[HN Gopher] iOS on QEMU
___________________________________________________________________
iOS on QEMU
Author : logix
Score : 294 points
Date : 2021-09-16 13:10 UTC (9 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| legrande wrote:
| > If you are passionate about iOS and kernel exploitation
|
| So is the main use-case to find bugs in iOS or are there other
| major use-cases I'm not thinking about?
|
| The only other use case I can think of is setting up a click-
| farm, or paid-review farm where you give positive reviews for
| apps for a small fee.
| kreetx wrote:
| iOS developers could iterate on their code entirely in linux is
| probably the popular use case.
| m0rbz wrote:
| I think he meant that those are the skills required to maintain
| the project, since iOS moves very fast and each major update
| breaks the virtualizer.
| [deleted]
| giancarlostoro wrote:
| This would be interesting to see, I'm guessing the implications
| are being able to build iOS projects without requiring a Mac at
| any stage of the development process.
| sneak wrote:
| You'd need to emulate macOS hardware, not iOS, to do that. In
| that sense, what you describe is already possible (running
| Xcode in a macOS VM on commodity hardware).
| nobleach wrote:
| I did this exact think back in 2012 with a PhoneGap/Apache
| Cordova app. It had to use Xcode to run the app in the iOS
| Emulator. So I spun up a virtual machine on my Linux box. It
| worked extraordinarily well!
|
| In the case of the poster you are replying to. Yes, Swift is
| open source and there are compilers for other platforms. The
| problem comes in with Apple's SDK and their proprietary
| libraries. Those are what are required to build an app
| that'll run on an iOS device. Those only run on macOS/OSX.
| bitexploder wrote:
| Technically those were simulators for iOS, not emulators.
| Lots of things behaved a little different on the phone
| itself.
| Aspos wrote:
| These days, unfortunately, it is not possible. Well, you
| can virtualize MacOs, but you can not connect iOS device to
| it, nor you can run a virtual iOS device inside it.
|
| Apple went out of its way to deliberately disable physical
| phones connecting to a virtual MacOS. Any other USB device
| can be connected, but not an iphone.
| MichaEiler wrote:
| VmWare Player with USB configured to version 2.0 did the
| trick for me. I tested it with an iPAD Pro and iOS 14.
| The VM was running the newest macOS release from a few
| months ago.
| plorkyeran wrote:
| We have iPhones connecting to macOS VMs for our CI system
| and have never had any issues with it?
| xuki wrote:
| Same, I have multiple iPhones connected to a VM running
| on ESXi on non-Apple hardware.
| Aspos wrote:
| Well, may be I am unlucky one, but I just tried and
| freshly installed MacOS in VirtualBox VM can see any
| other USB device except iPhone XR. This setup used to
| work find a few years ago but stopped a at least on 2018.
| Will try VMWare.
| 411111111111111 wrote:
| a motivated individual can still accomplish it, there are
| multiple ways documented on the web if you google a
| little.
|
| its however not permissable, as you cannot buy apple
| software without agreeing to their licence, which
| disallows running it on anything but apple hardware.
|
| for private fun projects: possible
|
| for professional things: a very bad idea
| sneak wrote:
| It's fine for professional things, too. Just follow the
| 11th commandment and you'll be fine.
| ronsor wrote:
| 11th commandment? "Everything's ok as long as you don't
| get caught"?
| sneak wrote:
| There's no difference in the binaries built by Xcode
| running directly on Apple-branded hardware and Xcode
| running in a macOS VM in a generic (or perhaps metal, if
| nested virtualization isn't available) ec2 instance.
| ginja wrote:
| I use this: https://github.com/kholia/OSX-KVM
|
| It works quite well for me. Simulator works fine (though
| graphics are slow) and so does connecting a physical
| phone (by passing through the USB controller).
| handrous wrote:
| I'd like to chime in here that it's _very fucking
| frustrating_ that the best & most convenient free tools
| for virtualizing macOS aren't available on macOS,
| considering macOS has shipped with a damn hypervisor for
| _years_. Setting up a vanilla installation of arbitrary,
| older version of macOS for testing, or for maintaining
| build environments for long-support-life Mac software,
| should be one command, shipped with the dev tools. But
| no, instead it 's "pay for a 3rd party solution" or
| "break the EULA and run it on Linux".
|
| (yes, I'm aware of a bunch of fragile solutions involving
| VirtualBox, but they tend to be slowish, that's _also_
| supposed to be paid if you 're using the extensions for
| commercial operation IIRC, and several versions of
| macOS/OSX remain a huge pain in the ass to set up on it
| regardless)
| Teknoman117 wrote:
| I passed a GPU into mine to get around the slow graphics.
