Skip to content

w3bspl0it/ios-kern-utils

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

iOS Kernel Utilities

Beware, chances are the device will panic and reboot.

Download

Just want the binaries?
Head over to Releases. :)

Prerequisites

  • Jailbroken Device
  • tfp0 kernel patch (see below)
  • If you don't have XCode:
    • GNU make
    • C compiler for iOS
    • Code signing utility

tfp0 compatibility

A kernel patch is required for these tools to work, since access to kernel memory is natively unavailable for obvious reasons.
That patch is normally referred to as task-for-pid-zero (short tfp0), and is included in almost every public jailbreak.

The latest release of these tools is confirmed to work with:

  • p0sixspwn on 6.1.x
  • Pangu on 7.1.x
  • TaiG on 8.4
  • Pangu9 on 9.1
  • qwertyoruiop's jailbreakme on 9.3.x
  • extra_recipe on 10.0-10.2
  • Yalu102 (beta4 or later) on 10.0.1-10.2

Jailbreaks that DO NOT seem to enable tfp0, and thus DO NOT work with kern-utils:

  • Pangu9 on 9.0.x (but can be enabled with cl0ver)
  • Pangu9 on 9.2-9.3.3 (but see qwertyoruiop's jailbreakme)
  • YaluX on 10.0.1-10.1.1

If you have information about how the kernel task port can be obtained in these versions, please open a ticket and tell me.

Tools

Name Function
kdump Dump a running iOS kernel to a file
kinfo Display various kernel information
kmap Visualize the kernel address space
kmem Dump kernel memory to the console
kpatch Apply patches to a running kernel
nvpatch Display and patch NVRAM variables permissions

Building

git clone https://github.com/Siguza/ios-kern-utils
cd ios-kern-utils
make        # build just the binaries
make deb    # build a deb file for Cydia
make xz     # package binaries to a .tar.xz
make dist   # deb && xz

For make you may also specify the following environment variables:

Name Function Default value
OS X iOS Linux
IGCC iOS compiler xcrun -sdk iphoneos gcc clang ios-clang
IGCC_ARCH Target architecture(s) -arch armv7 -arch arm64
IGCC_FLAGS Custom compiler flags none
LIBTOOL Archive manipulation utility xcrun -sdk iphoneos libtool libtool ios-libtool
STRIP Symbol remover utility xcrun -sdk iphoneos strip strip ios-strip
SIGN Code signing utility codesign ldid
SIGN_FLAGS Code signing flags -s - --entitlements misc/ent.xml -Smisc/ent.xml

macOS

As of late, kern-utils can also be compiled for and used on macOS.
Compile with:

IGCC=gcc IGCC_ARCH='-arch x86_64' SIGN=true STRIP=strip LIBTOOL=libtool make clean all

The SIGN=true is a dirty hack to skip signing, which is necessary because Sierra and later will not allow self-signed binaries with restricted entitlements to run. However, entitlements aren't needed on macOS since the kernel task port is obtained via a different API very much thanks to Jonathan Levin.

In order to use kern-utils, SIP needs to be at least partially disabled. If you don't want to disable it completely, you can use:

csrutil enable --without debug

License

MIT.

Original project by Samuel Groß.
nvpatch is largely based on nvram_patcher by Pupyshev Nikita.
Maintained and updated for iOS 8 and later by Siguza.

TODO

  • Test on Linux
  • Keep up with the original repo

About

iOS Kernel utilities

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 92.7%
  • Makefile 7.3%