Billy Ellis
@bellis1000
Followers
21,707
Following
950
Media
3,418
Statuses
29,920
iOS security researcher
London, England
Joined November 2013
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Rodri
• 1878757 Tweets
Rodri
• 1878757 Tweets
Puerto Rico
• 977590 Tweets
Real Madrid
• 617003 Tweets
Bola de Ouro
• 439767 Tweets
Messi
• 410027 Tweets
Lamine Yamal
• 299558 Tweets
Galatasaray
• 248038 Tweets
Ronaldo
• 238237 Tweets
Champions
• 230397 Tweets
Carvajal
• 227527 Tweets
UEFA
• 219406 Tweets
Tyler
• 213621 Tweets
Cristiano
• 203609 Tweets
seungkwan
• 169517 Tweets
MELHOR DO MUNDO
• 166074 Tweets
UNRWA
• 127670 Tweets
France Football
• 121470 Tweets
Xavi
• 107542 Tweets
Aitana
• 91706 Tweets
Neymar
• 90966 Tweets
#grandefratello
• 87664 Tweets
الكره الذهبيه
• 83322 Tweets
Amorim
• 81563 Tweets
Manchester City
• 78497 Tweets
Iniesta
• 74321 Tweets
Modric
• 72253 Tweets
FIFA
• 65750 Tweets
Busquets
• 34945 Tweets
Luce
• 31952 Tweets
#ラヴィット
• 30678 Tweets
George Weah
• 30498 Tweets
كره القدم
• 27144 Tweets
Natalie Portman
• 26448 Tweets
Shaila
• 18486 Tweets
Whoopi
• 14591 Tweets
#الاهلي_العين_مع_فايق
• 12777 Tweets
ムロムカイ
• 12227 Tweets
亀梨くん
• 11748 Tweets
Pinned Tweet
Today I wanted to share a recent project of mine - a tool for visually representing & tracking memory, for iOS security researchers
14
225
818
Doing a giveaway for my new book! RT & Like to enter, I will choose 3 winners at random this time next week! 📖📚Good luck!
73
976
1K
Rushed to get all of these downgraded & jailbroken on iOS 12.4. Thought Apple would have closed the signing window today but apparently not
59
147
1K
Inspired by
@Fox0x01
’s ARM cheat-sheets, here’s Return Oriented Programming (ROP) explained in a single image
10
541
1K
After the great feedback from yesterday’s tweet, here’s another useful illustration - this time explaining how Use-After-Free (UAF) vulnerabilities can be exploited to gain code execution!
11
290
596
Very nostalgic jailbreaking with a bootROM exploit in 2019
17
52
544
Recently I’ve been building an iOS kernel tracing tool, to notify when a specific function is called in the kernel & print arguments/return val. New blog post soon!
10
58
509
Christmas giveaway!🎄 RT for a chance to win a free copy of my book📚 3 winners will be chosen next week! :)
54
780
429
Just published a new blog post - Exploring the ASLR implementation in the iOS kernel
12
118
453
Good job
@electra_team
! Keeping jailbreaking very much alive! 🔥 iOS 11.2 - 11.3.1 jailbreak available here
28
118
369
Just published a blog post talking about some iOS kernel framebuffer research I’ve been looking at over the last couple weeks. Have a read if you’re interested :)
3
118
366
Here’s a visual explanation of how Stack Canaries/Cookies work to detect & prevent stack buffer overflows being exploited
2
125
347
Recently my mum was diagnosed with breast cancer for the second time. My brother Rory and his friend are running a half marathon to raise money for cancer research. If anyone here is able to donate, it would be greatly appreciated. Thank you 🙏
32
90
318
Haven't done one of these in a while, but today I created this short written tutorial on 'Reversing ARM Binaries' for beginner reverse engineers! Check it out here if you're interested
9
125
314
Early prototype of a possible ‘Learn ARM Assembly’ iOS app I was working on last week :-) Currently only supports simplified version of MOV, LDR & STR instructions (and has a bad UI), but if enough people are interested I’d consider improving it!
