iOS emulated in QEMU with:
• Restore / Boot
• Software rendering
• Kernel and userspace debugging
• Pairing with the host
• Serial / SSH access
• Multitouch
• Network
• Install and run any arbitrary IPA
This is incredibly impressive—booting an iPhone 11 all the way to Springboard in QEMU is no small feat. Kudos to the ChefKissInc team and everyone who’s contributed to getting this far!
This is the ultimate emulation hack bar none - congrats to everyone involved. This also bodes well for the hackintosh project. It's may no longer be a dead end (though miles away), and eventually we might even see efficient emulation as ARM PCs become generally available.
Just to expand a bit on the sibling comment, IPAs downloaded from the App Store are encrypted with a DRM scheme with a key tied to the Apple account. The binaries actually stay encrypted on-disk and the OS has facilities to transparently decrypt them when executed. The usual way of decrypting is to actually execute the app, attach a debugger (normally not possible for production apps) and read the decrypted code from memory.
trollstore is an inofficial app store for iOS devices which does not require a jailbreak. There are also apps that seem to decrypt the encrypted IPA (which is the file format of an iOS app) so you can view the decrypted app code and the resources. it's kinda the same as decompiling a android java app.
There is still no proper documentation for using qemu on windows host, the options and arguments etc. We have to google and the info and ideas that are scattered across the internet, or referencing the Linux equivalents of it to come up with a solution
to be fair most folks playing around with qemu are probably running unix. windows has plenty of user friendly virtualization options (virtualbox, vmware, hyper-v), not to mention WSL. so windows users would probably only run qemu in hyperspecific cases like this
Seems like the important part would be emulating the security crap so it can be understood and bypassed. Where is this with that set of things? (being able to run things like banking/DMV emulated would be the killer feature)
What makes it your favourite model specifically? I can’t really notice a lot of differences between them and I’ve used multiple devices the last 3 years.
Discussion on upstream repo (356 points, 2022, 144 comments) https://news.ycombinator.com/item?id=43592409
Looking at the issue tracker it sounds like they've made significant progress since then.
Progress update, https://eshard.com/posts/emulating-ios-14-with-qemu-part2
In other news, Cellebrite acquired Corellium iOS/Android virtualization for $170M, https://news.ycombinator.com/item?id=44221982
6 replies →
This is incredibly impressive—booting an iPhone 11 all the way to Springboard in QEMU is no small feat. Kudos to the ChefKissInc team and everyone who’s contributed to getting this far!
This is the ultimate emulation hack bar none - congrats to everyone involved. This also bodes well for the hackintosh project. It's may no longer be a dead end (though miles away), and eventually we might even see efficient emulation as ARM PCs become generally available.
ARM is not an open platform like IBM PC was. See Android phones and their custom Linux kernels with undocumented parts...
Woah this sounds like it boots all the way to Springboard at least! That's pretty huge!
Does it support trollstore with ability to decrypt IPAs?
For the ignorant: what does this mean?
Just to expand a bit on the sibling comment, IPAs downloaded from the App Store are encrypted with a DRM scheme with a key tied to the Apple account. The binaries actually stay encrypted on-disk and the OS has facilities to transparently decrypt them when executed. The usual way of decrypting is to actually execute the app, attach a debugger (normally not possible for production apps) and read the decrypted code from memory.
trollstore is an inofficial app store for iOS devices which does not require a jailbreak. There are also apps that seem to decrypt the encrypted IPA (which is the file format of an iOS app) so you can view the decrypted app code and the resources. it's kinda the same as decompiling a android java app.
Came here to ask this very question. This would be killer if so!
They should try to push it upstream, at least partially. Otherwise it's doomed to die like previous attempts.
Noob question: can you install iOS apps using this?
There is still no proper documentation for using qemu on windows host, the options and arguments etc. We have to google and the info and ideas that are scattered across the internet, or referencing the Linux equivalents of it to come up with a solution
to be fair most folks playing around with qemu are probably running unix. windows has plenty of user friendly virtualization options (virtualbox, vmware, hyper-v), not to mention WSL. so windows users would probably only run qemu in hyperspecific cases like this
Is it emulating iOS? Or only running iOS binaries? Why does it specifically say iPhone 11?
It's emulating iPhone 11's hardware. It runs iOS 14 and sepOS (Apple Security Enclave's firmware) on top.
Probably because it's iPhone 11 binaries.
How does Qemu m68k work for Classic Mac BTW?
It works. Technical discussions on running classic Macintosh with Qemu m68k:
Qemu-system-m68k to run Mac OS 7-8 - https://www.emaculation.com/forum/viewforum.php?f=37&sid=6a9...
Not great. Use Mini vMac instead.
PPC emulation works fine though.
Seems like the important part would be emulating the security crap so it can be understood and bypassed. Where is this with that set of things? (being able to run things like banking/DMV emulated would be the killer feature)
cool it is my favorite model of iphones.
What makes it your favourite model specifically? I can’t really notice a lot of differences between them and I’ve used multiple devices the last 3 years.