Boot Newer iOS with QEMU Step by Step

Boot Newer iOS with QEMU Step by Step

I decided to update my QEMU fork to support newer iOS versions for security research and some CTFs. Just note down how I did it here.

First attempt

Build D22-QEMU and load the iOS 14 kernel and we got

1
2
3
4
5
6
7
8
9
10
11
12
13
14
./qemu-system-aarch64 -M d22-idevice,kernelcache='ios14/kcache.patched',devicetree='ios14/dtre.bin',ramdisk='ios14/rdsk.dmg',trustcache='ios14/trustcache',bootargs='debug=0x14e kextlog=0xffff cpus=1 rd=md0 serial=2',ram-size='1073741824' \
-d unimp,int -cpu max -serial mon:stdio -D ./qemu.log
iBoot version: D22-QEMU loader
Darwin Image4 Validator Version 3.1.0: Fri Oct 30 00:14:28 PDT 2020; root:AppleImage4-106.40.12~2113/AppleImage4/RELEASE_ARM64
panic(cpu 0 caller 0xfffffff0080af660): Kernel data abort. at pc 0xfffffff008024f64, lr 0xfffffff008024f54 (saved state: 0xffffffe80260b5f0)
x0: 0xffffffe4cddbcbf0 x1: 0xfffffff00932cbe8 x2: 0x0000000000000000 x3: 0xffffffe80260b960
x4: 0x0000000000000007 x5: 0x0000000000000073 x6: 0x829f5c9941fe80a8 x7: 0x0000000000000630
x8: 0x0000000000000000 x9: 0xfffffff00774ada8 x10: 0xfffffff00774adb8 x11: 0x0000000000000001
x12: 0x00000000004a0000 x13: 0x00000000ffdfffff x14: 0x0000000000000001 x15: 0x0003ffffff933789
x16: 0x0000000000004000 x17: 0xfffffff0073ac824 x18: 0xfffffff0080a1000 x19: 0xffffffe4cde8ba00
x20: 0xffffffe4cdf70680 x21: 0x0000000000000000 x22: 0xffffffe80260bab0 x23: 0x0000000000000009
x24: 0xfffffff0081bdee8 x25: 0xfffffff009300de8 x26: 0x0000000000000009 x27: 0x0000000000000009
x28: 0xfffffff009300de8 fp: 0xffffffe80260b9c0 lr: 0xfffffff008024f54 sp: 0xffffffe80260b940
pc: 0xfffffff008024f64 cpsr: 0x60400204 esr: 0x96000005 far: 0x0000000000000000

Well although it paniked, it’s a good start at least the serial port is still working. Then let’s check the pc address

1
2
3
4
5
6
7
8
9
10
11
12
13
__text:FFFFFFF008024F64 loc_FFFFFFF008024F64                    ; CODE XREF: sub_FFFFFFF008024D88+26C↓j
__TEXT_EXEC:__text:FFFFFFF008024F64 ; sub_FFFFFFF008024D88+278↓j ...
__TEXT_EXEC:__text:FFFFFFF008024F64 LDR X8, [X21] ; Load from Memory
__TEXT_EXEC:__text:FFFFFFF008024F68 LDR X8, [X8,#0x138] ; Load from Memory
__TEXT_EXEC:__text:FFFFFFF008024F6C MOV X0, X21 ; Rd = Op2
__TEXT_EXEC:__text:FFFFFFF008024F70 MOV X1, X20 ; Rd = Op2
__TEXT_EXEC:__text:FFFFFFF008024F74 BLR X8 ; Branch and Link Register
__TEXT_EXEC:__text:FFFFFFF008024F78 MOV X20, X0 ; Rd = Op2
__TEXT_EXEC:__text:FFFFFFF008024F7C CBZ X0, loc_FFFFFFF008024F90 ; Compare and Branch on Zero
__TEXT_EXEC:__text:FFFFFFF008024F80 LDR X8, [X20] ; Load from Memory
__TEXT_EXEC:__text:FFFFFFF008024F84 LDR X8, [X8,#0x20] ; Load from Memory
__TEXT_EXEC:__text:FFFFFFF008024F88 MOV X0, X20 ; Rd = Op2
__TEXT_EXEC:__text:FFFFFFF008024F8C BLR X8 ; Branch and Link Register

After some reversing, I found that that it’s nvram variable loading routine. But we didn’t load any nvram variable! In iOS 14, nvram data can be loaded to devicetree by iBoot

1
2
3
4
5
result = sub_FFFFFFF007FCE6F8("/chosen", qword_FFFFFFF009301760, 0LL, 0LL, 0LL);
if ( result )
{
v3 = result;
v4 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)result + 328LL))(result, "nvram-proxy-data");

I am just too lazy to reverse the nvram stuff, but since it’s loaded to devicetree, we can dump it from a real device! Now let’s try to find the memory address of devicetree. Luckily, we have