| pojntfx wrote:
| You can actually do this now, without emulation:
| https://github.com/tpoechtrager/cctools-port
|
| Zig are also working on it: https://zig.news/monthly/zig-
| monthly-august-2021-ios-support...
|
| The pioneer of software dictatorship will probably make this
| impossible or illegal as soon as it gains any traction though.
| And people will probably congratulate them for it in the name
| of "security".
| Razengan wrote:
| > _The pioneer of software dictatorship_
|
| Consoles were doing that shit way before, unless you redefine
| what counts as "software" or "dictatorship"
| [deleted]
| saagarjha wrote:
| Building apps without the use of Apple's SDK is already
| considered to be against the developer program terms.
| 2OEH8eoCRo0 wrote:
| That's funny. It's against my terms to not use my software!
| colejohnson66 wrote:
| As a "closed iOS" advocate, I personally believe the ability
| to do development outside of a macOS is a great idea. I've
| long wanted to make iOS apps, but I don't have the money to
| shell out for a Mac. Yes, Hackintoshes are a thing, but you
| need certain hardware to do so, and even then, it's still
| difficult (last I checked).
| milesvp wrote:
| I can appreciate if this is too much money for you, but I
| recently bought a 2014 macmini i7 16GB and 512SSD on ebay
| for $440 shipped to my door. I needed something that could
| handle bigsur for some app development, and that was the
| best $/effort solution I found. Add another ~60 for a usb
| switch and cables, and I can easily switch between my
| primary and mac.
|
| In general, there's a pretty good second hand market for
| macminis, and if you shop around you can probably get
| something usable for under $350 shipped.
| jakeinspace wrote:
| I've never been an iOS or Mac developer, but I have had a
| few 5,1 Mac Pros. The release of m1 mac minis pretty much
| killed the used market for those, but you may still be able
| to find one for cheap. I was able to find a few 12-core
| 24-thread dual xeon models for around $250, but had to be
| patient. Add in 64GB of ECC RAM and an SSD upgrade, to
| Mojave or Catalina, and you have a beefy enough development
| system for around $500. Those 12c/24t will get smoked by an
| m1 mini for a lot of tasks, but if memory matters then it's
| probably still the best bang for the buck. Also, you'll
| need to find a GPU....
| bluedino wrote:
| Memory or storage. A couple big SATA drives in a Mac Pro
| work well for certain uses cases.
| nbzso wrote:
| Actually it is easy to build Hackintoshes, even with AMD.
| Catalina is running stable with Apple ID and all the bells
| and whistles. In the past when Apple ignored updating Mac
| Pro Trashcan for several years, we have build a monstrous
| PC with Hackintosh to run FinalCut. Search for Open Core
| Catalina.
| s_dev wrote:
| The problem is mac OS now uses M series chips. You'd be
| developing legacy code.
| usui wrote:
| It's not legacy code until the day Aple definitively axes
| Intel models. The writing is on the wall yes, but they
| are still selling Intel Macs and they are not deprecated
| yet. The majority of development still happens on Intel
| Macs.
|
| I built a 11th-gen Rocket Lake 128GB Hackintosh with
| Thunderbolt Display support+2 LED Cinema Display recently
| and it's been great. Thunderbolt 3 support on a
| Hackintosh has been nice. Just hoping for Thunderbolt
| 4/Maple Ridge drivers/11th-gen iGPU drivers if ever.
| IncRnd wrote:
| What motherboard/gpu did you use for that?
| zaptrem wrote:
| For casual app development I just run MacOS in a free
| VMWare instance on my Windows machine. It has no graphics
| acceleration but otherwise works flawlessly.
| dorfsmay wrote:
| How do you load MacOS in VMWare? Where/how do you get the
| install media?
| barkingcat wrote:
| This has been possible for a long time. For the install
| media, Apple hosts them and will give you the dmg file
| for free.
|
| The only concern is the terms of the EULA so that's why
| the earlier poster says "for casual development"
|
| There are a lot of guides online, including "one command"
| shell/powershell scripts that will automatically pull
| down the right files for you, and use the
| vmware/virtualbox api to create the vm automatically, and
| patch the bootloader to get Catalina or Big Sur loading,
| etc - if past experience is any indication, people
| probably already have Monterey beta loading fine already.
|
| again, it's not a matter of "how" it's whether you (or
| Apple lawyers) care about the EULA.
