jiska
jiska
  • Видео 41
  • Просмотров 122 498
Demo: iPhone Satellite Testbed Setup
This demo shows a simulation-based testbed for satellite communication on non-satellite iPhones. Various Frida hooks enable "connecting" to a satellite and sending emergency messages, without actually causing an emergency.
Here, the demo runs on an iPhone 13 mini on iOS 16.3. The testbed requires the iPhone to be jailbroken with Dopamine 2 or having Frida running on an SRD.
Просмотров: 246

Видео

Demo: Sending Text Messages via Find My Location Sharing over Satellite
Просмотров 128Месяц назад
This demo shows sending a custom text message over satellite on a jailbroken iPhone, by replacing the Find My Friends location shared with the text message. All friends of that user can then receive the shared message. Source code available on github.com/seemoo-lab/satellite-messenger.
iOS Inactivity Reboot Timelapse
Просмотров 38 тыс.Месяц назад
For detailed reverse engineering of this feature, see naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html.
[0x0f] Reversing Shorts :: Hotdog or not hotdog? Machine learning reverse engineering on iOS
Просмотров 1 тыс.Месяц назад
The SeeFood app is real! Let's look into an app that classifies food into hotdog vs. not hotdog. Learn how to figure out how a machine learning model is used, which capabilities it has, and change the SwiftUI text labels such that the app can detect pizza vs. not pizza. Full playlist of reversing shorts: ruclips.net/p/PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G Links: bagbak: github.com/ChiChou/bagbak R...
BlackHat Europe 2024 Training [Advertisement]
Просмотров 4703 месяца назад
This training provides you with a comprehensive toolkit for analyzing apps, system daemons, the XNU kernel, firmware, and system logs on Apple's mobile devices. It caters to beginner, intermediate, and advanced reverse engineers. More details on reversing.training! Book via www.blackhat.com/eu-24/training/schedule/index.html#practical-ios-app-user kernel-space-and-firmware-reverse-engineering 3...
[0x0e] Reversing Shorts :: Decoding Apple's OSLog
Просмотров 8366 месяцев назад
In this video, we take a look into how Apple's clang compiler handles os_log internally. While the source code looks very readable, some compiler builtins ruin our day! Let's take a look into how to recover this mess. Full playlist of reversing shorts: ruclips.net/p/PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G os_log.js: github.com/seemoo-lab/frida-scripts/blob/main/scripts/os_log.js Apple's clang source...
[0b00] Reversing 101 :: Hacking Closed-Source Firmware
Просмотров 5 тыс.Год назад
Useful tips on firmware reverse engineering I wish I had known earlier. Follow my journey of learning how to reverse engineer by staring on a Fitness tracker and Bluetooth chip firmware! Check out my channel for more reverse engineering videos: @jiskac CCC conference talk by Daniel and me on hacking Fitbit firmware: ruclips.net/video/ccbwtrrB4lk/видео.html REcon conference talk by Dennis and me...
[0x0d] Reversing Shorts :: Real-World Tutorials 🤓
Просмотров 1,9 тыс.Год назад
Want to learn reverse engineering, but there's way too many tutorials to pick a good one? I'll show you my top recommendations to get started with beginner and advanced reverse-engineering tutorials. Links to the tutorials in the description below! Full playlist of reversing shorts: ruclips.net/p/PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G Hacking Windows Minesweeper: www.begin.re/ BlackHoodie: blackhoo...
[0x0c] Reversing Shorts :: 🩳🧵🪡
Просмотров 770Год назад
Reverse engineering short about how to reverse a shorts sewing pattern from ready-to-wear shorts. The one and only reversing shorts you all have been waiting for! Full playlist of reversing shorts: ruclips.net/p/PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G Chapters: 00:00 - Introduction 00:15 - Plan: Create sewing instructions 00:54 - Create sewing pattern 03:04 - Cut pattern 03:25 - Sew inside 03:47 - B...
[0x0b] Reversing Shorts :: iOS & macOS Kernel Debug View
Просмотров 2,1 тыс.Год назад
See what's happening live inside the XNU kernel without any complicated debug and patching setup. Various places in the kernel have kernel_debug statements, which can be observed from user space with kdv (Kernel Debug View). Full playlist of reversing shorts: ruclips.net/p/PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G kdv: newosxbook.com/tools/kdv.html Public trace codes in XNU source code: sourcegraph.co...
