xnu-qemu-arm64-tools's People
Contributors
Stargazers
Watchers
Forkers
huerr berney qsdj minkione amesianx azstoys timb-machine-mirrors axsel hackveda sferrini directorx longjohncoder cokesme masud2017 roolebo affilares mcapollo soraka1337xx 0x011011110 sickcodes ababook hamida321 cualquiercosa327 weizenberg trungnguyen1909 mcgrady1 bb33bb crackercat aniwei ecpala darbysauter mrcodechef yihong1991 armdealer rickmark jagarza2012 failbr34k linhbg1998 microtecnolojixnu-qemu-arm64-tools's Issues
issue?
do alephsecurity needs proprietary qcom sources and docs?
Building aleph_bdev_drv Fails
Simply checking out xnu and trying to build doesn't work.
Checking out tag: xnu-4903.270.47
worked for me. Might be worthwhile to update Readme.
[GDB] OS Object inspection
Description
Given a pointer to an OS object, print its class type (i.e OSString, OSSymbol, etc.), important information within the class, retain count and tagged retains.
I built and signed everything - testing on M1 and Intel (OSX and Linux) - Random segfaults
Hello,
I followed the guide, adapted everything for iOS 14, built the branches, the driver etc. When I run qemu in Linux the emulator crashes on memcpy in read_dtb_prop (deterministically - always) - on OSX BigSur on M1 either it never finishes or it gives me a segfault (w/o core) - any hint on that? The device tree I provide is generated like this python3 xnu-qemu-arm64-tools/bootstrap_scripts/asn1dtredecode.py kips/Firmware/all_flash/DeviceTree.n104ap.im4p dt104a, kernelcache is ios15 beta 5, I tried with 4 and 6 GB of memory.
Here is my command line
/xnu-qemu-arm64/aarch64-softmmu/qemu-system-aarch64 -machine iPhone11-n104,kernel-filename=kout12,dtb-filename=dt104ap,driver-filename=aleph_bev_drv.bin,qc-file-0-filename=hfs.main,qc-file-1-filename=hfs.sec,kern-cmd-args="debug=0x8 kextlog=0xfff cpus=1 rd=disk0 serial=2" -cpu max -m 6G -serial mon:stdio -vga std
Thanks
[GHIDRA] Trace inspection
Description
A Ghidra script that will get a recorded trace file from qemu(attached) as input and will produce a way to track the flow of the program from the “Listing” window, or any other option the developer will find the best.
Two sub-features here:
- List the addresses the RET instruction will jump to
- List the addresses the Branch and Control instructions will jump to
For example on instruction that looks like:
We would like to know the list of the pointers LR holds in that moment. Can be implemented with the hovering feature, comments or another method the developer will find preferable.
Resources
The executed instruction can be retrieved by following regular expression (Group 3):
((Trace \d: 0x.+? \[.+?\/)(.+)(\/.+\] ))
nm: kernelcache.release.n66.out: file format not recognized
When I was doing this https://github.com/alephsecurity/xnu-qemu-arm64-tools/tree/master/aleph_bdev_drv in the guide there was to do nm kernelcache.release.n66.out > symbols.nm, and when i did that, i got
nm: kernelcache.release.n66.out: file format not recognized. Is this supposed to happen or is this a problem? I am doing this on Linux if you need to know
Getting an error on build
I'm trying to build aleph_bdev_drv on a macOS Catalina VM on Windows 11 with all the tools installed in the VM. When building with the enviroment variables, this is what I get:
Any ideas how to fix?
getting error on build
Ran "make -C xnu-qemu-arm64-tools/aleph_bdev_drv" but got an error
ubuntu@user:/mnt/c/Users/user/ios$ make -C xnu-qemu-arm64-tools/aleph_bdev_drv/
make: Entering directory '/mnt/c/Users/user/ios/xnu-qemu-arm64-tools/aleph_bdev_drv'
Generating symbols for linker...
Building elf from source...
/home/linuxbrew/.linuxbrew/bin/aarch64-none-elf-gcc: 1: Syntax error: "(" unexpected
make: *** [Makefile:47: bin/aleph_bdev_drv.elf] Error 2
make: Leaving directory '/mnt/c/Users/user/ios/xnu-qemu-arm64-tools/aleph_bdev_drv'
ubuntu@user:/mnt/c/Users/user/ios$
fix?
Edit:- Im running this on an Ubuntu WSL in a windows 21h1
[GDB] Parse Page Table of a given context
Description
For a given context, describe the Page Table information in a readable form.
[GHIDRA] Reconstructing C++ classes in the iOS kernelcache using Ghidra
Description
Following the great work by Brandon Azad, we want to implement this functionality in Ghidra.