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
typedef struct xnu_boot_args {
uint16_t Revision; /* Revision of boot_args structure */
uint16_t Version; /* Version of boot_args structure */
uint64_t virtBase; /* Virtual base of memory */
uint64_t physBase; /* Physical base of memory */
uint64_t memSize; /* Size of memory */
uint64_t topOfKernelData; /* Highest physical address used in kernel data area */
struct XNU_Boot_Video Video; /* Video Information */
uint32_t machineType; /* Machine Type */
void *deviceTreeP; /* Base of flattened device tree */
uint32_t deviceTreeLength; /* Length of flattened tree */
char CommandLine[256]; /* Passed in command line */
uint64_t bootFlags; /* Additional flags specified by the bootloader */
uint64_t memSizeActual; /* Actual size of memory */
} boot_args;

Exactly what we need! And

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
void
PE_init_platform(boolean_t vm_initialized, void *args)
{
DTEntry entry;
unsigned int size;
void * const *prop;
boot_args *boot_args_ptr = (boot_args *) args;

if (PE_state.initialized == FALSE) {
page_protection_type = ml_page_protection_type();
PE_state.initialized = TRUE;
PE_state.bootArgs = boot_args_ptr;
PE_state.deviceTreeHead = boot_args_ptr->deviceTreeP;
PE_state.deviceTreeSize = boot_args_ptr->deviceTreeLength;
PE_state.video.v_baseAddr = boot_args_ptr->Video.v_baseAddr;
PE_state.video.v_rowBytes = boot_args_ptr->Video.v_rowBytes;
PE_state.video.v_width = boot_args_ptr->Video.v_width;
PE_state.video.v_height = boot_args_ptr->Video.v_height;
// ...
}
// ...
}

With Def1nit3lyN0tAJa1lbr3akTool we have kernel memory reading and writing primitives. Now we can dump the devicetree from a real iPhone X!

Def1nit3lyN0tAJa1lbr3akTool has libkrw installed, so we can use it with Python ctypes to access kernel memory

1
2
3
4
5
6
from ctypes import *
libkrw = CDLL('/var/jb/usr/lib/libkrw.0.dylib')
kread = libkrw.kread
kread.argtypes = [c_uint64, c_void_p, c_uint64]
data = c_uint64(0)
kread(0x4141414141414141, byref(data), 8)

then dump the devicetree

1
2
3
4
5
6
7
8
9
10
11
iPhone:~ root# hexdump -C -n 128 ./dtdump
00000000 15 00 00 00 11 00 00 00 72 65 67 75 6c 61 74 6f |........regulato|
00000010 72 79 2d 6d 6f 64 65 6c 2d 6e 75 6d 62 65 72 00 |ry-model-number.|
00000020 00 00 00 00 00 00 00 00 20 00 00 00 41 31 39 30 |........ ...A190|
00000030 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |5...............|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 23 61 64 64 |............#add|
00000050 72 65 73 73 2d 63 65 6c 6c 73 00 00 00 00 00 00 |ress-cells......|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 |................|
00000070 02 00 00 00 41 41 50 4c 2c 70 68 61 6e 64 6c 65 |....AAPL,phandle|
00000080
iPhone:~ root#

Trust me

We need to load trustcache, simply download it from ipsw and load it. Then add the address and size to devicetree and the kernel should be happy enough.

Trapped in the loop

Now kernel stuck at

1
2
3
4
5
6
7
8
9
10
11
AppleSSE::start called
AppleSSE::start returning, result = 1
AppleSEPKeyStore:321:0: starting (BUILT: Oct 30 2020 00:31:23)
AppleSEPKeyStore:545:0: _sep_enabled = 1
AppleCredentialManager: start: called, instance = <ptr>.
ACMRM: _publishIOResource: AppleUSBRestrictedModeTimeout = 259200.
AppleCredentialManager: start: initializing power management, instance = <ptr>.
AppleCredentialManager: start: started, instance = <ptr>.
AppleCredentialManager: start: returning, result = true, instance = <ptr>.
AppleInterruptController::start: Num Shared Timestamps == 16
virtual bool AppleARMLightEmUp::start(IOService *): starting...