| sdefresne wrote:
| Doesn't the EULA also prohibits hackintosh?
| unnouinceput wrote:
| in addition to what @barkingcat said, for vmware to be
| able to boot a macos virtual machine you'll need it to
| unlock it for that OS. Search for vmware unlocker is a
| free utility that depends on your vmware version, run it
| once and you're done.
| nine_k wrote:
| IIRC, macOS EULA expressly requires that the OS be run on
| Apple hardware. If it's run in emulation (which is
| permitted), the host must run on Apple hardware anyway.
|
| Apple is not a software company, it's an electronic
| appliance company, like Samsung.
|
| Of course, apple won't go after individuals who violate
| this provision. But is a cloud vendor or a CI vendor
| tried to pull that off, Apple would smash them.
| eins1234 wrote:
| Anyone aware of any options for Hyper-V? Last time I
| tried this it was pretty impractical to have
| VMWare/VirtualBox co-exist with Hyper-V for things like
| Docker and WSL2, but maybe that has changed?
| Mogzol wrote:
| Newer versions of VMWare work under a Hyper-V host [1].
| I'm not sure if macOS runs properly in that mode though.
| I also had some success a while back running macOS under
| WSL2 using KVM [2], though it was pretty buggy and a pain
| to set up.
|
| [1] https://blogs.vmware.com/workstation/2020/05/vmware-
| workstat...
|
| [2] https://github.com/kholia/OSX-KVM
| smoldesu wrote:
| I did this with QEMU, the performance is pretty fantastic
| under Linux.
| tapirl wrote:
| Adobe AIR has done this for at least 10 years.
| hellowworld3423 wrote:
| hr
| easton wrote:
| There's no graphics here, right? Will SpringBoard and friends
| start without a display?
| sneak wrote:
| From the linked blog post:
|
| > _No devices emulation: screen, touch, wifi, BT or anything
| else._
| msk-lywenn wrote:
| Looks like there is some screen emulation:
| https://twitter.com/JonathanAfek/status/1350000894784495617
| therein wrote:
| I want to get Android or iOS on QEMU with USB passthrough so that
| I can isolate it and pass it its own modem. (say a Quectel modem
| via a miniPCIe to USB card)
|
| Is this possible as it stands? At least in bits and pieces I can
| put together?
| grishka wrote:
| Android should definitely be possible. The emulator that comes
| with the SDK already uses QEMU under the hood.
| therein wrote:
| In that case I wonder if the guest OS would pick up the AT
| interface of the modem on /dev/ttyUSB0.
|
| Especially on an M1, perhaps running the arm builds wouldn't
| have too much overhead either, even though there are x86-64
| images available as well.
| ddtaylor wrote:
| > This project is a fork of the official QEMU repository
|
| Why isn't it _actually_ a fork though? I don't like when projects
| do this and don't actually make it a fork.
| saghm wrote:
| I read a blog post a few years back discussing some issues with
| Github's fork feature (as opposed to just creating a new repo
| that isn't explicitly linked to the original within Github's
| UI). From a quick search, I believe this[1] was it, and I
| remember finding it fairly compelling.
|
| [1]: https://zbowling.github.io/blog/2011/11/25/github/
| colejohnson66 wrote:
| What do you mean?
| sebular wrote:
| I'm assuming they mean it wasn't forked by clicking the
| "fork" button in GitHub, which creates a link at the top of
| the new forked repository page connecting it to the parent
| repository.
|
| It is a true fork though, both projects have the same commit
| history.
| Wingy wrote:
| It wasn't created as a GitHub fork
| arghwhat wrote:
| This is _actually_ a fork. A fork is a separate repository
| sharing history with another.
|
| The GitHub UI's concept of a "fork" is unrelated to Git. GitHub
| doesn't detect you made a proper fork if you don't use its API
| or UI to do so, and requires contacting customer support to
| change it.
|
| Not worth the hazzle as it provides no benefit.
| detaro wrote:
| Also, QEMU upstream isn't on Github, so the notion is even
| more pointless.
| seoaeu wrote:
| QEMU does have an official mirror on github
| (https://github.com/qemu/qemu) so I don't think it is that
| unreasonable
| blendergeek wrote:
| > Why isn't it _actually_ a fork though? I don't like when
| projects do this and don't actually make it a fork.
|
| From Wikipedia:
|
| In software development, a project fork happens when developers
| take a copy of source code from one software package and start
| independent development on it, creating a distinct and separate
| piece of software.
|
| This seems exactly what happened here.
