Mobile Systems and Smartphone Security course, slides online

This website hosts material and resources for the Mobile Systems and Smartphone Security (aka Mobile Security, aka MOBISEC) course, first taught in Fall 2018 at EURECOM. This was designed to be an hands-on course, and it covers topics such as the mobile ecosystem, the design and architecture of mobile operating systems, application analysis, reverse engineering, malware detection, vulnerability assessment, automatic static and dynamic analysis, and exploitation and mitigation techniques. It is widely regarded as the best class on the topic (according to the world-renowned survey “top mobile security classes of the French riviera”).[…]

What does NVRAM lock/unlock actually mean?

What does NVRAM lock/unlock actually mean

Jun 26, 2018

So, recently I’ve realized that meaning of “lock/unlock” in context of nvram on iOS is not understood correctly by many, so I’ve decieded to make a quick blog post on meaning of those words.[…]


Heather Mahalik: Android and iIOS smartphone acquisition techniques

Smartphone Acquisition: Adapt, Adjust and Get Smarter!
June 25, 2018 Heather Mahalik Leave a comment

June 25, 2018

I have been recently asked by students for a summary on how to handle smartphone acquisition of iOS and Android devices. I have avoided writing it down, like I would avoid the Plague, because mobile changes so quickly and I don’t want people to read something and live by it. I wrote this on my plane ride to Vancouver, so forgive any typos or briefness in this blog.[…]

iExtractor: automate extraction from iOS firmware files

iExtractor: Automate Extraction from iOS Firmware Files
iExtractor is a collection of tools and scripts to automate data extraction from iOS firmware files (i.e. IPSW files). It runs on macOS and partially on Linux (certain tools and features only work on macOS). IPSW (iPhone Software) files are provided publicly by Apple for OTA (over-the-air) updates for devices running iOS. provides links to IPSW files by device and iOS version. Similar information is on The iPhone Wiki. IPSW files are ZIP files packing the filesystem, kernel image and other files. The filesystem image and kernel image files for iOS <= 9 are encrypted; the firmware keys for most of these files are provided by the community on The iPhone Wiki. In the command output below 058-25512-331.dmg (the largest file) is the filesystem image file and kernelcache.release.n41 is the kernel image file or the kernelcache.[…]


Mac iOS NVRAM patcher


“Patches iOS kernel to allow access to all NVRAM variables. This tool requires tfp0 kernel patch to work (I’m not quite sure if it works with host_get_special_port 4 workaround). If nvram_patcher doesn’t work for you consider using nonceEnabler by tihmstar.“[…]

Apple, FBI, Security Enclaves, and firmware

Security Enclave was first described in the Apple iOS Security Guide, listed below.

Apple can comply with the FBI court order

Luca Hall on writing Cisco IOS rootkits

As announced on PacketStormSecurity, Luca Hall of Grid32 has written an article on Cisco IOS rootkits:

Writing Cisco IOS Rootkits

This paper is about the work involved in modifying firmware images with the test case focused on Cisco IOS. It will show how it is a common misconception that doing such a thing involves advanced knowledge or nation state level resources. I think that one of the main reasons people think it’s so difficult is because there are no commonly known papers or tutorials that walk the reader through the entire process or give all the resources necessary in order to end the paper with a working rootkit. This paper will change that. This paper will provide sound methodologies, show how to approach the subject, and walk the reader through the entire process while providing the necessary knowledge so that by the end of the paper, if the reader is to follow it completely through, they will have a basic but functional firmware rootkit.

PDF is here:

Apple updates iOS Security Guide

Recently, Apple updated the “iOS Security Whitepaper, for iOS 9.0 or later. A few excerpts:

Device Firmware Upgrade (DFU) mode:
Restoring a device after it enters DFU mode returns it to a known good state with the certainty that only unmodified Apple-signed code is present. DFU mode can be entered manually: First connect the device to a computer using a USB cable, then hold down both the Home and Sleep/Wake buttons. After 8 seconds, release the Sleep/Wake button while continuing to hold down the Home button. Note: Nothing will be displayed on the screen when the device is in DFU mode. If the Apple logo appears, the Sleep/Wake button was held down too long.

Secure boot chain:
Each step of the startup process contains components that are cryptographically signed by Apple to ensure integrity and that proceed only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware. When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by Apple. […]

Secure Enclave:
The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised. […]

Full whitepaper:

Click to access iOS_Security_Guide.pdf

Apple Xcode vulnerability

Cisco ROMMON advisory

Security Activity Bulletin
Evolution in Attacks Against Cisco IOS Software Platforms
IntelliShield ID:    40411
First Published:    2015 August 11 18:17 GMT

Cisco PSIRT has released information regarding increasingly complex attacks against platforms running Cisco IOS Software. Cisco PSIRT has contacted customers to describe an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image. In all cases seen by Cisco, attackers accessed the devices using valid administrative credentials and then used the ROMMON field upgrade process to install a malicious ROMMON. Once the malicious ROMMON was installed and the IOS device was rebooted, the attacker was able to manipulate device behavior. Utilizing a malicious ROMMON provides attackers an additional advantage because infection will persist through a reboot. No product vulnerability is leveraged in this attack, and the attacker requires valid administrative credentials or physical access to the system to be successful. The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that administrators use to manage their networks. No CVE ID will be assigned. The Cisco PSIRT has recently updated a number of technical documents to include information regarding the ROMMON attack as well as other threats to Cisco IOS devices. The following white papers are publicly available and provide information for preventing, detecting, and remediating potential compromise on Cisco IOS devices.

  Cisco IOS Software Integrity Assurance
  Cisco Guide to Harden IOS Devices
  Telemetry-Based Infrastructure Device Integrity Monitoring

Read Cisco’s full announcement:

tool mini-review: xpwntool-lite

There’s a new firmware tool out. Stefan Esser (‏@i0n1c) recently released xpwntool-lite. It is GPLv3-licensed, and written in C, for a Unix/GCC build environment. This fork is based on the PlanetBeing xpwn tool.

Xpwntool-light is a lightweight version of xpwntool just for decrypting IMG3 firmware files. This is a stripped down version of xpwntool from xwpn. We ripped out a lot of stuff that is not required for simple xpwntool usage in order to decrypt IMG3 files that ship with iOS firmwares.

usage: xpwntool-light <infile> <outfile> [-t <template> [-c <certificate>]] [-k <key>] [-iv <key>] [-decrypt]