Apple Data Formats and Knowledge

A collection of reverse engineered Apple formats, protocols, or other interesting bits.

Join us on Discord - Discord Rules

Repo inspired by Papers we Love

Our Tooling Repos

Our Homebrew Tap

Install our tap with brew tap hack-different/homebrew-jailbreak

Information about the maintaining of that tap can be found at homebrew-jailbreak

Contributing and a warning

Linking your Discord and GitHub

We want this collection to be around for new jailbreakers and hobbyists for years to come, so we must say: this collection accepts (with gratitude) pull-requests that improve it, but under no circumstances will a PR based on AppleInternal, or any other copyrighted works protected by the DMCA be accepted. If you need help determining this, tag the PR with license help, join the Discord server, and ask a #Legit or higher role for help.

Violation of the DMCA or Copyright law is the responsibility of the submitter.

Primary Data Source

We attempt to derive from machine sources and produce machine readable files (YAML) in this repo under _data. For information about creating and extending data format see Data Format Guidance.

Updates and additions there should automatically be reflected in the documents

hack-different/apple-knowledge/_data

Another authoritative source of information is the open source code released by Apple themselves at one of the following locations:

Tools

Libraries for Binary Analysis and Modification

See docs/Binary_Tooling

Tools for Binary Analysis and Modification

mootool - FOSS Ruby Mach-O Tool (aims to replicate jtool2 feature set)
ktool - FOSS Python Mach-O Tool
checkra1n/toolchain
alephsecurity/xnu-qemu-arm64
- alephsecurity/xnu-qemu-arm64-tools
- Build iOS on QEMU
IDA Disassembler by HexRays
Binary Ninja Disassembler
VisUAL ARM Simulator
Ghidra Disassembler
- AllsafeCyberSecurity/awesome-ghidra
- 0x36/ghidra_kernelcache
Hopper Disassembler
blacktop/ipsw
jtool2
frida

Guides and General

Devices

Device List
[T2]
Wi-Fi / Bluetooth
- seemoo-lab/frankenstein
- seemoo-lab/internalblue
The iPhone Wiki
SMC (System Management Controller) for pre-T2
- acidanthera/VirtualSMC
- t8012/smcutil - Create SMC binaries from update payloads

Kernel General

Protocols / Formats

Bootloader Related

Archive / Disk Formats

APFS - Apple Filesystem
LwVM Lightweight Volume Manager
NeXT / Apple "Bill of Materials" / pkg / bom
- iineva/bom
pbzx
Apple Disk Image - dmg
Signed System Volumes (SSV) / root_hash

Databases / Serialization

Property Lists
- libimobiledevice/libplist
iTunes database
Apple iDevice Backup Format
- rickmark/libibackup

Image, Sound and Other Resources

Software Update / Installers

Code and Signature Formats

Mach-O File Types - Mach-O / Signing / Entitlements
img4 - Apple signed images, version 4
- https://www.theiphonewiki.com/wiki/IMG4_File_Format
- h3adshotzz/img4helper
TrustCache - Pre-authorized Binary Hashes
- Apple Platform Security - Trust caches
- t8012/go-aapl-integrity
EALF - eficheck baselines
ChunkList - Used to verify macOS Recovery / Internet Recovery
- t8012/go-aapl-integrity
dyld and DSC (dyld Shared Cache)
- Levin's Dyld
- rickmark/yolo_dsc - Used as last resort and depend on Xcode
- arandomdev/DyldExtractor - Fixes up linking
- dyld_shared_cache_util.cpp
iBoot LocalPolicy, RemotePolicy and BAA signing
- M1_Boot_Policy
Rosetta2
- ProjectChampollion
Swift
- Swift Mangling

Sandbox or 'Seatbelt'

Secure Enclave Processor

ARM / x86

ARM General
Apple CPUs
- Asahi: Introduction to Apple Silicon
- dougallj's applecpu
Compilers
- ARM Clang PAC ABI
ARM Mitigations
- APRR
- PAN
- SPRR & GXF

Hypervisor / Virtualization

Apple Hypervisor
- https://developer.apple.com/documentation/hypervisor
- https://developer.apple.com/documentation/hypervisor/apple_silicon

