iPhone 11 emulation done in QEMU

https://github.com/ChefKissInc/QEMUAppleSilicon

389•71bw•8mo ago

Comments

msgodel•8mo ago

Woah this sounds like it boots all the way to Springboard at least! That's pretty huge!

ewuhic•8mo ago

Does it support trollstore with ability to decrypt IPAs?

skvmb•7mo ago

Came here to ask this very question. This would be killer if so!

mywittyname•7mo ago

For the ignorant: what does this mean?

tom1337•7mo ago

trollstore is an inofficial app store for iOS devices which does not require a jailbreak. There are also apps that seem to decrypt the encrypted IPA (which is the file format of an iOS app) so you can view the decrypted app code and the resources. it's kinda the same as decompiling a android java app.

watusername•7mo ago

Just to expand a bit on the sibling comment, IPAs downloaded from the App Store are encrypted with a DRM scheme with a key tied to the Apple account. The binaries actually stay encrypted on-disk and the OS has facilities to transparently decrypt them when executed. The usual way of decrypting is to actually execute the app, attach a debugger (normally not possible for production apps) and read the decrypted code from memory.

gnabgib•7mo ago

Discussion on upstream repo (356 points, 2022, 144 comments) https://news.ycombinator.com/item?id=30545425

Related (mentions this repo): Emulating an iPhone in QEMU (268 points, 2 months ago, 64 comments) https://news.ycombinator.com/item?id=43592409

msgodel•7mo ago

Looking at the issue tracker it sounds like they've made significant progress since then.

walterbell•7mo ago

Progress update, https://eshard.com/posts/emulating-ios-14-with-qemu-part2

  iOS emulated in QEMU with:

  • Restore / Boot
  • Software rendering
  • Kernel and userspace debugging
  • Pairing with the host
  • Serial / SSH access
  • Multitouch
  • Network
  • Install and run any arbitrary IPA

In other news, Cellebrite acquired Corellium iOS/Android virtualization for $170M, https://news.ycombinator.com/item?id=44221982

throwaway48476•7mo ago

Presumably to build a exploit test framework.

bri3d•7mo ago

The eShard thing and this GitHub are fairly different, as far as I know.

The eShard people found an earlier version of this repository and set about patching one billion parts of the iOS kernel, library cache, and userland to make it run on the limited emulator.

Meanwhile, the actual emulator has been advancing, arguably more quickly than the eShard patch set.

The current set of patches needed for the latest commits on this repo to run iOS are less than 10 instructions, all to enable the software-rendering/framebuffer fallback code path instead of trying to use display drivers.

https://github.com/ChefKissInc/QEMUAppleSilicon/wiki/Filesys...

walterbell•7mo ago

Thanks for the wiki pointer.

sheepscreek•7mo ago

> set about patching one billion parts of the iOS kernel, library cache, and userland to make it run on the limited emulator

You don’t say! They’ve hacked the whole process and it feels extremely brittle. Like there’s no chance they can sustainably port this to another version of the software, let alone hardware.

bri3d•7mo ago

In the interest of completeness I looked deeper and there are a few more patches to the kernel and SEP OS done at emulation time:

https://github.com/ChefKissInc/QEMUAppleSilicon/blob/6eff3ab...

but really nothing too extensive or hard to port. It’s mostly flipping various can_has_debug returns, bypassing sigcheck, and the classic patch to flip launchd into research device mode.

skrauqs•7mo ago

eShard provided ChefKissInc with the whole patches like a year ago to show him what he had to do in order to have the UI working and sponsored its project with both hardware, financial support and knowledge. Both thing are really just different side of the same common goal. I got told that they have iOS 18 already working and 26 on the way, so probably that in a year or so QEMUAppleSilicon will also have that for everyone to use !

anthk•7mo ago

How does Qemu m68k work for Classic Mac BTW?

LeoPanthera•7mo ago

Not great. Use Mini vMac instead.

