This book explains how to develop your own zero day vulnerabilities for iOS.
The content is in the early planning stage. I welcome criticism and feedback with that in mind.
| Language | Link |
|---|---|
| English | https://faisalmemon.github.io/the-road-to-zero/ |
The purpose of this repository is to provide the source code, and other resources, supporting the "The Road to Zero" book.
When I look at learning paths in other disciplines, there is a low friction path to develop skills, and practice one's learning. For example, there is a clear path to learn iOS programming. Learning Android has even less friction. I remember this clearly when I was part of a huge team facing redundancy with a seemingly obselete knowledge base (SymbianOS). The friction on the iOS side was getting a Mac and an iDevice. It turned out that the SymbianOS experience was valuable because I wrote a book to help engineers understand and resolve crash dumps seen on iOS using OS level insights and skills I already had.
I am now in a situation where I am studying an adjacent skill but there are significant knowledge and cost barriers. That is, exploring zero day vulnerabilities in iOS. It seems that there is a gap between simple reverse engineering tutorials and crack-me challenges, and those challenges faced on a secure operating system such as iOS.
Given that iOS security research is valuable, the assumption is that you are using the IDA Pro decompiler, or you are using the Correllium system to develop your security research. These companies are entitled to price their services accordingly. The gap is that there are researchers looking to break into this world, and make a meaningful contribution with a modest outlay. It's not just the price, but the price together with the risk that is the barrier. When I purchased a Mac and an iPhone, I was already happy with what I had and wasn't sure if the market would take me on as a hobbyist to undertake commercial work in iOS.
Many things are documented, but the valuable piece is not documented.
I have sincere appreciation for those who have written up the basic ideas behind vulnerabilities, and have provided crack-me challenges. At the opposite end of things, there are some excellent write ups of past vulnerabilities; Google project Zero is leading the way here. Their insights amount to digital magic!
There is scarce little in the middle. The OS internals book series by J. Levin are a huge milestone in explaining the Darwin based Operating Systems underpinning our iDevices.
To draw an analogy, Google have shown what fish are out there to be catched, Levin has shown where the fish are, but how do you actually catch a fish? This book explains that piece.
As of 14th Nov 2021, the project status is:
- I am going through the history of mitigations in iOS. Done up to 4.x. Need to carry on from 5.x
So no new book content for a while until build processing is resolved.
I can't guarantee time, I can't guarantee speed, but this is what I know. I think I can do 0.1 % of the book each day, with a few stretches of full focus, I think my target is to complete the book is March 2023.
| Directory | Purpose |
|---|---|
| external | Downloaded resources |
| topics | Topic specific writing |
| examples | Examples |
| screenshots | Screenshots |
| trtz | Source code of book |
The software configuration management plan (SCM plan) is very simple.
- All development is done on the master branch.
- Feature work is done on a branch.
- Notable versions of the software are tracked by Release History
See https://github.com/faisalmemon/ios-crash-dump-analysis-book#authoring-methodology
You need:
- Brew Package Manager
- MkDocs Software Package
- Material Design MkDocs plug-in
- Class dump
- Draw.io.app for diagrams
For analysing binaries I used class-dump. Whilst previously this was available from Brew, it seems now you have to directly download it.
The diagram drawing app is installable from https://github.com/jgraph/drawio-desktop
| Package | Purpose | Installation |
|---|---|---|
| Atom | Edits and understands markdown and can preview render it | brew install --cask atom |
| BibDesk | Eases the definition of Citations for the Biliography | brew install --cask bibdesk |
I have discovered the standard screenshot on Mac only does low resolution (screen resolution) images. Print books need to have higher resolution.
I saw an answer at: https://apple.stackexchange.com/a/110206
I need to experiment in this area. Maybe putting my screen in large scale mode will give me screenshots with effectively a higher ppi when shrunk down for print.
The book is built using the MkDocs workflow. It is published via the GitHub pages workflow in MkDocs.
We install the tooling as follows:
brew install pyenv
pyenv install 3.8
pyenv local 3.8
pip install --upgrade pip
pip install mkdocs
pip install mkdocs-materialcd trtz
python -m mkdocs gh-deploy --config-file ./mkdocs.yml