iOS Exploit Starterpack
A structured learning path from zero to iOS kernel exploitation.
Welcome
This is a structured, self-paced knowledge base designed to take you from foundational concepts to advanced iOS kernel exploitation techniques.
The content is organized into 8 phases, each building on the last. Whether you are a security researcher, reverse engineer, or just deeply curious about how iOS works under the hood, this guide provides a clear path forward.
How to Use This Guide
-
Start from Phase 0 if you are new to low-level security research. The foundations section covers ARM64 assembly, C programming patterns relevant to exploitation, and tool setup.
-
Jump to any phase if you already have background knowledge. Each topic is self-contained with references to prerequisites where needed.
-
Use the sidebar to navigate between topics. Sections are collapsible – click a phase header to expand or collapse it.
-
Switch languages using the EN/VI toggle in the top right. Vietnamese translations are available for all content.
Learning Path Overview
| Phase | Focus | Topics |
|---|---|---|
| 0 | Foundations | ARM64, C, Tools |
| 1 | Darwin Basics | Mach-O, Code Signing, Sandbox, dyld |
| 2 | XNU Kernel | Architecture, Mach IPC, VM, Heap, BSD |
| 3 | Attack Surface | IOKit, Syscalls, Vuln Classes |
| 4 | Exploit Primitives | Info Leaks, Kernel R/W, Physical R/W |
| 5 | Hardware Mitigations | PAC, KTRR/CTRR, PPL, SPTM, Exclaves |
| 6 | Case Studies | checkm8, unc0ver, Dopamine, Trigon, and more |
| 7 | Tools & Lab | RE Tools, Debugging, Device Setup |
Prerequisites
Before diving in, you should be comfortable with:
- Basic programming (any language)
- Command-line usage (terminal, shell)
- Fundamental computer science concepts (memory, processes, OS basics)
No prior exploit development experience is required – that is what this guide teaches.
Getting Started
Select Phase 0: Foundations in the sidebar to begin your journey, or pick any topic that interests you.