Wibbly Wobbly, Timey Wimey - What's Really Inside Apple's U1 Chip
Просмотров 4482 года назад
Talk about Apple's ultra-wideband (UWB) chip and ecosystem. How is distance measured? How is it reported from the chip and then used within Apple's ecosystem? How does Bluetooth integration with BLE advertisements work? As presented on DEF CON 29, but with improved captions.
[0x0a] Reversing Shorts :: Apple's Cross-Process Communication (XPC)
Просмотров 2,4 тыс.2 года назад
XPC is a mechanism on iOS and macOS that enables processes to exchange data. Especially on Apple-internal implementations, it's used excessively. Simple features are often split across daemons and apps, with components implemented separately. In this video, we'll follow XPC communication across daemons to see what happens when we play a sound on an AirTag. Full playlist of reversing shorts: ruc...
[0x09] Reversing Shorts :: iOS Bluetooth Debugging Driver Internals & Packet Logging
Просмотров 3,3 тыс.2 года назад
Let's take a look into the iOS Bluetooth stack! Logging all packets with PacketLogger is easy, but how does it work internally? How do bluetoothd and the kernel interact with each other? Full playlist of reversing shorts: ruclips.net/p/PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G Apple's Bluetooth developer tools and information: developer.apple.com/bluetooth libimobiledevice: github.com/libimobiledevice...
[0x08] Reversing Shorts :: Apple RTKit Firmware Analysis
Просмотров 6 тыс.2 года назад
RTKitOS, also called RTKit, is Apple's most widespread operating system. Yet, nobody knows it. It runs on various Apple peripherals as well as the SoCs on the iPhone, Watch, and MacBook. Full playlist of reversing shorts: ruclips.net/p/PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G *OS Internals books: newosxbook.com Project Zero blog post on RTKit reversing to analyse a DCP exploit: googleprojectzero.blog...
[0x07] Reversing Shorts :: iOS Device Supervision - Sniff Traffic & Defer Updates
Просмотров 6822 года назад
[0x07] Reversing Shorts :: iOS Device Supervision - Sniff Traffic & Defer Updates
[0x06] Reversing Shorts :: Weather Manipulation
Просмотров 2,4 тыс.2 года назад
[0x06] Reversing Shorts :: Weather Manipulation
[0x05] Reversing Shorts :: iOS Kernel Demystified
Просмотров 5 тыс.2 года назад
[0x05] Reversing Shorts :: iOS Kernel Demystified
[0x04] Reversing Shorts :: Finding and Backtracing Signal Messages on Android
Просмотров 1,3 тыс.2 года назад
[0x04] Reversing Shorts :: Finding and Backtracing Signal Messages on Android
[0x03] Reversing Shorts :: Out of Memory - Working around JetSam Memory Limits on iOS
Просмотров 1,2 тыс.2 года назад
[0x03] Reversing Shorts :: Out of Memory - Working around JetSam Memory Limits on iOS
[0x02] Reversing Shorts :: Backtracing Threads and Adding Symbols with Frida on iOS
Просмотров 1,7 тыс.2 года назад
[0x02] Reversing Shorts :: Backtracing Threads and Adding Symbols with Frida on iOS
[0x01] Reversing Shorts :: Finding the Signal Message Object with Frida on iOS
Просмотров 3,2 тыс.2 года назад
[0x01] Reversing Shorts :: Finding the Signal Message Object with Frida on iOS
[0x00] Reversing Shorts :: Introduction
Просмотров 2,2 тыс.2 года назад
[0x00] Reversing Shorts :: Introduction
Reverse Engineering Lab - Module 0x3
Просмотров 6042 года назад
Reverse Engineering Lab - Module 0x3
Reverse Engineering Lab - Module 0x2.1: Java Reversing and Android VM Setup
Просмотров 5762 года назад
Reverse Engineering Lab - Module 0x2.1: Java Reversing and Android VM Setup
Reverse Engineering Lab - Module 0x2: Ghidra & Frida
Просмотров 2,8 тыс.2 года назад
Reverse Engineering Lab - Module 0x2: Ghidra & Frida
Reverse Engineering Lab - Module 0x01: Selecting a Research Target
Просмотров 2,4 тыс.2 года назад
Reverse Engineering Lab - Module 0x01: Selecting a Research Target
iOS Reverse Engineering :: Part III :: Hooking into Objective-C
Просмотров 2,3 тыс.2 года назад
iOS Reverse Engineering :: Part III :: Hooking into Objective-C
iOS Reverse Engineering :: Part I :: Dynamic Reversing and iOS Basics
Просмотров 13 тыс.2 года назад
iOS Reverse Engineering :: Part I :: Dynamic Reversing and iOS Basics
iOS Reverse Engineering :: Part II :: System Processes and Hardware Interaction
Просмотров 2,8 тыс.2 года назад
iOS Reverse Engineering :: Part II :: System Processes and Hardware Interaction
Ghost Peak - UWB Distance Shortening Demo on Apple U1 Chip
Просмотров 8293 года назад
Ghost Peak - UWB Distance Shortening Demo on Apple U1 Chip

