Data loading in progress...
Abstract: ---------------- If you've been around the iPhone hacking scene you probably heard about the mysterious cables named after different monkeys: Kanzi Cable, Kong Cable, Bonobo Cable - all these cables allow you to get JTAG debugging capabilities on the iPhone, however they are also very difficult to get on the regular market. Last year we released the first open-source iPhone JTAG cable: The Tamarin Cable, a firmware for the Raspberry Pi Pico that allows building a $10 iPhone JTAG adapter. Since then, we've worked on utilizing Tamarin and Lightning to automate certain tasks for low-level fuzzing of the iPhone. In this talk we will: ----------------------------- Dive into the hardware (Tristar) and protocol (SDQ/IDBUS) details of Lighting Show how we implemented our own SDQ/IDBUS adapter Demonstrate our Lightning-Fuzzer: A fuzzer to find new Lightning commands Dive into implementing SWD for the iPhone and how to use with checkm8ble devices After this, we will look at using Lightning to implement a low-level fuzzer for the iPhone: Thanks to some undocumented Lightning commands we can utilize Lightning to quickly (and automatically) reset the iPhone - and get it into DFU mode. This allowed us to build low-level fuzzers for parts of the iPhone that so far very only very difficult to test. Our fuzzers will be made public with this presentation #iphonesecurity #jtag #fuzzing #hardwaresecurity #hardwear_io #hw_ioUSA2023 ----------------------------------------------------------------------------------------------------------------------------------- Website:
https://hardwear.ioTwitter:
https://twitter.com/hardwear_ioLinkedIn:
https://www.linkedin.com/company/hardwear.io-hardwaresecurityconferenceandtraining/Facebook:
https://www.facebook.com/hardwear.ioIt's almost free! Author: @ShizoPrivacy
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown - GitHub - pushsecurity/sa...