|
|
|
|
|
|
by svenpeter
1788 days ago
|
|
|
Usually, once you can run code in kernel mode it’s just a matter of bringing the hardware back to a sane state. Unfortunately, “just” running code in kernel mode is incredibly hard on the iPad. There’s e.g. a hardware mitigation that turns a memory region to read-only and also only allows kernel code to run from this region. This mitigation is locked down and cannot be disabled once XNU is running on the iPad (http://siguza.github.io/KTRR/). On top of that page tables are also protected by a “kernel within the kernel” (https://blog.svenpeter.dev/posts/m1_sprr_gxf) Getting past all that is going to be very hard if not impossible. |
|
|