Комментарии

  • @Zake39292
    @Zake39292 10 дней назад

    How to do this on windows

  • @GameSphere124
    @GameSphere124 12 дней назад

    How did you got verbose boot on your iPhone?

  • @batuemirseven
    @batuemirseven 15 дней назад

    I mean this kinda sucks since when your device is in a BFU state the people calling wont appear as contacts but who doesnt touch their phone for 3 days in 2024 anyway

  • @AntiBillOS
    @AntiBillOS 23 дня назад

    Not bad!

  • @Carandtechguy
    @Carandtechguy 24 дня назад

    Bruh

  • @AnonymousNyanCat-qg6bb
    @AnonymousNyanCat-qg6bb 28 дней назад

    Idk, every unstable system requires a reboot at least once a week. Otherwise, system performance will feel slower than usual.

  • @NilanjanMustafi
    @NilanjanMustafi 28 дней назад

    Once every 7-10 days when I try to unlock my iPhone 13 on iOS 17.4.1, iOS asks me to first enter my password. Is that same as what's shown in the video i.e., BFU or is that AFU? Also, when I press the power + volume buttons together for a couple of seconds and don't shut down my iPhone, it asks for my password. Is this BFU or AFU?

    • @jiskac
      @jiskac 26 дней назад

      Both scenarios you describe are AFU. The second one restricts some interfaces but disk stays decrypted. You can easily try that out when calling your iPhone: In BFU, no contact info is shown. In AFU, contact info from your address book is shown.

  • @user-dw6fj1py1o
    @user-dw6fj1py1o 28 дней назад

    So Good.

  • @jaysonrobles25
    @jaysonrobles25 Месяц назад

    Oh now I get it, that’s why sometimes when I’m trying to swipe up my phone it needs a passcode first because it reboots 😅😅

    • @jiskac
      @jiskac 29 дней назад

      Not necessarily. Apple also put some other mitigations in there that require you to enter the passcode under certain conditions. In some of these cases, the iPhone didn't reboot and is still in After First Unlock state.

  • @JamesR624
    @JamesR624 Месяц назад

    The fact that the reboot is in verbose mode is interesting. Apple usually *really* doesn't allow things like that on production releases of software.

    • @TurboPikachu
      @TurboPikachu Месяц назад

      That’s because it’s a research device. That iPhone is likely Apple’s property that they’re allowing devs to use for testing purposes. Inactivity reboot is going to be a normal reboot on end-users’ iPhones

    • @squabbledOwO
      @squabbledOwO 17 дней назад

      Yeah, you can see the research device watermark before it turns back on

  • @NarendraMnr
    @NarendraMnr Месяц назад

    Why isn' the full iPhone visible?

