https://github.com/alephsecurity/xnu-qemu-arm64 Skip to content Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Issues - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Education - [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this user All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} alephsecurity / xnu-qemu-arm64 Public * Notifications * Star 1k * Fork 85 View license 1k stars 85 forks Star Notifications * Code * Issues 11 * Pull requests 2 * Actions * Projects 0 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights master Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 4 branches 0 tags Code Latest commit @tappdarden tappdarden Update README.md (#28) ... 2694993 Sep 16, 2021 Update README.md (#28) Putting link for the blog QEMU with KVM. (there was no link before.) 2694993 Git stats * 73,552 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time accel kvm: Introduce KVM irqchip change notifier Nov 25, 2019 audio audio: fix audio recording Nov 20, 2019 authz Include qemu/module.h where needed, drop it from qemu-common.h Jun 12, 2019 backends core: replace getpagesize() with qemu_real_host_page_size Oct 26, 2019 block block/qcow2-bitmap: fix crash bug in qcow2_co_remove_persistent_dirty... Dec 9, 2019 bsd-user *-user: plugin syscalls Oct 28, 2019 capstone @ 22ead3e disas: Add capstone as submodule Oct 26, 2017 chardev socket: Add num connections to qio_net_listener_open_sync() Sep 3, 2019 contrib vhost-user-input: use free(elem) instead of g_free(elem) Nov 20, 2019 crypto crypto: add support for nettle's native XTS impl Oct 28, 2019 default-configs Merge remote-tracking branch 'remotes/vivier/tags/ q800-branch-pull-re... Oct 29, 2019 disas cris: do not leak struct cris_disasm_data Oct 4, 2019 docs docs/devel: update tcg-plugins.rst with API versioning details Nov 20, 2019 dtc @ e543880 Update dtc to fix compilation problem on Mac OS 10.6 Jan 10, 2018 dump sysemu: Split sysemu/runstate.h off sysemu/sysemu.h Aug 16, 2019 fpu softfp: Added hardfloat conversion from float32 to float64 Oct 30, 2019 fsdev 9p: Added virtfs option 'multidevs=remap|forbid|warn' Oct 10, 2019 gdb-xml target/riscv: Expose "priv" register for GDB for reads Oct 28, 2019 hw xnu: add support for loading custom function hooks Sep 13, 2020 include xnu: add support for loading custom function hooks Sep 13, 2020 io socket: Add num connections to qio_net_listener_open_sync() Sep 3, 2019 libdecnumber build: remove CONFIG_LIBDECNUMBER Oct 16, 2017 linux-headers Add support for IDSR exits from KVM Jul 19, 2020 linux-user linux-user: fix translation of statx structures Nov 25, 2019 migration net/virtio: fix dev_unplug_pending Nov 25, 2019 monitor monitor/qmp: resume monitor when clearing its queue Nov 19, 2019 nbd nbd: Don't send oversize strings Nov 18, 2019 net COLO-compare: Fix incorrect if logic Oct 29, 2019 pc-bios pseries: Update SLOF firmware image Dec 9, 2019 plugins tcg plugins: expose an API version concept Nov 12, 2019 po ui/gtk: fix gettext message's charset. Nov 21, 2019 python/qemu Python libs: close console sockets before shutting down the VMs Oct 28, 2019 qapi bitmap: Enforce maximum bitmap name length Nov 18, 2019 qga qga: Add "guest-get-memory-block-info" to blacklist Nov 4, 2019 qobject json: Move switch 'fall through' comment to correct place Aug 21, 2019 qom qom: Fix error message in object_class_property_add() Nov 12, 2019 replay replay: add BH oneshot event for block layer Oct 14, 2019 roms pseries: Update SLOF firmware image Dec 9, 2019 scripts vmstate-static-checker: Fix for current python Nov 25, 2019 scsi qemu-pr-helper: fix crash in mpath_reconstruct_sense Oct 3, 2019 stubs hw/pci-host/piix: Move i440FX declarations to hw/pci-host/i440fx.h Nov 5, 2019 target Add support for IDSR exits from KVM Jul 19, 2020 tcg tcg/LICENSE: Remove out of date claim about TCG subdirectory licensing Nov 11, 2019 tests Merge remote-tracking branch 'remotes/stsquad/tags/ pull-rc3-testing-2... Nov 26, 2019 trace trace: add mmu_index to mem_info Oct 28, 2019 ui ui/gtk: fix gettext message's charset. Nov 21, 2019 util util/cutils: Fix incorrect integer->float conversion caught by clang Nov 25, 2019 .cirrus.yml cirrus.yml: add latest Xcode build target Oct 25, 2019 .dir-locals.el Add .dir-locals.el file to configure emacs coding