Coprocessors

USB / Wired Protocols / Low Level Hardware

Basically all iDevice / iTunes
DFU / Recovery
- libimoibledevice/libirecovery
- https://habr.com/en/company/dsec/blog/472762/
usbmuxd - USB transport for iDevices
- libimobiledevice/usbmuxd
- t8012/demuxusb
com.apple.restored - iDevice Restore Protocol
- libimobiledevice/idevicerestore
UTDM - USB Target Disk Mode
- rickmark/apple_utdm
USB-C Power Delivery - Vendor Defined Messages
- USB-C Port Controller (ACE) Secrets
- rickmark/macvdmtool
Lightning
- http://ramtin-amin.fr/#tristar
- https://nyansatan.github.io/lightning/
NVMe / NAND / PCIe
- http://ramtin-amin.fr/#nvmepcie
- http://ramtin-amin.fr/#nvmedma
gh2o/rvi_capture
osy/ThunderboltPatcher
Qi Wireless Charging

Network / Wireless / Transit

Apple Wi-Fi Password Sharing
- seemoo-lab/openwifipass
AWDL - Apple Wireless Distribution Link
- https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
Bluetooth Bonjour (Service Discovery)
iCloud
- https://gitlab.com/nicolas17/mesu-archive
Apple Watch Pairing
com.apple.terminusd
Magic Pairing
- https://arxiv.org/pdf/2005.07255.pdf
ATC - Air Traffic Control - iTunes Wi-Fi Sync
RemoteXPC
- https://duo.com/labs/research/apple-t2-xpc
- http://newosxbook.com/tools/XPoCe2.html
macOS Internet Recovery
- rickmark/apple_net_recovery
- Internet Recovery
iCloud Keychain (Umbrella for multiple formats)
- https://www.theiphonewiki.com/wiki/ICloud_Keychain

System Configuration and State

FDR - Factory Data Restore
SysCfg - System Configuration - Serial Number and other Device Info
APTicket - The root of an authorized version set

Diagnostic Protocols

AWDD - Apple Wireless Diagnostics (misnomer, more than wireless, system trace)
- rickmark/awdd_decode
Mojo Serial
- MojoKDP.kext.S
XHC20 USB Capture
- https://github.com/t8012/demuxusb/blob/b6b1a1a6633449c2cb16ad44edcc22aab4dc29cd/ext/pcapng.h

Jailbreaks

Jailbreak Tooling

X-Plat

Safety / Protection

CREDITS

Hack Different - Apple Knowledge is a product of the entire community and belongs to the community. It is facilitated by the volunteer work of the Hack Different moderation team.

Portions of data and knowledge come from https://theiphonewiki.org, https://libimobiledevice.org, and https://checkra.in, as well as the individuals who brought you those projects. (And many more!)

Special mention to Jonathan Levin and Amit Singh for taking the time to publish books on these topics.

A list of all projects and their contributors is at CREDITS and is updated by a script. If there are persons not updated due to limitations, please PR the CREDITS page and call them out.

Setting up `overcommit`, the linters, and the build

Main article is in BUILD

To keep the repo, docs, and data tidy, we use a tool called overcommit to connect up the git hooks to a set of quality checks. The fastest way to get setup is to run the following to make sure you have all the tools:

brew install hunspell
gem install overcommit bundler
bundle install
overcommit --install

Why not <insert wiki here>

Wiki's best serve prose, and part of the goal here is to leverage machine readable and ingestable information with human augmentation wherever possible.

As of 2022, GitHub has 56 million users. That means that there are 56 million people who are able to contribute directly to this repo via a fork and PR, in opposition to wiki's which have a relatively small number of potential editors. The PR process also allows for modifications to be reviewed, commented and debated before inclusion.

License

The contents of this repo are dual-licensed:

Code and data licensed under the MIT license

Documents also licensed under the CC-BY-SA

Creative Commons License {style="border-width:0"} {rel=license} Apple Knowledge{:xmlns:dct="http://purl.org/dc/terms/", :property="dct:title"} by Hack Different{:xmlns:cc="http://creativecommons.org/ns#", :property="cc:attributionName", :rel="cc:attributionURL"} is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](http://creativecommons.org/ licenses/by-sa/4.0/){:rel="license"}

Dedication

Here’s to the crazy ones, the misfits, the rebels, the troublemakers

the round pegs in the square holes…

the ones who see things differently — they’re not fond of rules…

You can quote them, disagree with them, glorify or vilify them, but the only thing you can’t do is ignore them because they change things…

They push the human race forward, and while some may see them as the crazy ones,

we see genius,

because the ones who are crazy enough to think that they can change the world,

are the ones who do.

— Steve Jobs, 1997

Also dedicated to the volunteer work of those who use this for good, and deny the shadow to those who seek to harm.

gyyfifafans/apple-knowledge