17
58
318
You can now Pre-Order ‘Beginner’s Guide to Exploitation on ARM’ Volume II at First batch arrives next Wednesday, so first 100 will ship on Thursday 13th! 📖
15
93
308
As already mentioned by multiple other devs, stay away from this jailbreak - it’s a clone of an older version of Electra. It could also potentially contain malware or damage your OS
15
116
302
Been working on a book the past few weeks to teach the basics of exploit development & ROP on ARM to people who don't know where to start 📚
31
36
273
Apple giving out pre-jailbroken research iPhones to security researchers starting next year, and will pay up to $1M for zero click remote chain with persistence 📱
16
91
273
Out of curiosity for how debuggers work, I began writing my own bare-bones ARM&ARM64 debugger for iOS. At the moment it has basic functionality, including attaching to processes, viewing register state, and reading and writing to memory!
7
43
269
Changed up a few things and think this looks a bit better + install page prototype - thoughts? ()
35
60
249
Made another cheat sheet - this one illustrates how exploits can make use of a stack pivot to execute a large ROP chain/payload
#infosec
#ExploitDev
#ARM
6
120
259
I’m in the early stages of writing Volume II of BGEA - this book will follow on from Volume I, introducing more advanced exploit techniques & also covering some ARM64 stuff 📗
14
58
249
Progress! Successfully exploited CVE-2016-4655 to leak data from the kernel stack & calculate the KASLR slide :) time to look at the CVE-2016-4656 UAF next
8
37
250
First printed copy has arrived! Needs some minor refinements so will hopefully start selling them later next week :-)
36
46
246
First batch of Volume II books have arrived! Pre-orders will begin to ship today & tomorrow. You can now order both books with 1-2 working day dispatch at
31
28
235
In the new year I plan to create a video/series on “how to develop your first jailbreak” using the Pegasus vulnerabilities as a starting point. The ‘ZygoBre4k’ app in the quoted tweet is an example of what we’ll be making in the series
Progress! Successfully exploited CVE-2016-4655 to leak data from the kernel stack & calculate the KASLR slide :) time to look at the CVE-2016-4656 UAF next
8
37
250
10
37
226
Live kernel debugging on a virtualised iOS 12.0! Having the ability to do this sort of thing with whichever iPhone/version you want is gonna greatly assist developers & researchers with future iOS kernel security research
5
54
222
LEAKED screenshots of my dog working on the kernel
#exploit
for the NEW iOS 11.0
#jailbreak
! RT for reles eta s00n!
23
58
214
Here we go again! Keep your iDevices on <=11.3.1
If you're interested in bootstrapping iOS kernel security research keep a research-only device on iOS 11.3.1 for more tfp0. Release probably next week. Oh, and the 11.1.2 KDP-compatible kernel debugger really is coming soon!
266
648
2K
30
70
204
iOS Kernel Exploitation Heap Spray/Feng Shui Technique | Mach Message Sp...
6
48
219
This is crazy! BootROM exploit supporting all the way up to the iPhone X
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).
911
6K
15K
3
37
208
Stocked up on books for the year ahead! As of 2018, as well as accepting payments through I’ll also be accepting BTC as a payment method!
#HappyNewYear
29
43
210
Tonight I created this OS X Yosemite simulator for Apple Watch. Still not complete but coming along well 😀
#watchos
25
97
202
Anyone had any luck running checkm8 on iPhone 7/7 Plus? A11 and A7 devices seem to be the most likely to succeed in my experience. Haven’t had a single successful try yet with A10
26
13
201
Get started learning ROP on ARM64 by cracking ROPLevel1 (the 64-bit version)!
