This has the potential to help the iOS Jailbreak community quite a lot if developed further. Imagine being able to carry dangerous tests in QEMU, not on a real device. Also imagine being able to debug a live kernel :P Similar to Corellium, though way less and needs more polishinghttps://twitter.com/alephsecurity/status/1140607896520134656 …
-
Show this thread
-
Replying to @FCE365
I’m sorry if this is obvious but could you explain how these emulators work? Wouldn’t you have to know all of the iOS code and to do this would it require a jailbreak? But then there’s emulators for non jail broken iOS versions.
1 reply 0 retweets 0 likes -
Replying to @Hyperbonic @FCE365
If it’s just an ipsw with hardware, how can you access the underlying code without a jail broken?
1 reply 0 retweets 0 likes -
-
Replying to @FCE365
I’m sorry I may be missing something fundamental, in laymen’s terms could you explain?
1 reply 0 retweets 0 likes -
Replying to @Hyperbonic @FCE365
The ramdisk in the ipsw is modified to include a bash and a launchd item to execute it, which in a real device, you can't do and even if you could, iBoot probably verifies it.
1 reply 0 retweets 2 likes
In addition a static trust cache is added to memory and to the device tree which you can't do on a read device among other changes. Indeed the kernel code itself is left unpatched.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.