Today, we approach a subject rarely discussed on websites or videos due its complexity, the iOS Kernel. Everybody might have heard once or twice about the Kernel, or more likely, about Kernel Exploits, but what are those?
In today's video, we take the iPhone 5,2's KernelCache file, we decrypt it, we dissemble it with IDA, and we are explaining what can a developer or a Jailbreaker do with the result.
This file has a crucial importance in terms of Jailbreaking because if you can't find an exploit into the Kernel, or if you can't create one that is powerful enough to allow you to run Arbitrary Code or to escape the SandBox, then making a full Jailbreak (or at least Untethered) is rendered impossible. In order to create a complete Jailbreak Tool for a specific iOS version, a Jailbreak Team like PanGu or TaiG requires at least 10-12 different exploits, therefore, would be great for us to dig a little bit into the Kernel and see what we can find.
At a first glance, we can see a lot of usable information, binary names, process names, kexts, addresses and daemons, knowing how to replace these with something targeting your own Payload will allow you to create Kernel Panics (Crashes) and a lot of Juicy Crash Logs containing precious data for any Jailbreaker.
iCloud Bypass is not left behind either. Knowing the Kernel, renders you the ability to neuter the Setup.app file without even touching the file itself. Of course, such achievements require a lot of practice and Assembly knowledge, but, Assembly, as any other programming language, can be learned by practicing it more and more.
I really hope you will find this video useful. If you do, don't forget to decrypt the like button and to dissemble the SUBSCRIBE button, or, of course, if you consider this video bad, you are free to exploit the dislike one 🙂 Anything helps 🙂