Beware, chances are the device will panic and reboot.
Just want the binaries?
Head over to Releases. :)
- Jailbroken Device
tfp0kernel patch (see below)- If you don't have XCode:
- GNU make
- C compiler for iOS
- Code signing utility
A kernel patch is required for these tools to work, since access to kernel memory is natively unavailable for obvious reasons.
That patch is normally referred to as task-for-pid-zero (short tfp0), and is included in almost every public jailbreak.
The latest release of these tools is confirmed to work with:
- p0sixspwn on 6.1.x
- Pangu on 7.1.x
- TaiG on 8.4
- Pangu9 on 9.1
- qwertyoruiop's jailbreakme on 9.3.x
- extra_recipe on 10.0-10.2
- Yalu102 (beta4 or later) on 10.0.1-10.2
Jailbreaks that DO NOT seem to enable tfp0, and thus DO NOT work with kern-utils:
- Pangu9 on 9.0.x (but can be enabled with cl0ver)
- Pangu9 on 9.2-9.3.3 (but see qwertyoruiop's jailbreakme)
- YaluX on 10.0.1-10.1.1
If you have information about how the kernel task port can be obtained in these versions, please open a ticket and tell me.
| Name | Function |
|---|---|
kdump |
Dump a running iOS kernel to a file |
kinfo |
Display various kernel information |
kmap |
Visualize the kernel address space |
kmem |
Dump kernel memory to the console |
kpatch |
Apply patches to a running kernel |
nvpatch |
Display and patch NVRAM variables permissions |
git clone https://github.com/Siguza/ios-kern-utils
cd ios-kern-utils
make # build just the binaries
make deb # build a deb file for Cydia
make xz # package binaries to a .tar.xz
make dist # deb && xz
For make you may also specify the following environment variables:
| Name | Function | Default value | ||
|---|---|---|---|---|
| OS X | iOS | Linux | ||
IGCC |
iOS compiler | xcrun -sdk iphoneos gcc |
clang |
ios-clang |
IGCC_ARCH |
Target architecture(s) | -arch armv7 -arch arm64 |
||
IGCC_FLAGS |
Custom compiler flags | none | ||
LIBTOOL |
Archive manipulation utility | xcrun -sdk iphoneos libtool |
libtool |
ios-libtool |
STRIP |
Symbol remover utility | xcrun -sdk iphoneos strip |
strip |
ios-strip |
SIGN |
Code signing utility | codesign |
ldid |
|
SIGN_FLAGS |
Code signing flags | -s - --entitlements misc/ent.xml |
-Smisc/ent.xml |
|
As of late, kern-utils can also be compiled for and used on macOS.
Compile with:
IGCC=gcc IGCC_ARCH='-arch x86_64' SIGN=true STRIP=strip LIBTOOL=libtool make clean all
The SIGN=true is a dirty hack to skip signing, which is necessary because Sierra and later will not allow self-signed binaries with restricted entitlements to run. However, entitlements aren't needed on macOS since the kernel task port is obtained via a different API very much thanks to Jonathan Levin.
In order to use kern-utils, SIP needs to be at least partially disabled. If you don't want to disable it completely, you can use:
csrutil enable --without debug
MIT.
Original project by Samuel Groß.
nvpatch is largely based on nvram_patcher by Pupyshev Nikita.
Maintained and updated for iOS 8 and later by Siguza.
- Test on Linux
- Keep up with the original repo