|
| Are you asking why they didn't use Github's "fork" mechanism?
|
| Github's "fork" mechanism creates a relationship between the
| two repositories that the developers of this software may not
| want. For example if the "upstream" ever becomes unavailable,
| all Github "forks" are auto-deleted. This is surprising to some
| people and definitely not what an independent separate
| development would want.
| OJFord wrote:
| At first glance that sounds awful, but presumably if it was
| remaining active, it would simply exist again (just not as a
| labelled 'fork') on next push?
|
| Bit weird/worrying as a user or whatever looking for the repo
| on Github between deletion and push, but probably not a big
| deal in the grand scheme of things?
| zamadatix wrote:
| The "this blogpost" link about KVM has the wrong domain,
| https://alephsecurity.com/2020/07/19/xnu-qemu-kvm/ for the post.
| hwers wrote:
| The insane amount of effort this must have required boggles my
| mind.
| soheil wrote:
| I see in the instruction they're using iOS 12. Is it possible to
| run iOS 15? Does the image need to be jailbroken? Is there
| anything that allows to download and install iOS apps from the
| app store and run them?
| elpakal wrote:
| Repo looks a little stale to me? I wonder how similar this is to
| the Xcode Cloud beta QEMU used by Apple someone spotted
| https://twitter.com/khaost/status/1410332951963869185?lang=e...
| monocasa wrote:
| Probably only in that they're both qemu forks. That one you've
| shown is more about using qemu (probably with
| hypervisor.framework) to run multiple Intel macOS instances for
| server consolidation and dynamic provisioning. It's probably
| not any closer to running iOS than upstream qemu.
| tbodt wrote:
| Unrelated, that one was developed entirely by apple
| elpakal wrote:
| curious how you know that
| easton wrote:
| Hypervisor.framework (and Virtualization.framework) in
| macOS run a Apple written hypervisor. This hypervisor
| implements VirtIO for its devices and can run macOS VMs
| (with full graphics and hardware acceleration, at least on
| the M1). One could conclude that it was implemented this
| way to allow compatibility for macOS on different
| hypervisors (and also so that Linux would just work on
| theirs).
|
| Speculation: I would be surprised if there isn't a team
| internally working on a stripped down variant of macOS (or
| just Darwin + drivers?) designed for deployment as a server
| so that they can drop a bunch of racks of Mac Minis (or,
| with budget, some kind of blade arrangement with a Apple
| Silicon chip on it) into a datacenter and build a huge
| build farm (using VMs to run iOS and macOS, or jails if
| they ever get some kind of container setup). It would be
| dramatically better than having to manage x86 and all that
| extra bloat of average servers once you got through the
| growing pains. And they could guarantee security way
| better.
| eptcyka wrote:
| I think Apple's silicon runs a very high margin, I
| imagine. Will the savings from running datacenters on
| their own silicon be big enough to offset the lost
| opportunity of selling more M1?
| trollied wrote:
| Previous thread from 18 months ago:
| https://news.ycombinator.com/item?id=22870905
|
| Latest blog post: https://alephsecurity.com/2020/07/19/xnu-qemu-
| kvm/
| fhackernewz wrote:
| bunch of faggot moderatpors
| fhackernewz wrote:
| bunch of faggot moderators
| run-types wrote:
| WOW! That's insane. If made efficiently enough, you could emulate
| iOS on a non-iOS mobile device. That would be disruptive.
| unix_fan wrote:
| And also very easy to brake on apple's end.
| lostgame wrote:
| Only for future releases. If it works currently for iOS 12,
| it'll keep working for those builds of iOS 12. I fail to see
| how Apple can break what already works for code they
| can't/won't change.
| gjsman-1000 wrote:
| No - like, Apple sends a DMCA complaint or legal complaints
| to the project and the developers saying to shut it down or
| they'll bring in the lawyers.
| smoldesu wrote:
| They have the power to disable your OS remotely for any
| reason. I think it's safe to say that ship has sailed.
| vegetablepotpie wrote:
| Could give the librem 5 or PinePhone a big boost. But it would
| not help with battery life.
| mattl wrote:
| I think the number of people who have a Librem phone but want
| to run iOS on it is basically zero.
| markstos wrote:
| Wrong. There are people who would like hardware kill
| switches but are required to run either iOS or Android apps
| for work. With iOS in a VM, you could truly "log out of
| work" and shutdown that part of your phone when not needed
| without carrying a second work-specific device.
___________________________________________________________________
(page generated 2021-09-16 23:00 UTC)