Reddit mentions of iOS Hacker's Handbook

I would definitely take a look at The iOS Hacker's Handbook. It's an excellent resource for understanding the fundamentals of jailbreaking.

I personally have no experience, but I've heard good things about iOS hackers handbook. It's most likely not current but it might be a good start.

Read iOS Hackers Handbook http://www.amazon.com/dp/1118204123), and this http://www.idownloadblog.com/2011/09/13/i0n1c-exploit-report/).

Some of the well known jail breakers are writing a book on that right now, but it isn't finished.

http://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123

So these are complicated topics. I know more about the iOS side of things, but I'll try to point you towards some Android resources too.

For iOS, a good place to start would be to pick up an iPhone 4. It had fewer exploit mitigations and jailbreaking it was a lot easier. I highly recommend The iOS Hacker's Handbook. It's old, but the same basic concepts apply, especially for older versions of iOS. If you brick a newer iPhone and have to reinstall, you'll lose your jailbreak. With an iPhone 4, all installable versions of iOS are jailbreakable, so if you brick it you can always get back in. If you look at the iPhone Wiki you can see some writeups of some jailbreaks. Evasi0n 6 or 7 might be a good place to start. Get an iPhone 4 running iOS 6 or 7 and try to reimplement the kernel vulnerabilities used by them.

iOS and macOS share a lot of common code, and macOS is a much easier target since you can run it in a VM and it isn't as locked down. So that might be a good place to start to learn how to attack Apple's OSes. Here are some good walkthroughs of some macOS exploits:

• Pegasus Kernel Vulnerabilities
  
• Blitzard Kernel Vunerability
  
• Ian Beer's Project Zero macOS PoCs
  
• OSUnserializeBinary UAF
  
  @qwertyorioup on Twitter posts some interesting discussions and he has some good writeups on his blog. He also did a good presentation on attacking the xnu kernel.
  
  Jonathan Levin also has some good books on iOS and macOS internals, which you can find more about at his his website. He also has writeups on the TaiG jailbreaks.
  
  For Android, The Android Hacker's Handbook is pretty solid. Jonathan Levin also has an Android internals book here.
  
  I would recommend maybe picking up an Nexus 5. They're pretty cheap and easily rootable so you can hack around on them. Here are some writeups of Android/Linux kernel explotis that might be helpful:
  
  
• Exploitation of CVE-2016-0728
  
• Exploitation of CVE-2014-4322
  
• Linux kernel ROP example ... these guys have a few writeups as well.
  
  I also found this Android Kernel Exploitation Playground, but I have no idea if it's any good or not.
  
  Regardless, for all of this you need to know C and assembly. For iOS and Android, you need to know ARM, and for macOS you need to know Intel x86_64.
  
  Anyway, hope this helps!

>What exactly do you mean by watching it to see CPU? I'm quite familiar with Top -u, but is there a way to view just that processes CPU? I kind of want to watch it through my computer while browsing and see what happens.

You need to get its PID first. My favorite way to do that is with System Status from the App Store, which lists running processes with PIDs (although you can't kill them or anything).

Then use:

top -pid PID

To see just that process's stats.

>Does that Jetslammed tweak have anything related to this or help this?

Jetslammed can change a launchdaemon's HighWaterMark RAM limit, the limit of sustained RAM usage at which Jetsam automatically kills the daemon.

http://newosxbook.com/articles/MemoryPressure.html

The HWM can also be changed manually, but, in the end, it doesn't really help that much unless a daemon is only dying due to exceeding its HWM.

It can still be killed for other reasons if the system is low on memory.

It doesn't actually keep discoveryd from EVER being killed, so it doesn't really solve the issue of very large hosts (>300 KB) files causing random website disconnects due to discoveryd dying, leading to DNS failure.

It really just fixes it so that you can have Wifried and a small ad blocking hosts file at the same time since Wifried + even a small hosts file (like Light UHB) will cause discoveryd to use about 9-10 MB, exceeding the 8 MB HWM limit for a long period of time, causing discoveryd to be automatically killed, causing Wifried to re-initialize Wifi, causing random Wifi disconnects, which is even more problematic than even a DNS failure.

