Professional Documents
Culture Documents
Abstract: This is the short version of a detailed introduction to the topic of jailbreaking Apple’s
iOS devices. A general overview of iOS device and security architecture is followed by a quick
walk-through of the jailbreaking process as well as an overview of the currently available jailbreaks
and tools.
Keywords: iOS, jailbreak, security
! and a baseband
application! processor.
The application processor runs the iOS operating 3rd party app!
! user /private/var
system and (rw)! by kernel!
therefore everything the user interacts
with, while the baseband processor is exclusively
NAND!responsible for managing everything related to the
at execve()! Figure 1: iOS boot sequence
radio.
Each of both processors has their own ARM core,
NOR-flash and RAM. The baseband also runs a
different operating system, which is called Nucleu- Application Sandbox
sOS. 1) iOS enforces a number of security mechanisms in
order to isolate applications from each other and to
prevent malicious code from beeing executed.
3. iOS Security Model First, the NAND flash is divided into two logi-
cal partitions, a read-only system partition, and
The iOS security model heavily relies on memory a writeable user partition.
protection, code signing and sand boxing. Second, all applications are signature checked by
restore! recpvery!
kernel! llb! signature check!
console!