{"id":13638122,"url":"https://github.com/alephsecurity/xnu-qemu-arm64","last_synced_at":"2025-04-15T03:53:31.873Z","repository":{"id":47029121,"uuid":"190453050","full_name":"alephsecurity/xnu-qemu-arm64","owner":"alephsecurity","description":null,"archived":false,"fork":false,"pushed_at":"2021-09-16T16:44:58.000Z","size":250844,"stargazers_count":1404,"open_issues_count":19,"forks_count":128,"subscribers_count":88,"default_branch":"master","last_synced_at":"2025-04-15T03:53:20.154Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alephsecurity.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.texi","support":null}},"created_at":"2019-06-05T19:05:29.000Z","updated_at":"2025-04-13T12:51:09.000Z","dependencies_parsed_at":"2022-08-12T13:11:29.737Z","dependency_job_id":null,"html_url":"https://github.com/alephsecurity/xnu-qemu-arm64","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alephsecurity%2Fxnu-qemu-arm64","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alephsecurity%2Fxnu-qemu-arm64/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alephsecurity%2Fxnu-qemu-arm64/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alephsecurity%2Fxnu-qemu-arm64/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alephsecurity","download_url":"https://codeload.github.com/alephsecurity/xnu-qemu-arm64/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249003955,"owners_count":21196794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:00:40.510Z","updated_at":"2025-04-15T03:53:31.856Z","avatar_url":"https://github.com/alephsecurity.png","language":"C","funding_links":[],"categories":["Phones/PDAs/other mobile devices, etc","C","Apple iOS/iPod"],"sub_categories":["Apple iOS/iPod","Atari Lynx"],"readme":"\n\n# iOS on QEMU\n\nThis project is a fork of the official QEMU repository. Please refer to this [README](https://github.com/qemu/qemu/blob/master/README.rst) for information about the QEMU project.\n\nThe goal of this project is to boot a fully functional iOS system on QEMU.\n\n*The project is under active development, follow [@alephsecurity] and [@JonathanAfek] for updates.*\n\nFor technical information about the research, follow our blog:\n- [Running iOS in QEMU to an interactive bash shell (1)]\n- [Running iOS in QEMU to an interactive bash shell (2)]\n- [Tunnelling TCP connections into iOS on QEMU]\n- [Accelerating iOS on QEMU with hardware virtualization (KVM)]\n\n**Help is wanted!**\n\nIf you are passionate about iOS and kernel exploitation and want to help us push this project forward, please refer to the open issues in this repo :)\n\n\n---\n- Current project's functionality:\n  - `launchd` services\n  - Interactive bash\n  - R/W secondary disk device\n  - Execution of binaries (also ones that are not signed by Apple)\n  - SSH through TCP tunneling\n  - Textual FrameBuffer\n  - ASLR for usermode apps is disabled\n  - ASLR for DYLD shared cache is disabled\n  - GDB scripts for kernel debugging\n  - KVM support\n  - TFP0 from user mode applications\n\n- To run iOS 12.1 on QEMU follow this [tutorial](https://github.com/alephsecurity/xnu-qemu-arm64/wiki/Build-iOS-on-QEMU).\n\n- This project works on QEMU with KVM! Check [this blog post](https://alephsecurity.com/2020/07/19/xnu-qemu-kvm/) for more information.\n\n- We have implemented multiple GDB [scripts](https://github.com/alephsecurity/xnu-qemu-arm64-tools/tree/master/gdb) that will help you to debug the kernel:\n  - List current/user/all tasks in XNU kernel.\n  - List current/user/all threads in XNU kernel.\n  - Print the information about specific task/thread.\n  - Many more :).\n\n- To disable ASLR in DYLD shared cache follow this [tutorial](https://github.com/alephsecurity/xnu-qemu-arm64/wiki/Disable-ASLR-for-dyld_shared_cache-load).\n\n- Follow [here](https://alephsecurity.com/2020/03/29/xnu-qemu-tcp-tunnel/) to learn about how we've implemented the TCP tunneling.\n\n- Follow the [code](https://github.com/alephsecurity/xnu-qemu-arm64/blob/master/hw/arm/n66_iphone6splus.c) to see all the patches we've made to the iOS kernel for this project:\n  - Disable the Secure Monitor.\n  - Bypass iOS's CoreTrust mechanism.\n  - Disable ASLR for user mode apps.\n  - Enable custom code execution in the kernel to load our own IOKit iOS drivers.\n  - Enable KVM support.\n  - Support getting TFP0 in usermode applications.\n  \n\n[Running iOS in QEMU to an interactive bash shell (1)]: https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/\n[Running iOS in QEMU to an interactive bash shell (2)]: https://alephsecurity.com/2019/06/25/xnu-qemu-arm64-2/\n[Tunnelling TCP connections into iOS on QEMU]: https://alephsecurity.com/2020/03/29/xnu-qemu-tcp-tunnel/\n[Accelerating iOS on QEMU with hardware virtualization (KVM)]: https://alephsecurity.com/2020/07/19/xnu-qemu-kvm/\n[@alephsecurity]: https://twitter.com/alephsecurity\n[@JonathanAfek]: https://twitter.com/JonathanAfek\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falephsecurity%2Fxnu-qemu-arm64","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falephsecurity%2Fxnu-qemu-arm64","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falephsecurity%2Fxnu-qemu-arm64/lists"}