Wifried with Jetslammed raises the HWM for discoveryd to 12 MB from 8 MB, preventing the HWM killing of discoveryd with Wifried + small ad blocking hosts file. A large hosts file will exceed even this new limit, but, in that case, where discoveryd uses 20 MB or more, it will be killed by the system anyway for other reasons not related to the HWM.

>So do I have the correct Light UHB? Is that the one you use? I guess I might try reinstalling and maybe see. Haven't had an issue since its crash and (haven't checked today) haven't seen it anywhere near the top when running "top".

I use Light Untrusted Hosts. I've watched discovery's PID for about a month now. It's not being jetsam killed anymore even if I load a LOT of tabs and really stress it out. It never goes over 8 MB (the HWM) for any sustained period of time (even 8 MB requires A LOT of DNS activity), and never reaches enough RAM usage that the system would think to kill it to free memory (10-20 MB). Gamed (the GameCenter daemon) uses more memory than discoveryd with Light UHB . . .

>-unrelated- I love learning about all this stuff and your fountain of knowledge so far. Mind if I asked where you learned so much? I've been learning a lot about daemons lately, especially locationd and backboardd. I'm just curious as to where I can learn more about this stuff, learn how to read crash logs as so far it's just from the little experience I have, etc. I just can't find any good resources..

I've used OS X since it was in beta, and iOS is secretly just OS X in disguise with a TouchUI, a few processes missing, and a few processes added.

This book has been helpful to me in understanding jailbreaking, although it is a bit dated:

http://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123

Also a bit dated, but you may like it if you have a Mac:

http://www.amazon.com/Learning-Unix-OS-Going-Terminal/dp/1449332315/ref=sr_1_1?s=books&ie=UTF8&qid=1418694791&sr=1-1&keywords=OS+X+unix

This wiki is also good. Many devs post on it:

https://theiphonewiki.com/wiki/Main_Page

Of course it's a security flaw. Jailbreaks are 100% reliant on exploiting these flaws. But concluding from that they Apple knows about these specific flaws and intentionally hasn't addressed them is ludicrous.

Any non-trivial codebase is going to have a slew of bugs, and it's impossible for Apple to discover and squash them all. That doesn't mean they don't make an effort, because they've gone to great lengths to make discovering these bugs and linking them together in a meaningful way much more difficult than it was in the past. For an idea of just how complicated it is, a few of the people involved in getting jailbreaks to the public wrote a 400 page book on the topic.

This might be a good starting point, but I have no idea how outdated the information is. There's another book that was released last year but I can't remember the name of it.

Edit: Found it

/u/modalbony

Just learning a couple of languages won't do if your only concern is learning how to exploit. Learning how operating systems work is equally important if not more, though learning a programming language is an obvious first step.

• Start with C then C++ and finally Objective-C. If learning C seems boring/hard take a look at Python first as you'll need it anyway for scripting.
  
  
• Then you'll have to learn ARM/ARM64 to reverse engineer stuff.
  
  Now, I don't know if these are absolutely necessary but they are helpful anyway.
  
  
• Learn and use Linux/BSD the hard way™, using OS X or Windows won't get you too far IMO (I'd actually include easy distros like Ubuntu into that category). Though OS X is almost a necessity to know how iOS works and interact with it, also important since the two have so much in common.
  
  
• You can buy a book to get a general knowledge about binary exploitation, for that you can use this. It's outdated now so I don't know the current state of affairs, you can substitute it for a more modern book.
  
  
• You'll have to get an iOS specific book. Though again it's outdated.
  
  
• Take a look at these tools. Libimobiledevice is awesome
  
  
• After all that you can use some Wargames/CTFs for practicing your skills, e.g http://overthewire.org, http://wechall.net, http://io.smashthestack.org, https://exploit-exercises.com. Though you can ignore this step I guess
  
  
• Start from old iOS, iOS 4 or 5 seem sweet spot.
  
  Also check out http://winocm.moe/research/2013/09/20/resources-for-getting-started/, I might have repeated what she said.
  https://www.theiphonewiki.com/wiki/Up_to_Speed is also useful. However The iPhone Wiki again, is outdated.

Maybe this book would be of some help? I just ordered this for myself and from what I've heard about it, it's a very good book to learn about how iOS works & how to defeat it.

[Book](iOS Hacker's Handbook https://www.amazon.com/dp/1118204123/ref=cm_sw_r_cp_api_C0VCybEAQFC95)