{"id":13649732,"url":"https://github.com/ant4g0nist/Vulnerable-Kext","last_synced_at":"2025-04-22T15:30:38.213Z","repository":{"id":49948283,"uuid":"324805121","full_name":"ant4g0nist/Vulnerable-Kext","owner":"ant4g0nist","description":"A WIP \"Vulnerable by Design\" kext for iOS/macOS to play \u0026 learn *OS kernel exploitation","archived":true,"fork":false,"pushed_at":"2020-12-29T11:34:24.000Z","size":95,"stargazers_count":230,"open_issues_count":0,"forks_count":28,"subscribers_count":19,"default_branch":"main","last_synced_at":"2024-08-02T02:02:17.923Z","etag":null,"topics":["driver","exploit-development","exploitation","ios","kernel","macos","memory-corruption","vulnerabilities","xnu"],"latest_commit_sha":null,"homepage":"https://fuzzing.science/vulnerable-kext","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ant4g0nist.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-27T16:43:51.000Z","updated_at":"2024-05-28T13:09:17.000Z","dependencies_parsed_at":"2022-07-30T23:37:57.679Z","dependency_job_id":null,"html_url":"https://github.com/ant4g0nist/Vulnerable-Kext","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FVulnerable-Kext","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FVulnerable-Kext/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FVulnerable-Kext/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FVulnerable-Kext/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ant4g0nist","download_url":"https://codeload.github.com/ant4g0nist/Vulnerable-Kext/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223900372,"owners_count":17222028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["driver","exploit-development","exploitation","ios","kernel","macos","memory-corruption","vulnerabilities","xnu"],"created_at":"2024-08-02T02:00:23.731Z","updated_at":"2024-11-10T00:31:40.171Z","avatar_url":"https://github.com/ant4g0nist.png","language":"C","funding_links":[],"categories":["Mobile Security"],"sub_categories":[],"readme":"# Vulnerable Kext\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://github.com/ant4g0nist/Vulnerable-Kext/blob/master/LICENSE)\n[![Github Stars](https://img.shields.io/github/stars/ant4g0nist/Vulnerable-Kext)](https://github.com/ant4g0nist/Vulnerable-Kext/stargazers)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/ant4g0nist/Vulnerable-Kext/pulls)\n\nA WIP (work-in progress) \"Vulnerable by Design\" kext for iOS/macOS to play/learn with *OS kernel exploitation\n\n\n## Usage\n\n* Documentation can be found at [https://fuzzing.science/vulnerable-kext](https://fuzzing.science/vulnerable-kext/)\n\n* Basic setup requirements\n  * iOS device that can be jailbroken with [checkra1n](https://checkra.in/)\n  * Currently the make files are made to be used on a Mac. So, a macOS device or a VM.\n\n* Running the following command causes checkra1n to listen for attached iOS devices in DFU mode and boot pongoOS:\n\n```bash\n/Applications/checkra1n.app/Contents/MacOS/checkra1n -c -p\n```\n\n* Run `run.sh` to build kext_loader, pongo_module, and the vulnerable kext and to start kext_loader\nkext_loader waits for a device that's booted pongo shell!\n\n```bash\n./run.sh\n```\n\nFor more details about ktrw, check [ktrw](https://github.com/googleprojectzero/ktrw)\n\n## Disclaimer\n\n\u003e [Vulnerable-Kext](https://github.com/ant4g0nist/Vulnerable-Kext) is an intentionally vulnerable kext for iOS/macOS, meant for educational purpose only.\n\n## TODO\n\n* [ ] Add IOKit stuff\n* [ ] Add vulnerabilities from reported XNU/IOKit bugs? 🤔\n* [ ] Maybe improve stability of loading kexts\n* [ ] Fix the bugs in the vulnerabilities I implemented 🧐\n* [ ] Add Writeups for exploitation\n\n## credits\n\n* [@_bazad](https://twitter.com/_bazad) for the super awesome [ktrw](https://github.com/googleprojectzero/ktrw)\n* checkra1n team for the jailbreak\n* Used the kext template from [twic](https://urchin.earth.li/~twic/Kernel_Extensions_for_OS_X.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fant4g0nist%2FVulnerable-Kext","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fant4g0nist%2FVulnerable-Kext","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fant4g0nist%2FVulnerable-Kext/lists"}