iOS Kernel Utilities
Beware, chances are the device will panic and reboot.
Just want the binaries?
Head over to Releases. :)
- Jailbroken Device
tfp0kernel patch (see below)
- If you don't have XCode:
- GNU make
- C compiler for iOS
- Code signing utility
A kernel patch is required for these tools to work, since access to kernel memory is natively unavailable for obvious reasons.
That patch is normally referred to as
tfp0), and is included in almost every public jailbreak.
The latest release of these tools is confirmed to work with:
- p0sixspwn on 6.1.x
- Pangu on 7.1.x
- TaiG on 8.4
- Pangu9 on 9.1
- qwertyoruiop's jailbreakme on 9.3.x
- extra_recipe on 10.0-10.2
- Yalu102 (beta4 or later) on 10.0.1-10.2
Jailbreaks that DO NOT seem to enable
tfp0, and thus DO NOT work with kern-utils:
- Pangu9 on 9.0.x (but can be enabled with cl0ver)
- Pangu9 on 9.2-9.3.3 (but see qwertyoruiop's jailbreakme)
- YaluX on 10.0.1-10.1.1
If you have information about how the kernel task port can be obtained in these versions, please open a ticket and tell me.
||Dump a running iOS kernel to a file|
||Display various kernel information|
||Visualize the kernel address space|
||Dump kernel memory to the console|
||Apply patches to a running kernel|
||Display and patch NVRAM variables permissions|
git clone https://github.com/Siguza/ios-kern-utils cd ios-kern-utils make # build just the binaries make deb # build a deb file for Cydia make xz # package binaries to a .tar.xz make dist # deb && xz
make you may also specify the following environment variables:
||Custom compiler flags||none|
||Archive manipulation utility||
||Symbol remover utility||
||Code signing utility||
||Code signing flags||
As of late, kern-utils can also be compiled for and used on macOS.
IGCC=gcc IGCC_ARCH='-arch x86_64' SIGN=true STRIP=strip LIBTOOL=libtool make clean all
SIGN=true is a dirty hack to skip signing, which is necessary because Sierra and later will not allow self-signed binaries with restricted entitlements to run. However, entitlements aren't needed on macOS since the kernel task port is obtained via a different API very much thanks to Jonathan Levin.
In order to use kern-utils, SIP needs to be at least partially disabled. If you don't want to disable it completely, you can use:
csrutil enable --without debug
- Test on Linux
- Keep up with the original repo