  • @Just_a-normalgamer
    @Just_a-normalgamer Месяц назад

    Is this case quadlock?

  • @matthewmurray4830
    @matthewmurray4830 Месяц назад

    thanks for the great article 👍

  • @Kcraft059
    @Kcraft059 Месяц назад

    Mr might be pretty good at searching security issues to get his hand on an SRD (these kind of devices are quite rare)

  • @pixpyy
    @pixpyy Месяц назад

    why does this happen? does this happen every 3 days?

    • @jiskac
      @jiskac 29 дней назад

      naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html

  • @AsphaltLegendsFan
    @AsphaltLegendsFan Месяц назад

    0:32 looks like jailbreak

    • @Psyyyyyyyyyyyyyy
      @Psyyyyyyyyyyyyyy Месяц назад

      Just a dev fused device provided by apple to certified security researchers

    • @AArch64_Gamer
      @AArch64_Gamer 27 дней назад

      It’s one of the security research device units provided by Apple for security research. There’s a glimpse of the label on the boot screen

  • @mohammedsherzad8447
    @mohammedsherzad8447 Месяц назад

    its remove lock screen

  • @Frantisek.Lebeda
    @Frantisek.Lebeda Месяц назад

    is this for like re-encryption?

    • @tdrg_
      @tdrg_ Месяц назад

      Yeah, in BFU state pretty much all user data is encrypted

    • @busterscrugs
      @busterscrugs Месяц назад

      Yup, prevents law enforcement from accessing data from your locked phone.

    • @Tougebeat
      @Tougebeat 27 дней назад

      Is this the same encryption as with a factory reset?

    • @michaelthornes
      @michaelthornes 23 дня назад

      this resets the phone from an AFU (after first unlock) state to BFU (before first unlock) state, part of this meaning encryption keys are purged from memory and you must use your pin/password instead of just biometrics to unlock the first time. this makes it more difficult for law enforcement or other phone thieves in general to access the data on the phone, because they need to get the encryption keys, there are no potential bypasses, memory-related or otherwise

  • @speedycord
    @speedycord Месяц назад

    is that jailbreak on ios 18???????

    • @j5xnlte
      @j5xnlte Месяц назад

      No.

    • @tdrg_
      @tdrg_ Месяц назад

      That’s an SRD, specially modified iPhone that allow for deep security research

  • @格雷·斯普倫基
    @格雷·斯普倫基 Месяц назад

    I first time see the "Security Research Device" WTH

    • @rogerr.397
      @rogerr.397 Месяц назад

      They give that to Apple Security researchers to find bugs

  • @elbert5208
    @elbert5208 Месяц назад

    Very nice article

  • @jiskac
    @jiskac Месяц назад

    Hi all :) I've added some answers to all your questions at the end of my blog post. naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html

  • @time-lapserpro4370
    @time-lapserpro4370 Месяц назад

    Interesting article and a very good read!

  • @TotallyBCK
    @TotallyBCK Месяц назад

    how did you enable verbose boot?

    • @Platapai
      @Platapai Месяц назад

      It's an Apple Security Research Device. Apple loans you a phone (which isn't for personal use) It's used to find, test, validate, verify, and confirm a vulnerability

    • @bendabuilder6637
      @bendabuilder6637 Месяц назад

      It's a security research device, part of one of Apple's programs. It has it enabled by default

    • @ImSkye
      @ImSkye Месяц назад

      -v

    • @Space_US
      @Space_US Месяц назад

      @@ImSkyebro you can’t just change boot args

    • @ImSkye
      @ImSkye Месяц назад

      @ sure you can, you can temporarily set them via usb debugging.

  • @john.dough.
    @john.dough. Месяц назад

    good video!

  • @yetzt
    @yetzt Месяц назад

    cool, it even comes with a console blurred for privacy.

    • @bryanmartin_
      @bryanmartin_ Месяц назад

      Nah, I think the blur is an overlay. Look how the notch is also blurred.

