Appendix: Resources

The following resources were indispensible in writing this book.

• www.mediapost.com/publications/article/116920/
• www.f-secure.com/weblog/archives/00001814.html
• www.jailbreakme.com
• www.jailbreakme.com/star
• http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
• http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf
• http://theiphonewiki.com/wiki/index.php?title=LibTiff
• Enterprise iOS, www.enterpriseios.com
• Managing iOS Devices with OS X Lion Server by Arek Dreyer (Peachpit Press 2011)
• “Local and Push Notification Programming Guide,” iOS Dev Center, http://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/
• “iOS Configuration Profile Reference,” iOS Dev Center, http://developer.apple.com/library/ios/#featuredarticles/iPhoneConfigurationProfileRef/
• “Deploying iPhone and iPad Mobile Device Management,” http://images .apple.com/iphone/business/docs/iOS_MDM.pdf
• David Schuetz, “Inside Apple's MDM Black Box,” BlackHat USA 2011
• https://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_Slides.pdf
• David Schuetz, “The iOS MDM Protocol,” BlackHat USA 2011
• https://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf
• Jean-Baptiste Bédrune and Jean Sigwald, “iPhone data protection in depth,” Hack in the Box Security Conference, Amsterdam 2011
• Jean-Baptiste Bédrune and Jean Sigwald, “iPhone data protection tools,” http://code.google.com/p/iphone-dataprotection
• Andrey Belenko, “Overcoming iOS Data Protection to Re-Enable iPhone Forensics,” BlackHat USA 2011
• Dino Dai Zovi, “Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption,” BlackHat USA 2011
• “PBKDF2,” Wikipedia, http://en.wikipedia.org/wiki/PBKDF2
• www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/mac-synopsis.html
• www.blackhat.com/presentations/bh-dc-10/Seriot_Nicolas/BlackHat-DC-2010-Seriot-iPhone-Privacy-wp.pdf
• http://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html
• http://reverse.put.as/2011/09/14/apple-sandbox-guide-v1-0/
• https://github.com/kennytm/Miscellaneous/blob/master/dyld_decache.cpp
• www.semantiscope.com/research/BHDC2011/BHDC2011-Paper.pdf
• Fuzzing: Brute Force Vulnerability Discovery, Sutton, Greene, and Amini
• Fuzzing for Software Security Testing and Quality Assurance, Takanen, DeMott, Miller
• www.ietf.org/rfc/rfc2616.txt
• www.tuaw.com/2007/10/09/ apple-adds-new-mobile-protocol-handlers/
• http://labs.idefense.com/software/fuzzing.php
• www.developershome.com/sms/
• www.dreamfabric.com/sms/
• www.nobbi.com/pduspy.htm
• www.blackhat.com/presentations/bh-usa-09/MILLER/ BHUSA09-Miller-FuzzingPhone-PAPER.pdf
• “Heap Feng Shui in JavaScript,” www.phreedom.org/research/heap-feng-shui/
• “Attacking the WebKit Heap,” www.immunityinc.com/infiltrate/2011/presentations/webkit_heap.pdf
• The Mac Hacker's Handbook, Chapter 8
• “Analysis of the jailbreakme v3 font exploit,” http://esec-lab.sogeti .com/post/Analysis-of-the-jailbreakme-v3-font-exploit
• “Engineering Heap Overflow Exploits with JavaScript,” www.usenix.org/event/woot08/tech/full_papers/daniel/daniel.pdf
• “Analysis of the jailbreakme v3 font exploit,” http://esec-lab.sogeti .com/post/Analysis-of-the-jailbreakme-v3-font-exploit
• “Return-oriented Programming for the ARM Architecture,” Tim Kornau http://static.googleusercontent.com/external_content/untrusted_dlcp/www.zynamics.com/en//downloads/kornau-tim--diplomarbeit--rop.pdf
• “Getting around non-executable stack (and fix),” Solar Designer http://insecure.org/sploits/linux.libc.return.lpr.sploit.html
• “ROP and iPhone,” http://blog.zynamics.com/2010/04/16/rop-and-iphone/
• “Practical return-oriented programming,” Dino Dai Zovi http:// trailofbits.files.wordpress.com/2010/04/practical-rop.pdf
• www.eetimes.com/design/embedded/4207336/Bill-Lamie--Story-of-a-man-and-his-real-time-operating-systems
• www.ertos.nicta.com.au/software/kenge/iguana-project/latest/iguana_talk.pdf
• www.ertos.nicta.com.au/software/kenge/iguana-project/latest/iguana_dev_talk.pdf
• www.ertos.nicta.com.au/software/kenge/iguana-project/latest/userman.pdf
• http://gnuradio.org/redmine/projects/gnuradio/wiki/OpenBTSClocks
• Edward C. Lamie: Real-time Embedded Multithreading: Using ThreadX and ARM, CMP, ISBN 1578201349, 356 pages, 2005.
• Halvar Flake: “More Fun With Graphs,” Black Hat Federal 2003 www.blackhat.com/presentations/bh-federal-03/bh-fed-03-halvar.pdf
• Enrico Perla, Massimiliano Oldani: “A Guide to Kernel Exploitation: Attacking the Core,” Syngress, ISBN: 1597494860, 442 pages, 2010.