Write-ups and blog posts

I’ve worked on numerous projects involving iOS security. Some open-source examples include:

• Achilles - checkm8 exploit and PongoOS booter
• ChOma - CoreTrust and code-signing bypass
• TrollInstallerX - TrollStore installer for (almost) all TrollStore-supported devices
• Trigon - deterministic kernel exploit for A10 devices
• KextRW - macOS kernel extension to assist with vulnerability research and experimentation on the latest macOS versions

As far as my closed source and/or unfinished projects go, I’ve also worked on an untethered jailbreak for iOS 14 and several PAC bypasses. I tend to jump between lots of varying projects and components of iOS as I take interest in different ones. However, I only tend to release something when I am happy enough with the codebase and I will have sometimes written a nice blog post to go alongside it.

I’ve written a handful of blog posts that you can find below, with more to come. If you have any questions about any of my work, or find an error in anything, please don’t hesitate to contact me via email at [email protected] or via Twitter/X at @alfiecg_dev.

Posts

• Mar 1, 2025

  Trigon: developing a deterministic kernel exploit for iOS

• Sep 24, 2024

  A step-by-step guide to writing an iOS kernel exploit

• Jan 6, 2024

  An in-depth look at the code-signing process: ad-hoc signing

• Jul 21, 2023

  A comprehensive write-up of the checkm8 BootROM exploit

• Feb 25, 2023

  Getting untethered code execution on iOS 14.8

subscribe via RSS