[go: up one dir, main page]
Skip to content
/ xnu_gym Public

xnu_gym is a pongoOS module that patches XNU to reintroduce previously known and patched vulnerabilities. This is an easy way to practice kernel exploitation and jailbreak development!

License

MIT license
55 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tjkr0wn/xnu_gym

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
include
include
 
 
loader
loader
 
 
xnu_gym
xnu_gym
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
logo.png
logo.png
 
 
reverse_hex_order.py
reverse_hex_order.py
 
 

Repository files navigation

Logo

xnu_gym

xnu_gym is a project meant to purposely inject bugs into an iOS kernel that are trigerrable from userspace. This is perfect for any beginner to iOS kernel exploitation so that they can practice their skills from exploitation to launching a full jailbreak on a device.

PLEASE NOTE: This is not a live build. This project is still not runnable. Progress IS being made, however I still have to do some reverse engineering of the XNU kernel to verify some functions as well as do some reading on previous vulnerabilities in order to properly reintroduce them. Thanks for your patience!

Huge thanks to jsherman212 for all the help with the KPF JIT API! I took a lot of inspiration from his svc_stalker module, go check it out!

https://github.com/jsherman212/svc_stalker/

Restrictions

Devices: Devices compatible with the checkra1n jailbreak (https://checkra.in/)

iOS Version: I'm only supporting iOS versions 13.0 to 14.5.1

Tested device/iOS Versions:

  *iPhone 8 global (iPhone10,1)*

    iOS 14.5.1 (18E212)

    iOS 13.6.1 (17G80)

    iOS 13.0 (17A577)

Loading/usage

Loading and using xnu_gym is super easy. In the loader directory you'll find a load_xnu_gym.py Python3 script. This is a quick script I whipped up to load the xnu_gym binary pongoOS module and subsequently provide an easy console to select your vulnerabilities and reboot into XNU!

Simply run python3 load_xnu_gym.py

A nice interactive console will pop up for you that makes it easy and automates your selection of vulnerabilities.

PLEASE NOTE: Any errors with the module itself will appear on your device's screen, so be aware. All loader-related issues will appear normally in the Terminal/console on your computer.

How it works

xnu_gym works as a pongoOS module. Once your device boots from pongoOS into the kernel, xnu_gym will work by looking for and patching your selected bugs.

Building

I provide a binary in the build directory. If you don't feel comfortable using one of these binaries, feel free to build the module from source!

Only difference between the source code and the binary is that the binary does not have debug messages enabled. Simply un-comment the #define DEBUGBUILD macro in the defs.h header file to enable it. (Not commented right now because testing)

SHA256 Hashes of builds:

Live build: <283c7bada51a1243c3d92560d3871cb1b5f2217a23810c1900e60f5410d25471>

Issues

There may be some issues with finding opcode sequences/matching. If so, please submit an issue on this repo and I'll check it out!

If any other peculiar errors arrise, please do the same process!

❤️ from TK Cracks

About

xnu_gym is a pongoOS module that patches XNU to reintroduce previously known and patched vulnerabilities. This is an easy way to practice kernel exploitation and jailbreak development!

Topics

jailbreak exploitation userspace xnu-gym ios-kernel

Resources

Readme

License

MIT license
Activity

Stars

55 stars

Watchers

7 watching

Forks

5 forks
Report repository

Releases

No releases published

Languages