Trace it block by block, we found that it’s stuck at

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
__text:FFFFFFF007FDB7F4                 SUB             SP, SP, #0x50 ; Rd = Op1 - Op2
__text:FFFFFFF007FDB7F8 STP X24, X23, [SP,#0x40+var_30] ; Store Pair
__text:FFFFFFF007FDB7FC STP X22, X21, [SP,#0x40+var_20] ; Store Pair
__text:FFFFFFF007FDB800 STP X20, X19, [SP,#0x40+var_10] ; Store Pair
__text:FFFFFFF007FDB804 STP X29, X30, [SP,#0x40+var_s0] ; Store Pair
__text:FFFFFFF007FDB808 ADD X29, SP, #0x40 ; Rd = Op1 + Op2
__text:FFFFFFF007FDB80C STR XZR, [SP,#0x40+var_38] ; Store to Memory
__text:FFFFFFF007FDB810 CBZ X0, loc_FFFFFFF007FDB884 ; Compare and Branch on Zero
__text:FFFFFFF007FDB814 MOV X19, X2 ; Rd = Op2
__text:FFFFFFF007FDB818 MOV X21, X1 ; Rd = Op2
__text:FFFFFFF007FDB81C MOV X20, X0 ; Rd = Op2
__text:FFFFFFF007FDB820 STR XZR, [SP,#0x40+var_38] ; Store to Memory
__text:FFFFFFF007FDB824 ADRP X22, #qword_FFFFFFF009352CA0@PAGE ; Address of Page
__text:FFFFFFF007FDB828 LDR X0, [X22,#qword_FFFFFFF009352CA0@PAGEOFF] ; Load from Memory
__text:FFFFFFF007FDB82C BL sub_FFFFFFF007FC6200 ; Branch with Link
__text:FFFFFFF007FDB830 CBZ X19, loc_FFFFFFF007FDB844 ; Compare and Branch on Zero
__text:FFFFFFF007FDB834 ADR X8, sub_FFFFFFF007FDB9C4 ; Load address
__text:FFFFFFF007FDB838 NOP ; No Operation
__text:FFFFFFF007FDB83C ADD X9, SP, #0x40+var_38 ; Rd = Op1 + Op2
__text:FFFFFFF007FDB840 STP X8, X9, [X19,#0x10] ; Store Pair
__text:FFFFFFF007FDB844

the function is called by

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
__int64 sub_FFFFFFF008330408()
{
OSDictionary *v0; // x20
__int64 v1; // x19
__int64 v2; // x0

v0 = IOService::resourceMatching("IORTC", 0LL);
v1 = sub_FFFFFFF00834FFC4(v0, 0x6FC23AC00uLL, 0LL);
v2 = (v0->vtable->OSObject.release_1)(v0);
if ( v1 )
v2 = (*(*v1 + 40LL))(v1);
return sub_FFFFFFF007D5A4D4(v2);
}


We don’t have that yet, so simply patch it to return after entering the function.

Shell we dance?

Now we can boot userland and launch bash but we can not input anything.

1
2
3
4
Thu Jan  1 00:00:00 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Failed to bootstrap path: path = /AppleInternal/Library/LaunchDaemons, error = 2: No such file or directory
Thu Jan 1 00:00:00 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Notice>: exiting bootstrap mode
Thu Jan 1 00:00:00 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Notice>: exiting ondemand mode
bash-5.0#

after some debugging we can find that the FIQ handler was never called. That means there might be something wrong with our timer. Comparing the kernel of iOS 13 and iOS 14, I notice that

1
2
3
4
5
6
7
8
__text:FFFFFFF007D05C00 loc_FFFFFFF007D05C00                    ; CODE XREF: sub_FFFFFFF007D05AB4+130↑j
__text:FFFFFFF007D05C00 MRS X9, #0, c14, c1, #0
__text:FFFFFFF007D05C04 MOV W10, #0xD
__text:FFFFFFF007D05C08 BFI W10, W8, #4, #0x1C
__text:FFFFFFF007D05C0C ORR X8, X9, X10
__text:FFFFFFF007D05C10 MSR #0, c14, c1, #0, X8
__text:FFFFFFF007D05C14 MOV W8, #1
__text:FFFFFFF007D05C18 MSR #3, c14, c2, #1, X8

iOS 13 enables the physical timer while in iOS 14

1
2
3
4
5
__text:FFFFFFF007B6708C                 STP             X9, XZR, [X8,#0x58] ; Store Pair
__text:FFFFFFF007B67090 MOV W8, #1 ; Rd = Op2
__text:FFFFFFF007B67094 MSR #3, c14, c3, #1, X8 ; Transfer Register to PSR
__text:FFFFFFF007B67098 MOV W8, #2 ; Rd = Op2
__text:FFFFFFF007B6709C MSR #3, c14, c2, #1, X8 ; Transfer Register to PSR

It enables the virtual timer, thus

1
qdev_connect_gpio_out(cpudev, GTIMER_VIRT, qdev_get_gpio_in(cpudev, ARM_CPU_FIQ));

that is all we need! And we can unpatch the IORTC hack. Now we have an interactive shell!

1
2
3
4
5
6
7
8
9
bash-5.0# uname -a
Darwin localhost 20.1.0 Darwin Kernel Version 20.1.0: Fri Oct 30 00:34:17 PDT 2020; root:xnu-7195.42.3~1/RELEASE_ARM64_T8015 iPhone10,3 arm64 D22AP Darwin
bash-5.0# sw_vers
ProductName: iPhone OS
ProductVersion: 14.2
BuildVersion: 18B92
bash-5.0# id
uid=0(root) gid=0(wheel) groups=0(wheel)
bash-5.0#

Conclusion

Ah, time to add iOS 16 support.