PPC emulation works fine though.

lioeters•7mo ago

It works. Technical discussions on running classic Macintosh with Qemu m68k:

Qemu-system-m68k to run Mac OS 7-8 - https://www.emaculation.com/forum/viewforum.php?f=37&sid=6a9...

dd_xplore•7mo ago

Is it emulating iOS? Or only running iOS binaries? Why does it specifically say iPhone 11?

worldsavior•7mo ago

Probably because it's iPhone 11 binaries.

dadoum•7mo ago

It's emulating iPhone 11's hardware. It runs iOS 14 and sepOS (Apple Security Enclave's firmware) on top.

jeswin•7mo ago

This is the ultimate emulation hack bar none - congrats to everyone involved. This also bodes well for the hackintosh project. It's may no longer be a dead end (though miles away), and eventually we might even see efficient emulation as ARM PCs become generally available.

storus•7mo ago

ARM is not an open platform like IBM PC was. See Android phones and their custom Linux kernels with undocumented parts...

yencabulator•7mo ago

"Ultimate" when it's barely emulating something that was released in 2019, discontinued in 2022, and the hardware vendor in question is likely to keep adding obstacles purely to mess with it?

seany•7mo ago

Seems like the important part would be emulating the security crap so it can be understood and bypassed. Where is this with that set of things? (being able to run things like banking/DMV emulated would be the killer feature)

VMtest•7mo ago

There is still no proper documentation for using qemu on windows host, the options and arguments etc. We have to google and the info and ideas that are scattered across the internet, or referencing the Linux equivalents of it to come up with a solution

Liquix•7mo ago

to be fair most folks playing around with qemu are probably running unix. windows has plenty of user friendly virtualization options (virtualbox, vmware, hyper-v), not to mention WSL. so windows users would probably only run qemu in hyperspecific cases like this

VMtest•7mo ago

nope, not fair, virtualbox for example doesn't use whpx on windows while it has kvm backend on linux now

vmware is bloated, I prefer not to register an account to download it as well. hyper-v uses FreeRDP and that requires the guest distribution to support it AFAIK, so it's not a easy out-of-the-box solution

and I do use qemu on linux, just at the surface level, with libvirt with virt-manager, it's easy to configure with the UI

startyz•7mo ago

cool it is my favorite model of iphones.

Minks•7mo ago

What makes it your favourite model specifically? I can’t really notice a lot of differences between them and I’ve used multiple devices the last 3 years.

xvilka•7mo ago

They should try to push it upstream, at least partially. Otherwise it's doomed to die like previous attempts.

hiimwavy•7mo ago

This is incredibly impressive—booting an iPhone 11 all the way to Springboard in QEMU is no small feat. Kudos to the ChefKissInc team and everyone who’s contributed to getting this far!

tifa2up•7mo ago

Noob question: can you install iOS apps using this?

Teaching Mathematics

3D Printed Microfluidic Multiplexing [video]

Abstractions Are in the Eye of the Beholder

Show HN: Routed Attention – 75-99% savings by routing between O(N) and O(N²)

We didn't ask for this internet – Ezra Klein show [video]

The AI Talent War Is for Plumbers and Electricians

Show HN: MimiClaw, OpenClaw(Clawdbot)on $5 Chips

I Maintain My Blog in the Age of Agents

The Fall of the Nerds

I'm 15 and built a free tool for reading Greek/Latin texts. Would love feedback

How close is AI to taking my job?

You are the reason I am not reviewing this PR

Show HN: FamilyMemories.video – Turn static old photos into 5s AI videos

How Meta Made Linux a Planet-Scale Load Balancer

A Turing Test for AI Coding

How to Identify and Eliminate Unused AWS Resources

A2CDVI – HDMI output from from the Apple IIc's digital video output connector

CLI for Common Playwright Actions

Would you use an e-commerce platform that shares transaction fees with users?

Show HN: SafeClaw – a way to manage multiple Claude Code instances in containers

The Future of the Global Open-Source AI Ecosystem: From DeepSeek to AI+

The Evolution of the Interface

Azure: Virtual network routing appliance overview

Seedance2 – multi-shot AI video generation

Πfs – The Data-Free Filesystem

Go-busybox: A sandboxable port of busybox for AI agents

Quantization-Aware Distillation for NVFP4 Inference Accuracy Recovery [pdf]

xAI Merger Poses Bigger Threat to OpenAI, Anthropic

Atlas Airborne (Boston Dynamics and RAI Institute) [video]

Zen Tools