Skip to content

Home

Jump to bottom
Vera Ashkenazi edited this page Jul 19, 2020 · 3 revisions

Welcome to the iOS-on-QEMU wiki!

The project is under active development, if you want to contribute please DM @alephsecurity or @JonathanAfek.

Here we publish all the documentation related to the project that is not covered in our blog.

  • To run iOS 12.1 on QEMU follow this tutorial.

  • This project works on QEMU with KVM! Check this blog post for more information.

  • We have implemented multiple GDB scripts that will help you to debug the kernel:

    • List current/user/all tasks in XNU kernel.
    • List current/user/all threads in XNU kernel.
    • Print the information about specific task/thread.
    • Many more :).

  • To disable ASLR in DYLD shared cache follow this tutorial.

  • Follow here to learn about how we've implemented the TCP tunneling.

  • Follow the code to see all the patches we've made to the iOS kernel for this project:

    • Disable the Secure Monitor.
    • Bypass iOS's CoreTrust mechanism.
    • Disable ASLR for user mode apps.
    • Enable custom code execution in the kernel to load our own IOKit iOS drivers.
    • Enable KVM support.
    • Support getting TFP0 in usermode applications.

For more information about this research and many others, follow the AlephSecurity blog.

If you have encountered any problem with the documentation please let us know by creating an issue or DM us on twitter.

Enjoy :)

Clone this wiki locally