Posts

Reverse Engineering iOS 18 Inactivity Reboot

Image
Reverse Engineering iOS 18 Inactivity Reboot iOS 18 introduced a new inactivity reboot security feature. What does it protect from and how does it work? This blog post covers all the details down to a kernel extension and the Secure Enclave Processor. Security Before First Unlock / After First Unlock Did you know that entering your passcode for the first time after your phone starts is something very different then entering it later on to unlock your phone? When initially entering your passcode, this unlocks a key store in the Secure Enclave Processor (SEP) that encrypts your data on an iPhone. The state before entering your passcode for the first time is also called Before First Unlock (BFU). Due to the encrypted user data, your iPhone behaves slightly differently to later unlocks. You'll see that Face ID and Touch ID won't work and that the passcode is required. But there's more subtle things you might notice: Since Wi-Fi passwords are encrypted, your iPhone won't co

Embedding Frida in iOS TestFlight Apps

Image
Learning reverse engineering on mobile devices can be challenging, especially on iOS, where tooling is less accessible than on Android. On YouTube, I published various videos on reverse engineering with Frida , which is a tool for dynamic reverse engineering of applications during runtime. Last year, I started giving public reversing trainings via BlackHoodie and the university I'm teaching at, along with a training at NULLCON Berlin in March. While starting off with a focus on Android, which can easily be virtualized and rooted, knowledge on iOS reversing is a rare resource that many people want to learn about. But how can we make iOS reversing more accessible to learn, in a world dominated by closed-source tooling and strictly controlled by Apple?  Frida can be used on iOS without any jailbreak. Especially when building your own apps, adding it for educational purposes and using it on your own iPhone can be fun. In this blog post, we'll look into two options: (1) Distributin