style Oct 8, 2015 .editorconfig editorconfig: add setting for shell scripts Jun 12, 2019 .exrc qemu: add .exrc Sep 7, 2012 .gdbinit .gdbinit: load QEMU sub-commands when gdb starts Jun 7, 2017 .gitignore Merge tag 'v4.2.0' into upgrade-qemu-4.2.0-merge Jan 13, 2020 .gitlab-ci.yml gitlab-ci.yml: Use libvdeplug-dev to compile-test the VDE network bac... Oct 25, 2019 .gitmodules roms: add microvm-bios (qboot) as binary and git submodule Oct 22, 2019 .gitpublish Add a git-publish configuration file Mar 5, 2018 .mailmap MAINTAINERS: Update mail address of Aleksandar Rikalo Oct 25, 2019 .patchew.yml ci: store Patchew configuration in the tree Jun 3, 2019 .shippable.yml shippable: Remove Debian 8 libfdt kludge May 11, 2018 .travis.yml .travis.yml: drop xcode9.4 from build matrix Nov 29, 2019 CODING_STYLE.rst docs: split the CODING_STYLE doc into distinct groups Sep 5, 2019 COPYING COPYING: update from FSF Oct 12, 2008 COPYING.LIB COPYING.LIB: Synchronize the LGPL 2.1 with the version from gnu.org Jan 30, 2019 Changelog Use HTTPS for qemu.org and other domains Nov 21, 2017 Kconfig.host 9p: simplify source file selection Aug 20, 2019 LICENSE tcg/LICENSE: Remove out of date claim about TCG subdirectory licensing Nov 11, 2019 MAINTAINERS docs/devel: rename plugins.rst to tcg-plugins.rst Nov 20, 2019 Makefile Merge remote-tracking branch 'remotes/vivier2/tags/ trivial-branch-pul... Nov 12, 2019 Makefile.objs hw: Move PL031 device from hw/timer/ to hw/rtc/ subdirectory Oct 24, 2019 Makefile.target Merge remote-tracking branch 'remotes/stsquad/tags/ pull-tcg-plugins-2... Oct 30, 2019 README.md Update README.md (#28) Sep 16, 2021 VERSION Update version for v4.2.0 release Dec 12, 2019 arch_init.c hw/m68k: add Nubus macfb video card Oct 28, 2019 balloon.c Clean up inclusion of exec/cpu-common.h Aug 16, 2019 block.c block: Remove 'backing': null from bs->{explicit_,}options Nov 18, 2019 blockdev-nbd.c nbd: Don't send oversize strings Nov 18, 2019 blockdev.c block: Add @exact parameter to bdrv_co_truncate() Oct 28, 2019 blockjob.c blockjob: update nodes head while removing all bdrv Sep 16, 2019 bootdevice.c bootdevice: FW_CFG interface for LCHS values Oct 31, 2019 bt-host.c all: Clean up includes Feb 4, 2016 bt-vhci.c Include qemu-common.h exactly where needed Jun 12, 2019 configure configure: Check bzip2 is available Nov 11, 2019 cpus-common.c cpu: introduce cpu_in_exclusive_context() Oct 28, 2019 cpus.c cpu: hook plugin vcpu events Oct 28, 2019 device-hotplug.c Include hw/hw.h exactly where needed Aug 16, 2019 device_tree.c device_tree: Fix integer overflowing in load_device_tree() Apr 9, 2019 disas.c plugin: add qemu_plugin_insn_disas helper Oct 28, 2019 dma-helpers.c dma-helpers: ensure AIO callback is invoked after cancellation Aug 16, 2019 exec-vary.c exec: Cache TARGET_PAGE_MASK for TARGET_PAGE_BITS_VARY Oct 28, 2019 exec.c Merge remote-tracking branch 'remotes/stsquad/tags/ pull-tcg-plugins-2... Oct 30, 2019 gdbstub.c gdbstub: Fix handler for 'F' packet Aug 28, 2019 gitdm.config contrib: gitdm: add a mapping for Janus Technologies Mar 12, 2019 hmp-commands-info.hx riscv: hmp: Add a command to show virtual memory mappings Sep 17, 2019 hmp-commands.hx audio: add audiodev property to vnc and wav_capture Aug 21, 2019 ioport.c Include qemu-common.h exactly where needed Jun 12, 2019 iothread.c iothread: document about why we need explicit aio_poll() Mar 8, 2019 job-qmp.c Include qemu-common.h exactly where needed Jun 12, 2019 job.c job: drop job_drain Sep 10, 2019 memory.c Remove unassigned_access CPU hook Nov 11, 2019 memory_ldst.inc.c memory: Single byte swap along the I/O path Sep 3, 2019 memory_mapping.c Include qemu-common.h exactly where needed Jun 12, 2019 module-common.c all: Clean up includes Feb 4, 2016 os-posix.c sysemu: Split sysemu/runstate.h off sysemu/sysemu.h Aug 16, 2019 os-win32.c sysemu: Split sysemu/runstate.h off sysemu/sysemu.h Aug 16, 2019 qdev-monitor.c migration: allow unplug during migration for failover devices Oct 29, 2019 qemu-bridge-helper.c qemu-bridge-helper: move repeating code in parse_acl_file Jul 29, 2019 qemu-deprecated.texi scsi: deprecate scsi-disk Nov 19, 2019 qemu-doc.texi buildfix: update texinfo menu Nov 18, 2019 qemu-edid.c Include qemu-common.h exactly where needed Jun 12, 2019 qemu-img-cmds.hx