We hacked our way to executing an interactive bash shell on iOS on QEMU. We based the research on the work done by @zhuowei. Thanks!https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/ …
-
Does iOS low-level software components (SecureROM, LLB and iBoot) support could be possible ?
You need to emulate all hardware that the firmwares will hit while running. @CorelliumHQ does it with a hypevisor. You'll need to RE the firmware to find everything, or iteratively run it. Some qemu patches were required here, but patching the device tree was a big part of it.