Emulating an iPhone in QEMU

Start of the journey We started our journey with iOS emulation by looking at existing open-source solutions. We had successfully run alephsecurity/xnu-qemu-arm64 before, but the project being read-only was concerning. Then we tried TrungNguyen1909/qemu-t8030 and it had quite a few interesting features: the ability to actually restore iOS (using a second "companion" QEMU for USB connectivity) running iOS 14 a more recent version of QEMU a nice wiki on how to bring up the emulator With that project, we quickly managed to get a shell and ssh by modifying System/Library/xpc/launchd.plist so it was a great starting point. We set our long term objective on getting a functional iOS emulated, with UI and at least the ability to execute some apps. The first thing that bothered us with the t8030 project was the fact that they added code in QEMU itself to patch the xnu kernel. We knew we were going to probably need more patching and wanted a cleaner way to do this. As we had some experie ... Read full article.