Resources
SSH connection doesn't work properly
after signing all the things, and also generated an ssh key, and executing "/path/to/dropbear -r /var/dropbear_key" (the key i generated), if i try to connect to ssh with "ssh root@localhost -p 2222" it gives me: "Connection closed by 127.0.0.1 port 2222", idk a lot about networking, i'd like to know why could this happen, and eventually how to fix it.
thanks in advance!
[GDB] Allocation zones debug capabilities
Description
For every allocation zone, list:
- Basic information of the zone like name, size etc.
- The pages that are assigned to that zone
- The free space available within those pages
Resources
Here Project Zero's post by Ian Beer that might be relevant
[TCP Tunnel] Failed to build the tcp-tnnnel binary
I added the "-v" flag when build the project.
➜ tcp-tunnel git:(master) ✗ make
Compiling from source...
Apple LLVM version 10.0.1 (clang-1001.0.46.4)
Target: aarch64-apple-darwin18.7.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang" -cc1 -triple arm64-apple-ios5.0.0 -Wdeprecated-objc-isa-usage -Werror=deprecated-objc-isa-usage -Werror=implicit-function-declaration -emit-obj -mrelax-all -disable-free -disable-llvm-verifier -discard-value-names -main-file-name main.c -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -fno-strict-return -masm-verbose -munwind-tables -faligned-alloc-unavailable -target-cpu cyclone -target-feature +fp-armv8 -target-feature +neon -target-feature +crypto -target-feature +zcm -target-feature +zcz -target-abi darwinpcs -fallow-half-arguments-and-returns -dwarf-column-info -debugger-tuning=lldb -target-linker-version 450.3 -v -resource-dir /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk -D OUT_OF_TREE_BUILD -I /Users/yly/Documents/iOS/xnu-qemu-arm64/include -Wno-atomic-implicit-seq-cst -Wno-framework-include-private-from-public -Wno-atimport-in-framework-header -Wno-quoted-include-in-framework-header -fdebug-compilation-dir /Users/yly/Documents/iOS/xnu-qemu-arm64-tools/tcp-tunnel -ferror-limit 19 -fmessage-length 204 -fblocks -fencode-extended-block-signature -fregister-global-dtors-with-atexit -fobjc-runtime=ios-5.0.0 -fmax-type-align=16 -fdiagnostics-show-option -fcolor-diagnostics -o /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/main-19bc74.o -x c src/main.c
clang -cc1 version 10.0.1 (clang-1001.0.46.4) default target x86_64-apple-darwin18.7.0
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/local/include"
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/Library/Frameworks"
#include "..." search starts here:
#include <...> search starts here:
/Users/yly/Documents/iOS/xnu-qemu-arm64/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks (framework directory)
End of search list.
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang" -cc1 -triple arm64-apple-ios5.0.0 -Wdeprecated-objc-isa-usage -Werror=deprecated-objc-isa-usage -Werror=implicit-function-declaration -emit-obj -mrelax-all -disable-free -disable-llvm-verifier -discard-value-names -main-file-name fds.c -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -fno-strict-return -masm-verbose -munwind-tables -faligned-alloc-unavailable -target-cpu cyclone -target-feature +fp-armv8 -target-feature +neon -target-feature +crypto -target-feature +zcm -target-feature +zcz -target-abi darwinpcs -fallow-half-arguments-and-returns -dwarf-column-info -debugger-tuning=lldb -target-linker-version 450.3 -v -resource-dir /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk -D OUT_OF_TREE_BUILD -I /Users/yly/Documents/iOS/xnu-qemu-arm64/include -Wno-atomic-implicit-seq-cst -Wno-framework-include-private-from-public -Wno-atimport-in-framework-header -Wno-quoted-include-in-framework-header -fdebug-compilation-dir /Users/yly/Documents/iOS/xnu-qemu-arm64-tools/tcp-tunnel -ferror-limit 19 -fmessage-length 204 -fblocks -fencode-extended-block-signature -fregister-global-dtors-with-atexit -fobjc-runtime=ios-5.0.0 -fmax-type-align=16 -fdiagnostics-show-option -fcolor-diagnostics -o /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/fds-b538ff.o -x c src/qemu-guest-services/fds.c
clang -cc1 version 10.0.1 (clang-1001.0.46.4) default target x86_64-apple-darwin18.7.0
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/local/include"
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/Library/Frameworks"
#include "..." search starts here:
#include <...> search starts here:
/Users/yly/Documents/iOS/xnu-qemu-arm64/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks (framework directory)
End of search list.
