Xu Hao now focus on OSX/iOS software development and security research. Also he has more many years experience on Windows security research. Main research areas: OSX/iOS/Windows security, Rootkit and malware, hardware virtualization technology, reverse engineering, smart card & PKI.
Chen Xiaobo is a research scientist of McAfee Labs. He participated in computer security since 2000, working on Scanner, HIPS products. Now he mainly focuses on vulnerabilities/new technologies for vulnerability exploitation and iOS exploitation.
This presentation will talk about how to write your own fuzzer targets iOS kernel and ways to analyze real kernel bugs. iOS kernel exploits are important for Jailbreak to break kernel protection such as code signing check and sandbox. Compared with user space, iOS kernel is much easier to exploit. Here we will introduce you basic knowledge of iOS kernel and give a summary of known bugs used in Jailbreaks. Then we show how to write a fuzzer based on hook technique. Since a passive fuzzer could only fuzz IOKit drivers are in using, we will also tell you how to fuzz all IOKit drivers actively. In fact, fuzz iOS kernel is not that difficult as we think. At the end we show the process of analyzing real kernel bugs.