Device Setup
Hướng dẫn setup physical device cho iOS security research.
Recommended Devices
| Device | Chip | checkm8 | Tốt cho |
|---|---|---|---|
| iPhone X | A11 | Yes | Tốt nhất cho learning — checkm8 + powerful enough |
| iPhone 8 | A11 | Yes | Budget option, same A11 |
| iPhone SE 2 | A13 | No | iOS 15-16 research (Dopamine) |
| iPhone 11 | A13 | No | iOS 15-16 research |
| iPhone 13 | A15 | No | SPTM research (iOS 17+) |
Tips Mua Device
- Mua second-hand, iOS version càng cũ càng tốt
- Kiểm tra iOS version TRƯỚC KHI mua (Settings → General → About)
- Không update iOS sau khi mua
- Tốt nhất: device đã ở iOS 15.x hoặc 16.x
Jailbreak Setup
palera1n (checkm8 devices, iOS 15-17)
# Install palera1n
git clone --recursive https://github.com/palera1n/palera1n
cd palera1n
# Put device in DFU mode:
# iPhone X: Hold Side + Volume Down → release Side when Apple logo
# → Keep holding Volume Down until DFU screen
# Run palera1n
./palera1n.sh --tweaks
# Wait for device to boot jailbroken
# Open palera1n app → Install Sileo
Dopamine (iOS 15-16, A9-A16)
1. Install TrollStore (nếu available cho iOS version)
2. Download Dopamine.tipa
3. Install qua TrollStore
4. Open Dopamine → Jailbreak
5. Install Sileo từ Dopamine
Post-Jailbreak Essential Setup
SSH Access
# Install OpenSSH trên device (qua Sileo)
# Kết nối từ Mac:
ssh root@DEVICE_IP
# Default password: alpine (CHANGE THIS!)
passwd
# USB tunnel (nếu không cùng WiFi)
iproxy 2222 22 &
ssh root@localhost -p 2222
Essential Packages (Install qua Sileo)
- OpenSSH # Remote access
- Filza File Manager # GUI file browser
- NewTerm # Terminal app on device
- AppSync Unified # Install unsigned IPAs
- Frida # Dynamic instrumentation
- ldid # Code signing tool
File System Exploration
# Key directories
/System/Library/ # System frameworks, daemons
/System/Library/Sandbox/Profiles/ # Sandbox profiles
/usr/lib/ # System libraries
/private/var/mobile/ # User data
/private/var/containers/Bundle/ # App bundles
/private/var/containers/Data/ # App data
# Kernelcache location
/System/Library/Caches/com.apple.kernelcaches/kernelcache
# Interesting binaries
/usr/libexec/amfid # Code signing daemon
/usr/libexec/mobileassetd # Asset management
/usr/libexec/lsd # Launch Services daemon
/usr/sbin/mediaserverd # Media server
Safety Tips
- Không update iOS — jailbreak có thể mất
- Backup trước khi jailbreak — iTunes/Finder full backup
- Đổi root password — mặc định “alpine” là well-known
- Dùng separate device — không dùng daily driver cho research
- Snapshot state — nếu dùng Corellium, snapshot trước khi thay đổi