hello friends learn the security model of the iOS , it will teach the secure boot chain of the iOS which makes it different from other OS in, Unique scale. it is really important for an mobile pen-tester to understand the security model of iOS.

1. The iOS Secure Boot
You Maybe Secure , If You Have An IPhone. Ashish Jha (Security Analyst)
6/18/2017 1

2. Socially Connect With Me:
Facebook: https://www.facebook.com/ashish.v.jha
Directly Mail me : ashishjha120@gmail.com
Connect on LinkedIn: https://www.linkedin.com/in/ashish-j-4260969a
“When One Teaches Two Learn”
- Robert Heinlein
6/18/2017 2

3. What This Presentation Is About?
This Presentation is made with a view, To make the readers have a grasp of the “IOS” Operating Systems
secure booting process how it works, why we really say iPhones are “secure” , Well as far as security is
concerned nothing is much secure but the Apple Team has worked immensely on their platform to provide
security to their potential customers, That maybe the reason of their success.
This is for all those who are just kick starting in the dazzling world of mobile penetration testing and hacking
into mobile devices.
First it’ll be explaining all about IOS then we’ll dive into the pool of the secure booting process of the OS.
I’ve made my efforts to make you get some valuable piece of content here, And you may enjoy it.
Thank you!
6/18/2017 3

4. What The Heck is iOS?
IOS is short for “IPhone os”, the most widely used mobile operating system
used across the globe , it is the os created by Apple Inc. It is not only used in
mobile phones but also in the apple’s iPod touch & IPad. The current version of
the os is iOS 10. which was released on September 13, 2016.
The iOS mainly runs on ARM architectural hardware. Up till the release of the
iOS 7 , all the previous releases use to run on the 32-bits ARM processors
But with the release of iOS 7 , they made the os with the support of 64-bit
ARMv8-A processors.
More Knowledge: What is the (Advanced RISC Machine)ARM ?
- ARM makes 32-bit and 64-bit RISC multi-core processors.
- RISC processors are designed to perform a smaller number of types of
computer instructions so that they can operate at a higher speed,
performing more millions of instructions per second (MIPS)
6/18/2017 4

5. Some Features of The iOS?
The iOS is loaded with tons of features which makes it’s users life really easy and sophisticated as well.
Some of the features of the iOS are:
Multitasking: It is really needy as well as important to make something which is multitasking, meaning it can
make up to 5-7 tasks or more at same time. The apple makes this possible by make support of some awesome
background APIS(applications programming interface).
Some are :
1. Background audio
2. Task completions
3. Fast app switching.
4. Background location.
5. Background updates.
Siri: You may not have found a great person who just listens to you and give you all what you want,
Well apple has done that for you Siri is a personal assistant and navigator which is an application, It takes
users voice commands and interprets. 6/18/2017 5

6. iOS Security Model
The iOS security model is something which is
worth learning. This is the only reason of iPhones
being so secure.
The Security Model
Today we are only going to discuss the secure
Boot chani.
Security Model
Secure Boot Chain
Code Signing
Process-level Sandboxing
Data-at-rest Encryption
Generic Native Language exploit Mitigations:
1. Address Space Layout Randomization
2. Non-executable Memory
3. Stack-smashing Protection
6/18/2017 6

7. Secure Boot Chain
“Secure Boot Chain” – is used to describe the process by which firmware is initialized and loaded on the iOS
devices at boot time. We can consider it as the first layer of security of the platform.
It is considered as the most sophisticated and important step to check whether any file or component is being
modified or not.
The secure boot chain goes like this:
1. When an iOS device is turned on , The processor executes the boot ROM which is the read only code that
is built in the processor at the time of manufacturing.
2. The boot ROM contains the public key for the Apple’s Root CA, Which is used to verify the integrity of
the further steps of the boot chain That is the Low-level Bootloader(LLB).
3. The LLB Performs many setup tasks including locating the iBoot image flash memory.
4. LLB maintains the secure boot chain by verifying the signature of the iBoot images and if the signature
doesn’t matches the iBoot boots into recovery mode.
5. If the signature matched then , The iBoot which is the second stage bootloader is then responsible for
verifying and loading the kernel, which then loads the UI for the users.
6/18/2017 7

8. Secure Boot Chain
Boot ROM LLB iBoot iOS Kernel
The Secure Boot Chain
6/18/2017 8

9. No More Technical Explanation
Yes I know it is a bit hard to get around with the secure boot process, Please don’t worry it is the same for all
the beginners. Now let me make it easy for you to understand with a basic example.
Say for an instance you booked a hotel table yesterday night for having a lunch today with your Friend, You
booked it and got a ticket for it (Now the ticket is the LLB). You reached the hotel and the manager askes
you for you ticket to verify the booking and he verifies(Now the manger is Root CA), Now it has a number on
your ticket which is your table number(Now the table number on your ticket is the signature and the table
is the iBoot), You search and find the table that has the number same as the table number on the ticket ,
Done you go, sit and order your tasty food, the same way as the iBoot verifies the kernel and loads the iOS UI
It was just an example to make it clear, the concept in your mind , You can understand it as you, By making an
example.
6/18/2017 9

10. Thank You Geeks For Having A look.
Some of My Slides:
Learn Error Based SQL-Injection.
https://www.slideshare.net/pavj/error-based-sql-injection-76382267
ASHISH JHA
6/18/2017 10