하얀정령

디버깅 사용환경: iPhone 8 / 14.4.2 Reference: https://github.com/apple-oss-distributions/xnu/blob/xnu-7195.81.3/iokit/Kernel/IOUserClient.cpp#L6166https://conference.hitb.org/hitbsecconf2013kul/materials/D2T2%20-%20Stefan%20Esser%20-%20Tales%20from%20iOS%206%20Exploitation%20and%20iOS%207%20Security%20Changes.pdf 이해하는데 사용될 Project: https://gitlab.com/alias20/kcalltest14https://github.com/jsherman212/ktrw Userspace에서 IOConnectTrap6 함수를 호출하여 Kernel Call하기까지 호출 경로 (Backtrace) fleh_synchronous https://github.com/apple-oss-distributions/xnu/blob/xnu-7195.81.3/osfmk/arm64/locore.s#L614-> sleh_synchronoushttps://github.com/apple-oss-distributions/xnu/blob/xnu-7195.81.3/osfmk/arm64/sleh.c#L657-> handle_svchttps://github.com/apple-oss-distributions/xnu/blob/xnu-7195.81.3/osfmk/arm64/sleh.c#L1642->… 더 보기 »iOS arm64 환경에서 Kernel R/W로 kernel call 구현 이해하기