qemu-img: Add salvaging mode to convert Jun 14, 2019 qemu-img.c Revert "qemu-img: Check post-truncation size" Oct 28, 2019 qemu-img.texi doc: Preallocation does not require writing zeroes Aug 19, 2019 qemu-io-cmds.c block: Pass truncate exact=true where reasonable Oct 28, 2019 qemu-io.c qemu-io: Support help options for --object Oct 14, 2019 qemu-keymap.c Include qemu-common.h exactly where needed Jun 12, 2019 qemu-nbd.c nbd: Don't send oversize strings Nov 18, 2019 qemu-nbd.texi qemu-nbd: Add --pid-file option Jun 13, 2019 qemu-option-trace.texi qemu-option-trace: -trace enable= is a pattern, not a file May 20, 2018 qemu-options-wrapper.h qemu-img: remove references to GEN_DOCS May 20, 2018 qemu-options.h Clean up ill-advised or unusual header guards Jul 12, 2016 qemu-options.hx Merge remote-tracking branch 'remotes/kraxel/tags/ audio-20191106-pull... Nov 7, 2019 qemu-seccomp.c seccomp: report more useful errors from seccomp Mar 27, 2019 qemu-tech.texi qemu-tech: Fix dangling @menu entries Jul 15, 2019 qemu.nsi win32: fix README file in NSIS installer Sep 16, 2019 qemu.sasl Default to GSSAPI (Kerberos) instead of DIGEST-MD5 for SASL May 9, 2017 qtest.c tests: add module loading test Aug 21, 2019 replication.c replication: Introduce new APIs to do replication operation Sep 13, 2016 replication.h Include qemu/module.h where needed, drop it from qemu-common.h Jun 12, 2019 rules.mak contrib: add vhost-user-gpu May 29, 2019 thunk.c thunk: improve readability of allocation loop Mar 11, 2019 tpm.c tpm: Clean up error reporting in tpm_init_tpmdev() Oct 19, 2018 trace-events trace: add mmu_index to mem_info Oct 28, 2019 version.rc Use HTTPS for qemu.org and other domains Nov 21, 2017 vl.c Merge remote-tracking branch 'remotes/stsquad/tags/ pull-tcg-plugins-2... Oct 30, 2019 View code README.md iOS on QEMU This project is a fork of the official QEMU repository. Please refer to this README for information about the QEMU project. The goal of this project is to boot a fully functional iOS system on QEMU. The project is under active development, follow @alephsecurity and @JonathanAfek for updates. For technical information about the research, follow our blog: * Running iOS in QEMU to an interactive bash shell (1) * Running iOS in QEMU to an interactive bash shell (2) * Tunnelling TCP connections into iOS on QEMU * Accelerating iOS on QEMU with hardware virtualization (KVM) Help is wanted! If you are passionate about iOS and kernel exploitation and want to help us push this project forward, please refer to the open issues in this repo :) --------------------------------------------------------------------- * Current project's functionality: + launchd services + Interactive bash + R/W secondary disk device + Execution of binaries (also ones that are not signed by Apple) + SSH through TCP tunneling + Textual FrameBuffer + ASLR for usermode apps is disabled + ASLR for DYLD shared cache is disabled + GDB scripts for kernel debugging + KVM support + TFP0 from user mode applications * To run iOS 12.1 on QEMU follow this tutorial. * This project works on QEMU with KVM! Check this blog post for more information. * We have implemented multiple GDB scripts that will help you to debug the kernel: + List current/user/all tasks in XNU kernel. + List current/user/all threads in XNU kernel. + Print the information about specific task/thread. + Many more :). * To disable ASLR in DYLD shared cache follow this tutorial. * Follow here to learn about how we've implemented the TCP tunneling. * Follow the code to see all the patches we've made to the iOS kernel for this project: + Disable the Secure Monitor. + Bypass iOS's CoreTrust mechanism. + Disable ASLR for user mode apps. + Enable custom code execution in the kernel to load our own IOKit iOS drivers. + Enable KVM support. + Support getting TFP0 in usermode applications. About No description, website, or topics provided. Resources Readme License View license Releases No releases published Packages 0 No packages published Contributors 84 * @pm215 * @philmd * @XanClic * @rth7680 * @V3rochka * @stsquad * @aronsky * @cota * @vivier * @dgibson * @slp + 73 contributors Languages * C 90.2% * C++ 3.5% * Python 2.9% * Shell 1.7% * Assembly 0.5% * Haxe 0.4% * Other 0.8% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.