2
81
204
I just published a short follow up to my last blog post. This one covers disabling ASLR on 64-bit iOS using a new method
2
51
208
Very good tutorial series on how to develop your own substrate tweaks for iOS 11 by
@ZaneHelton
📱
1
40
189
Just published a tool I wrote a couple months back to pull C++ object names from kernel memory. Bit hacky, but works & is useful if you're someone who spends a lot of time looking at kernel memory dumps.
5
44
182
In the process of creating this simple app to help more people get into the iOS hacking/sec research scene, will be on my repo soon
18
38
164
Wasn’t tempted enough by the new iPhones this year, coming from an iPhone X. Maybe 2021. The new features added in each yearly refresh seem to be becoming less and less significant.
16
9
168
Quite possibly the most significant iOS tool/exploit to be released since 2010. Or since ever, considering the amount & range of different devices vulnerable. Changes the game. Great job
@axi0mX
1
17
162
Even more progress! Causing a kernel panic due to calling retain() on a free()’d OSString object, thanks
@s1guza
for the help
6
26
162
Great experience presenting at
@codetalkshh
today! Biggest stage I’ve spoke on so far. Will link the video once it’s up 🇩🇪
10
12
165
Been studying the Pangu9 IOHIDResource kernel bug this past week and have been learning a lot more about IOKit as an attack surface. Very interesting stuff!
5
17
160
Sounds very promising 😯 anyone interested in this should downgrade from iOS 11.2 & stay on <11.1.2
If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.
178
559
2K
22
43
158
Having a play around with the cool set of iOS app security exercises in DVIA-V2! Great app for learning about various vulnerabilities in mobile applications
2
22
161
Madness
HACKED! Verbose booting iPhone X looks pretty cool. Starting in DFU Mode, it took 2 seconds to jailbreak it with checkm8, and then I made it automatically boot from NAND with patches for verbose boot. Latest iOS 13.1.1, and no need to upload any images. Thanks
@qwertyoruiopz
332
2K
8K
2
9
156
Using
@CorelliumHQ
for the first time! So far so good - the virtual devices are very responsive and quick & easy to set up! Lot's of fun to be had with this :D
7
21
161
First public 32-bit iOS 10 jailbreak 🔥
9
24
154
iOS 11 will have Dark Mode! (if this is the same thing as demoed recently in the Apple Store app)
#WWDC2017
6
64
148
Bit of a fiddly set up process, but managed to get Theos to work and compile apps on-device in iOS 11.3. Since it’s a highly requested topic and there are some small changes to the process since iOS 10, I’ll likely have a video out on this tomorrow
2
24
145
Having my first shot at AI/Machine learning stuff - right now this is just a basic hard-coded obstacle avoidance AI but will hopefully be able to implement a basic neural network to this so that it’ll become smarter!
7
14
150
First iOS 12 jailbreak demoed already :O great job!
5
24
145
Had a go at making a visual representation of iOS’ layout (in the context of Aarch64 exception levels)!
5
40
148
Very excited to announce that I’ll be speaking at
@BSidesMCR
this August on ‘Return-Oriented Exploitation on ARM64’! See you there!
4
21
146
Using dark mode on Mojave really makes you wonder why Apple still hasn't implemented this in iOS. Looks so clean
9
11
137
The first ARM64 versions of my exploit-me challenges will be available soon on the Github repo 'ROP64_1' will be a 64-bit version of the 32-bit ROPLevel4 (involving exploiting a stack buffer overflow w/ASLR bypass)
#infosec
#exploitdev
3
71
145
Let's hope iOS 11 beta 2 drops tomorrow with some serious stability improvements 😅
12
21
131
Fully annotated & explained version of
@i41nbeer
’s ‘empty_list’ 11.3.1 kernel exploit. Very detailed & educational!
Today I fully annotated Ian Beer's empty_list iOS exploit. Hopefully, it'll be helpful to a some people...🙂
14
149
386
3
38
128
BinaryNinja is a pretty nice disassembler. Pretty cool how it gives a short description on what a particular instruction does when you hover over it
3
17
136