sickcodes / docker-eyeos Goto Github PK

Run iPhone (xnu-arm64) in a Docker container! Supports KVM + iOS kernel debugging (GDB)! Run xnu-qemu-arm64 in Docker! Works on ANY device.

Home Page: https://hub.docker.com/r/sickcodes/docker-eyeos

License: GNU General Public License v3.0

Dockerfile 40.14% Shell 59.86%

docker ios kernel gdb xnu arm

docker-eyeos's Introduction

Docker-eyeOS

Run the iPhone's xnu-qemu-arm64 (iOS) in a Docker container

Supports KVM + GDB kernel debugging! Run armv8-A in a Docker! Works on ANY device!

Follow us @sickcodes on Twitter for updates!

Docker-eyeOS v1.0.12.1

Features In Docker-eyeOS

qemu-system-aarch64 boot into iOS!
Runs on ANY device
FULL iOS armv8-A GDB Kernel debugging support (step thru & debug the iOS kernel on Linux!)
X11 Forwarding (future Display)
SSH on localhost:2222 or container.ip:2222
GDB on localhost:1234 or container.ip:1234
QEMU Full xnu-qemu-Virtualization
Container host Arch

Author:

Run iPhone (xnu-arm64) in a Docker container! Supports KVM + iOS kernel debugging (GDB)! Run xnu-qemu-arm64 in Docker! Works on ANY device.

Dockerhub

https://hub.docker.com/r/sickcodes/docker-eyeos

mkdir -p images
cd images

wget https://images.sick.codes/hfs.sec.zst
wget https://images.sick.codes/hfs.main.zst

# decompress images, uses about 15GB
zstd -d hfs.main.zst
zstd -d hfs.sec.zst

docker pull sickcodes/docker-eyeos:latest

docker run -it --privileged \
    --device /dev/kvm \
    -e RAM=6 \
    -e HFS_MAIN=./images/hfs.main \
    -e HFS_SEC=./images/hfs.sec \
    -p 2222:2222 \
    -v "$PWD:/home/arch/docker-eyeos/images" \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    sickcodes/docker-eyeos:latest


ssh root@localhost -p 2222

# password is alpine

# -----> Try to SSH about 4 times
# -----> also needs to HIT ENTER a few times in the terminal to kick it along

NOTE:

Hit enter a few times in the container terminal until you see -bash-4.4#
SSH into the container on localhost:2222 or containerIP:2222

RUN Docker-eyeOS with GDB iOS Kernel Debugging!

docker run -it --privileged \
    --device /dev/kvm \
    -e RAM=6 \
    -e HFS_MAIN=./images/hfs.main \
    -e HFS_SEC=./images/hfs.sec \
    -p 2222:2222 \
    -v "$PWD:/home/arch/docker-eyeos/images" \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 1233:1234 \
    -e GDB_ARGS='-S -s' \
    sickcodes/docker-eyeos:latest

# image will halt

# get container ID
docker ps
docker exec -it 3cb2d14fc11a /bin/bash -c "cd /home/arch/docker-eyeos/xnu-qemu-arm64-tools/gdb; gdb-multiarch -q"

# run 
source load.py
target remote localhost:1234

Export PATH

# once you have SSH'ed in, export PATH and look busy!
export PATH=/iosbinpack64/usr/bin:/iosbinpack64/bin:/iosbinpack64/usr/sbin:/iosbinpack64/sbin:$PATH

How do I mount the disk and put stuff in there?

sudo losetup -f 
sudo losetup /dev/loop0 ./hfs.main

# mount in a file manager

# unmount and delete loop device when done
sudo losetup -d /dev/loop0

Upstream Projects

xnu-qemu-arm64 a.k.a the guts of this project
xnu-qemu-arm64-tools

Upstream Masterminds

Supported by:

Aleph Security @AlephSecurity
Vera Mens @v3rochka GitHub && @v3rochka Twitter
Jonathan Afek @jonyafek GitHub && @JonathanAfek Twitter
Lev Aronsky @aronsky GitHub && @levaronsky Twitter

TCP Tunnel for Linux rework:

MCApollo @MCApollo GitHub

Requirements

20GB++ of Disk Space
QEMU
KVM

GDB Debugging

# run Docker-eyeOS with
-e GDB_ARGS='-S -s' \

# get container id
docker ps

# run gdb-multiarch
docker exec containerid /bin/bash -c "cd /home/arch/docker-eyeos/xnu-qemu-arm64-tools/gdb; gdb-multiarch -q"

# run 
source load.py
target remote localhost:1234

Run outside the container

# Ubuntu, Debian, Pop!_OS
sudo apt install gdb-multiarch
# Arch, Majaro
sudo pacman -S gdb-multiarch

git clone https://github.com/alephsecurity/xnu-qemu-arm64-tools.git
cd ./xnu-qemu-arm64-tools/gdb
sudo gdb-multiarch -q
source load.py
target remote localhost:1234

Coming Soon

ARCH: xnu-qemu-arm64 for iOS 14
ETA: son, follow @sickcodes && @sickcodes

Supported

KVM

Requires a device that supports armv8-A

See https://alephsecurity.com/2020/07/19/xnu-qemu-kvm/

# proposed docker env command line args when KVM 
    -e KVM=true
    -e KVM=false

What does it do?

Docker-eyeOS is an exploration platform for researchers and anyone who is interested in the XNU kernel.

Images

Create your own using Docker-OSX
And then run osx-build-xnu-disks.sh shell script.

Image build script for Docker-OSX

# compress images for any reason
zstd -k hfs.main
zstd -k hfs.sec

# decompress images
zstd -d hfs.main.zst
zstd -d hfs.sec.zst

# after you decompress HFS Plus images, you must fsck them until they are OK using hfsprogs.

fsck.hfsplus -fp ./hfs.sec
fsck.hfsplus -fp ./hfs.sec
fsck.hfsplus -fp ./hfs.main
fsck.hfsplus -fp ./hfs.main

Optional Flags

Download pre-patched image -

WARNING 1.8GB of disks are downloaded
Expands to 12GB of disks uncompressed

-e GDB_PORT=1234

Default is already set to 1234, feel free to change it

-e GDB=true

Enables GDB (QEMU will be interrupted until GDB starts)

Unpatched Version

Alternatively, you can create your own disks as abov
If you do not wish to patch dyld then you should include all 4 files in your images folder:

./hfs.main

./hfs.sec

./static_tc

./tchashes

To Do (Help Wanted)

Ad hoc images

-e STORAGE=host

Store the images in ./images on the host folder

-e STORAGE=guest

Store the images in a local folder inside the container (Watch out for disk space usage if doing this)

VNC

mkdir screendump
cd screendump
wget https://github.com/cosmosgenius/screendump/releases/download/0.0.3/com.cosmosgenius.screendump_0.0.3_iphoneos-arm.deb
sudo pacman -S wget
wget https://github.com/cosmosgenius/screendump/releases/download/0.0.3/com.cosmosgenius.screendump_0.0.3_iphoneos-arm.deb
ar -x com.cosmosgenius.screendump_0.0.3_iphoneos-arm.deb
tar -xzvf data.tar.lzma
# mount and put in the disk

Solve outbound networking

bash -i >& /dev/tcp/google.com/80 0>&1          # requires DNS
bash -i >& /dev/tcp/172.217.22.142/80 0>&1      # perhaps -netdev

How to build your own hfs.main and hfs.sec disk on GNU/Linux for Docker-eyeOS

Note: this process can take around 1-4 hours depending on your specs.

Use OSX or create a quick OSX-KVM using Docker-OSX

# this is Docker-OSX btw
docker run --device /dev/kvm \
--device /dev/snd \
-e RAM=12 \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
sickcodes/docker-osx:latest

Complete the graphical installation, guide here: https://github.com/sickcodes/Docker-OSX#additional-boot-instructions
Turn on SSH in Sharing Settings
Write down your docker container ID with docker ps, e.g. f771bff2192d -- You can start the docker later using docker run f771bff2192d -- You don't need to login to SSH into the Docker-OSX
SSH into your Docker-OSX and add yourself as a NOPASSWD root user (extremely insecure, only do if you will tear-down later).