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang" -cc1 -triple arm64-apple-ios5.0.0 -Wdeprecated-objc-isa-usage -Werror=deprecated-objc-isa-usage -Werror=implicit-function-declaration -emit-obj -mrelax-all -disable-free -disable-llvm-verifier -discard-value-names -main-file-name general.c -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -fno-strict-return -masm-verbose -munwind-tables -faligned-alloc-unavailable -target-cpu cyclone -target-feature +fp-armv8 -target-feature +neon -target-feature +crypto -target-feature +zcm -target-feature +zcz -target-abi darwinpcs -fallow-half-arguments-and-returns -dwarf-column-info -debugger-tuning=lldb -target-linker-version 450.3 -v -resource-dir /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk -D OUT_OF_TREE_BUILD -I /Users/yly/Documents/iOS/xnu-qemu-arm64/include -Wno-atomic-implicit-seq-cst -Wno-framework-include-private-from-public -Wno-atimport-in-framework-header -Wno-quoted-include-in-framework-header -fdebug-compilation-dir /Users/yly/Documents/iOS/xnu-qemu-arm64-tools/tcp-tunnel -ferror-limit 19 -fmessage-length 204 -fblocks -fencode-extended-block-signature -fregister-global-dtors-with-atexit -fobjc-runtime=ios-5.0.0 -fmax-type-align=16 -fdiagnostics-show-option -fcolor-diagnostics -o /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/general-752beb.o -x c src/qemu-guest-services/general.c
clang -cc1 version 10.0.1 (clang-1001.0.46.4) default target x86_64-apple-darwin18.7.0
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/local/include"
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/Library/Frameworks"
#include "..." search starts here:
#include <...> search starts here:
/Users/yly/Documents/iOS/xnu-qemu-arm64/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks (framework directory)
End of search list.
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang" -cc1 -triple arm64-apple-ios5.0.0 -Wdeprecated-objc-isa-usage -Werror=deprecated-objc-isa-usage -Werror=implicit-function-declaration -emit-obj -mrelax-all -disable-free -disable-llvm-verifier -discard-value-names -main-file-name socket.c -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -fno-strict-return -masm-verbose -munwind-tables -faligned-alloc-unavailable -target-cpu cyclone -target-feature +fp-armv8 -target-feature +neon -target-feature +crypto -target-feature +zcm -target-feature +zcz -target-abi darwinpcs -fallow-half-arguments-and-returns -dwarf-column-info -debugger-tuning=lldb -target-linker-version 450.3 -v -resource-dir /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk -D OUT_OF_TREE_BUILD -I /Users/yly/Documents/iOS/xnu-qemu-arm64/include -Wno-atomic-implicit-seq-cst -Wno-framework-include-private-from-public -Wno-atimport-in-framework-header -Wno-quoted-include-in-framework-header -fdebug-compilation-dir /Users/yly/Documents/iOS/xnu-qemu-arm64-tools/tcp-tunnel -ferror-limit 19 -fmessage-length 204 -fblocks -fencode-extended-block-signature -fregister-global-dtors-with-atexit -fobjc-runtime=ios-5.0.0 -fmax-type-align=16 -fdiagnostics-show-option -fcolor-diagnostics -o /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/socket-4fdcaf.o -x c src/qemu-guest-services/socket.c
clang -cc1 version 10.0.1 (clang-1001.0.46.4) default target x86_64-apple-darwin18.7.0
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/local/include"
ignoring nonexistent directory "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/Library/Frameworks"
#include "..." search starts here:
#include <...> search starts here:
/Users/yly/Documents/iOS/xnu-qemu-arm64/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1/include
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/include
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks (framework directory)
End of search list.
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld" -demangle -lto_library /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/libLTO.dylib -no_deduplicate -dynamic -arch arm64 -iphoneos_version_min 5.0.0 -syslibroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk -o bin/tunnel /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/main-19bc74.o /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/fds-b538ff.o /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/general-752beb.o /var/folders/g_/g3njrmcn76gc_606mkfgw9240000gn/T/socket-4fdcaf.o -lSystem /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/10.0.1/lib/darwin/libclang_rt.ios.a
Undefined symbols for architecture arm64:
"start", referenced from:
implicit entry/start for main executable
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [bin/tunnel] Error 1
[GDB] Import known symbols to gdb
Description
The kernelcache binary comes without a symbol table. Current available symbols are retrieved from the Ghidra analyzer and jtool2 and are extracted to a JSON file using a python script. We want the symbols to be imported into the gdb session natively.
Resources
Python3 compatibility
Python 2 is discontinued now, please support python3
Retrieve symbols from a new stripped kernelcache binary
Description
We want to develop a way to retrieve as many symbols as possible from kernel binaries for other iOS versions.
[GDB] List interrupt handlers
Description
gdb script to list all the different interrupt handlers that are currently loaded.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.