Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1
Since 2018, Apple has deployed PA on all Apple-silicon-based products to improve the security of the system. There have been many incredible security researchers who have conducted in-depth analyses of the PA protection deployed by Apple. Notably, in the 2019 analysis blog “Examining Pointer Authentication on the iPhone XS“ by Brandon Azad from Project Zero, he discovered that Apple uses some unknown “dark magic“ on the PA hardware. So the customized PA on Apple Silicon can defend against cross-EL/Key attacks without software support. However, four years have passed and there is still no research to reveal the causes of these cross attack mitigations....
By: Zechao Cai , Wenbo Shen , Yu Wang , Yutian Yang watchd0g , Jiaxun Zhu Sean
Full Abstract and Presentation Materials: #apple-pac-four-years-later-reverse-engineering-the-customized-pointer-authentication-hardware-implementation-on-apple-m-32824