GUI

[V3rochka]

Make the Graphic Frame Buffer work and displayed in a QEMU window.

[khanhduytran0]

Can Project Sandcastle's framebuffer driver being used to get graphics working?

[jonyafek]

Don't think so, their driver is for connecting linux to the iPhone's screen. What we need to do is to connect iOS to QEMU's "screen".

[khanhduytran0]

Or maybe obtain driver code from the leaked iBoot source code? (Maybe get DMCA, or push a bunch of modifications to Apple no longer able to detect them).

[asdfugil]

can the framebuffer in https://github.com/checkra1n/pongoOS be used? (i think they have darwin ABI)

[jonyafek]

Unfortunately I don't think it is helpful. The first challenges are on the iOS side. We need to force the iOS kernel to enable the graphic interface and starting using the framebuffer with software rendering. Since PongoOS runs before iOS I think both challenges are unrelated to this code you are referencing.

[khanhduytran0]

So, run SpringBoard and debug from it.

[VisualEhrmanntraut]

I'm interested in doing this, how do I run SpringBoard? I've done the steps in the wiki and have a XNU QEMU running iOS 12

[VisualEhrmanntraut]

It seems SpringBoard is running, but not displaying

Registering: ../arm-io@2240000/AppleS8000IO/disp0@6200000/IOMobileFramebuffer

IOMobileFramebuffer seems to be attaching. I'm looking at the decompilation of kernelcache.release.n66.out using Ghidra and so far I'm not understanding how iOS is blocking software rendering

[sophia-angel]

Apologizes for the bump, but is the GUI portion still being worked on?? :)

[asdfugil]

nop Well, not in this repository anyway

[sophia-angel]

What repo are they doing it in then? :)

[asdfugil]

What repo are they doing it in then? :)

Well I mean there's no activity on this repository for a long time so...

There is a fork (not related) of iOS QEMU at https://github.com/TrungNguyen1909/qemu-t8030 it still does not have GUI yet, and it uses QEMU 7.0.0.

SpringBoard requires Metal besides a basic graphical framebuffer, so it will be difficult to do.

[4val0v]

Metal support is partially implemented here https://github.com/iqemu64/iqemu64

[VisualEhrmanntraut]

Metal support is partially implemented here https://github.com/iqemu64/iqemu64

Bullshit

[raspiduino]

Metal support is partially implemented here https://github.com/iqemu64/iqemu64

Bullshit

Is that thing really work?

[VisualEhrmanntraut]

Metal support is partially implemented here https://github.com/iqemu64/iqemu64

Bullshit

Is that thing really work?

Literally just QEMU with the history removed. If mouths could shit this guy would have two butts

[raspiduino]

Metal support is partially implemented here https://github.com/iqemu64/iqemu64

Bullshit

Is that thing really work?

Literally just QEMU with the history removed. If mouths could shit this guy would have two butts

:v

[VisualEhrmanntraut]

Seems like I was partially wrong, there are changes but from what I can tell it just knows how to run iOS binaries (in bsd-user directory) but it doesn't emulate any hardware, it is just binary emulation

[raspiduino]

So that means it require a MacOS or *BSD host to run?

If *BSD is OK then that's really easy, go and get FreeBSD, OpenBSD or NetBSD

[VisualEhrmanntraut]

No, it doesn't have Metal emulation. It just knows how to parse and run iOS binaries, so it would only work in macOS itself

[raspiduino]

No, it doesn't have Metal emulation. It just knows how to parse and run iOS binaries, so it would only work in macOS itself

Well there is actually MacOS (both x86_64 and ARM64 emulation, but ARM64 doesn't have display), so I think it will work in a Mac VM, but slowwwwwwwwwwwwww

[VisualEhrmanntraut]

No, it doesn't have Metal emulation. It just knows how to parse and run iOS binaries, so it would only work in macOS itself

Well there is actually MacOS (both x86_64 and ARM64 emulation, but ARM64 doesn't have display), so I think it will work in a Mac VM, but slowwwwwwwwwwwwww

Virtualised macOS without GPU passthrough (via KVM or similar) wouldn't have acceleration anyway

[khanhduytran0]

Corellium reveals an interesting but also undocumented boot argument: gpu=0. I tested on physical device, it actually forced iOS to do software rendering. Hope this helps. Edit: this argument only works on iOS 12, unfortunately, it appears that Apple took away software rendering since iOS 13.

We need to force the iOS kernel to enable the graphic interface and starting using the framebuffer with software rendering.