New on Dynastic Research: Defeating CoreTrust

Completely bypassing codesigning on modern iOS.

Back in January, we launched the Dynastic Research Blog. Since then, we’ve published an overview of CoreTrust.

Today, we’re publishing our latest work: Completely Bypassing Codesigning on Modern iOS.

iOS prevents the execution of unsigned binaries, and in iOS 12, CoreTrust enforces this even further, becoming a significant obstacle for jailbreaks. In this post, we will detail a practical attack against both AMFI and CoreTrust, utilising a time of check to time of use (TOCTOU) attack.

We’re excited to be releasing this knowledge that we think will be extremely valuable to the community. If you’re interested in how we pulled it off, give it a read.