    • @ethancarter-0ridQ38
      @ethancarter-0ridQ38 Месяц назад

      @@bryanmartin_ r/woooosh

    • @elmerrrrrr
      @elmerrrrrr Месяц назад

      @@bryanmartin_ no that's a feature of the console

    • @mensuusxd
      @mensuusxd Месяц назад

      ​@@ethancarter-0ridQ38That wasn't even a joke idiot

    • @Kcraft059
      @Kcraft059 Месяц назад

      It’s clearly edited in post prod

  • @ecaltroyer
    @ecaltroyer Месяц назад

    Does it erase all data on the phone and did apple allow debugging openly

    • @tdrg_
      @tdrg_ Месяц назад

      This is an SRD, a modified iPhone for security research sent by Apple to experts

    • @busterscrugs
      @busterscrugs Месяц назад

      No, by rebooting the device, it's now in "before first unlock" mode, where all user data is encrypted.

  • @viralthings3065
    @viralthings3065 Месяц назад

    Great video ty

  • @scytube
    @scytube Месяц назад

    2:03 😂

  • @lew9068
    @lew9068 Месяц назад

    Short and direct. Great video.

  • @NeoBechstein
    @NeoBechstein Месяц назад

    thx, j!

  • @lew9068
    @lew9068 Месяц назад

    Great video. Keep it up.

  • @tiojoe_
    @tiojoe_ Месяц назад

    Awesome content! Any github link with the script? Many thanks

    • @jiskac
      @jiskac Месяц назад

      Hi :) You can find some of the scripts here: github.com/seemoo-lab/airtag

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Calouscardtywaretybruntyuntyhymertyfrunsityangertycunectyretiustyvacuitybrentysistertygretsyrapstyinsatertyvetyrutyvatchynevergety

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Frechklertyhastybuty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Vertaslousytustyratsynthertygairustyretsyskythertycalistytendruntycelustyinty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Whstyfrustcashervautyastyartydestyclearestycleanucthust

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Goldertyponkysupertypinktectysatertyhustertydatyfruenstydatyfrunstyhumpertyrubertyferusastertycarouselisutyrexpouty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Andtheyaskquestyiknowanswertybutchangesmidmyrehastysaysayshuishuitalkertysertyburtyfruistyblertydryetycursetysaysayhurtyburtytouchrtynurckhtysayohthereismoretolifethanhannahshelfemptyornot

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Theheataghertystrapstablertytrentyairuesptylapertytustyburiesutygravertysautycubertusduscasthybchutyacustyreisucty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Soididwhaticouldandobutheysayseeidohaveallineedorneedyourstoosowhyouwatchmeatyourfoodihavesoitismine

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Loltheymakemeguessinmysleepfrompastdeathsolikeieitherliveitbadnextdeathereagainorrrrrrrrrtheymertymuneirtysunertygidertylasoertyfrustyvutysalertyvetyacertylifertdetychuctyrastymastyveluvxty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Carethenuncaretypayseecarefindvertyfruityhendsuichty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Sotheywantwaterdiamundcrustbeltandcroygasjertyhusredtyjiustyfurhtybutertyfretymochtyrepityhuestyvedertyrapertybertyiustylivertyastyertyfruitydyertyromusty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Wayertymerewtygravertysinguirty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    ,

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Chandeliervampirediariesimmortalidolvampireservictyopertydedghuouakstyghuoilstertyfustyfutsuiy

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Gravertyfruistygavserustyvaaxtylightbulbyistyfruityastuidbutylamluseroutybrightybrukertyfurtyseftytheyfertyrusteftrbcuty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Suiayeasyuesbahscsacashcfaaxasfacheipshavjekiwschustterbbaitnnsotyhastycousty

  • @HannahOShea-fw8st
    @HannahOShea-fw8st 3 месяца назад

    Theyatemyquadswhichpartwhensaygravytertytendertyluiontyseraachastyrestypickluertustygresaxtydextertyfruitycalestertyfruitycucumbertylimesayfruitybaredty