In this blog post I want to take a look at ASLR and how the iOS kernel implements it for user-space processes.

We’ll cover:

  • what ASLR actually is and how it aims to mitigate exploitation
  • how the iOS kernel implements ASLR for apps & processes that are executed on the device
  • a short experiment you can try that involves patching the iOS kernel to disable ASLR across all user-space processes!

ASLR stands for ‘Address Space Layout Randomisation’ — it is a security mitigation found in pretty much all systems today.

It aims to make it difficult for an exploit developer…


It’s been over two years since I last published a blog, so I thought I’d give this another go in 2020 and kick it off by writing about an iOS-related project I’ve been working on over the last couple weeks – a reverse engineering task involving the iOS screen frame-buffer.

First of all, my inspiration to start looking at this came shortly after the release of the checkra1n jailbreak for the iPhone 5S – iPhone X. If you haven’t yet played with checkra1n, check it out here – https://checkra.in/.

One of the things checkra1n does during the jailbreaking process is…

Billy Ellis

20. iOS security researcher.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store