Jailbreaking - Ivan R Blog

What checkm8 means for stalkerware on iOS

On Friday, September 27th 2019 many of us on the mobile security community were surprised with the news of a SecureROM vulnerability disclosed on Twitter by @axi0mX. axi0mX described it as "a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices" and called it checkm8 (read 'checkmate'). Here

Reverse Engineering

Decrypting iOS applications - iOS 12 Edition

As some of you may know, with the release of iOS 12.4 Apple accidentally reintroduced a vulnerability already patched on iOS 12.3. Shortly after this discovery, @Pwn20wnd released a new version of Unc0ver that supported iOS 12.4. This meant that many users were able to update to

Privacy

Analyzing iOS Stalkerware Applications

Stalkerware (a.k.a. Spouseware) applications are invasive applications that an individual installs on a target's device (usually their partner) to spy on them, snooping in as much data as they can. They aim to collect phone calls history, private messages, location data, browsing patterns, and many other private aspects

iOS

Tips for Mobile Bug Bounty Hunting

My good friend Pete Yaworski encouraged me to join the bug bounty scene for a long time before I decided to jump in and start using my mobile app sec knowledge to ethically hack on mobile apps from public bug bounty programs. Pete, who literally wrote the book on web

iOS

What do Pointer Authentication Codes mean for iOS jailbreaking?

Yesterday, Sep 12th, Apple announced their next generation of iPhones. The iPhone X [s], X [s] Max and X [r] are the new members of the iPhone family and "the most advance iPhones Apple has ever created". You can watch the full presentation here. They talked about their new hardware,

iOS

Fix Cydia Impactor crypto-osx.cpp:97 error

If you upgraded to macOS Hight Sierra 10.13.x changes are Cydia Impactor is giving you this error when trying to install an app: The text reads: crypto-osx.cpp:97 The user name or passphrase you entered is not correct. But beyond that there is no indication of what

Jailbreaking

Installing Dropbear SSH on iOS 10.3.3

In December last year, @thimstar and @S1guza released H3lix a semi-untether jailbreak for all 32-bit devices on iOS 10.0 to 10.3.3. This is amazing, it means devices like the iPhone 5 and 5c are jailbroken for life! (since iOS 10.3.3 is the last Apple-OS that