Billy Ellis – Medium

Dec 31, 2021

A Memory Visualiser Tool for iOS Security Research

Happy New Year!🥳 In this post I want to share a recent project of mine — a memory visualiser tool for iOS security researchers. I’m releasing an early demo version of this tool starting today, so if you’re interested, be sure to go to https://zygosec.com/membuddy.html and try it out. The…

4 min read

Oct 10, 2021

Disabling ASLR on 64-bit iOS

Tl;dr: There’s a special flag you can add to a process’s proc structure. Any child process then spawned by the process will be loaded into memory without ASLR. In my last blog post, where I discussed the ASLR implementation in the iOS kernel, you may remember me writing about this…

6 min read

Dec 6, 2020

ASLR & the iOS Kernel — How virtual address spaces are randomised

In this blog post I want to take a look at ASLR and how the iOS kernel implements it for user-space processes. We’ll cover: what ASLR actually is and how it aims to mitigate exploitation how the iOS kernel implements ASLR for apps & processes that are executed on the…

I OS

11 min read

ASLR & the iOS Kernel — How virtual address spaces are randomised

Jan 18, 2020

Exploring the iOS screen framebuffer– a kernel reversing experiment

It’s been over two years since I last published a blog, so I thought I’d give this another go in 2020 and kick it off by writing about an iOS-related project I’ve been working on over the last couple weeks – a reverse engineering task involving the iOS screen frame-buffer. …

I OS

11 min read

Exploring the iOS screen frame-buffer– a kernel reversing experiment