Mac iOS NVRAM patcher


“Patches iOS kernel to allow access to all NVRAM variables. This tool requires tfp0 kernel patch to work (I’m not quite sure if it works with host_get_special_port 4 workaround). If nvram_patcher doesn’t work for you consider using nonceEnabler by tihmstar.“[…]



Apple, FBI, Security Enclaves, and firmware

Security Enclave was first described in the Apple iOS Security Guide, listed below.


Apple can comply with the FBI court order



Luca Hall on writing Cisco IOS rootkits

As announced on PacketStormSecurity, Luca Hall of Grid32 has written an article on Cisco IOS rootkits:

Writing Cisco IOS Rootkits

This paper is about the work involved in modifying firmware images with the test case focused on Cisco IOS. It will show how it is a common misconception that doing such a thing involves advanced knowledge or nation state level resources. I think that one of the main reasons people think it’s so difficult is because there are no commonly known papers or tutorials that walk the reader through the entire process or give all the resources necessary in order to end the paper with a working rootkit. This paper will change that. This paper will provide sound methodologies, show how to approach the subject, and walk the reader through the entire process while providing the necessary knowledge so that by the end of the paper, if the reader is to follow it completely through, they will have a basic but functional firmware rootkit.

PDF is here:



Apple updates iOS Security Guide

Recently, Apple updated the “iOS Security Whitepaper, for iOS 9.0 or later. A few excerpts:

Device Firmware Upgrade (DFU) mode:
Restoring a device after it enters DFU mode returns it to a known good state with the certainty that only unmodified Apple-signed code is present. DFU mode can be entered manually: First connect the device to a computer using a USB cable, then hold down both the Home and Sleep/Wake buttons. After 8 seconds, release the Sleep/Wake button while continuing to hold down the Home button. Note: Nothing will be displayed on the screen when the device is in DFU mode. If the Apple logo appears, the Sleep/Wake button was held down too long.

Secure boot chain:
Each step of the startup process contains components that are cryptographically signed by Apple to ensure integrity and that proceed only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware. When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by Apple. […]

Secure Enclave:
The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised. […]

Full whitepaper:


Apple Xcode vulnerability




Cisco ROMMON advisory

Security Activity Bulletin
Evolution in Attacks Against Cisco IOS Software Platforms
IntelliShield ID:    40411
First Published:    2015 August 11 18:17 GMT

Cisco PSIRT has released information regarding increasingly complex attacks against platforms running Cisco IOS Software. Cisco PSIRT has contacted customers to describe an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image. In all cases seen by Cisco, attackers accessed the devices using valid administrative credentials and then used the ROMMON field upgrade process to install a malicious ROMMON. Once the malicious ROMMON was installed and the IOS device was rebooted, the attacker was able to manipulate device behavior. Utilizing a malicious ROMMON provides attackers an additional advantage because infection will persist through a reboot. No product vulnerability is leveraged in this attack, and the attacker requires valid administrative credentials or physical access to the system to be successful. The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that administrators use to manage their networks. No CVE ID will be assigned. The Cisco PSIRT has recently updated a number of technical documents to include information regarding the ROMMON attack as well as other threats to Cisco IOS devices. The following white papers are publicly available and provide information for preventing, detecting, and remediating potential compromise on Cisco IOS devices.

  Cisco IOS Software Integrity Assurance
  Cisco Guide to Harden IOS Devices
  Telemetry-Based Infrastructure Device Integrity Monitoring

Read Cisco’s full announcement:




tool mini-review: xpwntool-lite

There’s a new firmware tool out. Stefan Esser (‏@i0n1c) recently released xpwntool-lite. It is GPLv3-licensed, and written in C, for a Unix/GCC build environment. This fork is based on the PlanetBeing xpwn tool.

Xpwntool-light is a lightweight version of xpwntool just for decrypting IMG3 firmware files. This is a stripped down version of xpwntool from xwpn. We ripped out a lot of stuff that is not required for simple xpwntool usage in order to decrypt IMG3 files that ship with iOS firmwares.

usage: xpwntool-light <infile> <outfile> [-t <template> [-c <certificate>]] [-k <key>] [-iv <key>] [-decrypt]