# OPTIONAL SPEED UP
ssh fullname@localhost -p 50922

sudo tee "/private/etc/sudoers.d/sudoers_$USER" <<EOF
${USER} ALL = (ALL) NOPASSWD: ALL
EOF

Complete the script on OSX that is inside this repo

https://github.com/sickcodes/Docker-eyeOS/blob/master/osx-build-xnu-disks.sh

Pull the images out when you're done:

scp -P 50922 fullname@localhost:~/static_tc .
scp -P 50922 fullname@localhost:~/tchashes .
scp -P 50922 fullname@localhost:~/hfs.main .
scp -P 50922 fullname@localhost:~/hfs.sec .

Enjoy!

<3 Sick.Codes(https://sick.codes)

docker-eyeos's People

Contributors

Stargazers

Watchers

Forkers

andnixsh ilyastray777 rellikjaeger tiamat-tech emmanuelcohenlaroque ljjbluesky bb33bb weizenberg hamida321 cualquiercosa327 xtiankisutsa karakaslar2 ha1vk ecpala crackercat hummans malcom2073 jtarang francoisferrand carlosal1015 hotwordland lyhiving cjh0613 jevey dylanleveille docdocker fateblessme ekmixon henryvoorburg baro77 mrcodechef gtrevg techris45 xphillyx islam-alshiki gladiopeace cubantech nightincode suryatmodulus siddhantvinchurkar frankfanslc ink-splatters bryceford-xyz cgoncalves1 ttotal shraktotal unicornsnake charlemagne2017 pingod midhun340 oxyhyxo guorenxi ahmed-tasaly thestillwind virtzilla xx-docker jerk400 djd0723 wellcomez cherry0021 xiaoxiaocaiiao reckon4 lookming1566 bobbyssee tony7466 alonecoder2011

docker-eyeos's Issues

Proposal to change the name of the project to Docker-iOS

Should I change the name?

iOS14 launchd patch

Missing:

fstab boot alternative (boots with it there, it shouldnt)
launchd patch to run unsigned apps

Download iOS 14 for iPhone6s from

https://api.ipsw.me/v4/ipsw/download/iPhone8,1/18A393

https://ipsw.me/download/iPhone8,1/18A393

wget http://updates-http.cdn-apple.com/2020SummerFCS/fullrestores/001-50286/824AF39B-1ED4-415B-91E3-7665E0EA6E0B/iPhone_4.7_14.0.1_18A393_Restore.ipsw


unzip iPhone_4.7_14.0_18A373_Restore.ipsw

git clone https://github.com/alephsecurity/xnu-qemu-arm64-tools.git
git clone https://github.com/apple/darwin-xnu.git 
git clone --recursive https://github.com/alephsecurity/xnu-qemu-arm64.git

python3 xnu-qemu-arm64-tools/bootstrap_scripts/asn1kerneldecode.py kernelcache.release.n71 kernelcache.release.n71.asn1decoded
python3 xnu-qemu-arm64-tools/bootstrap_scripts/decompress_lzss.py kernelcache.release.n71.asn1decoded kernelcache.release.n71.out
python3 xnu-qemu-arm64-tools/bootstrap_scripts/asn1dtredecode.py Firmware/all_flash/DeviceTree.n71ap.im4p Firmware/all_flash/DeviceTree.n71ap.im4p.out

# get symbols, FYI need to use llvm-nm on Linux
nm kernelcache.release.n71.out > symbols.nm 2>/dev/null || llvm-nm kernelcache.release.n71.out > symbols.nm

export XNU_SOURCES=$PWD/darwin-xnu
export KERNEL_SYMBOLS_FILE=$PWD/symbols.nm
export QEMU_DIR=$PWD/xnu-qemu-arm64
export NUM_BLOCK_DEVS=2


# DARWIN STATES
cd ./xnu-qemu-arm64-tools
git reset --hard HEAD^1
git checkout master
git remote add sickcodes https://github.com/sickcodes/xnu-qemu-arm64-tools.git
git remote add mcapollo https://github.com/MCApollo/xnu-qemu-arm64-tools.git
git fetch --all
git reset --hard HEAD^1
git pull --all
git checkout 10ce50869ce573725774cd0e9a2a431ff3beec5c
echo 'Thank you MCApollo && Lev Aronsky!'
cd ..

cd ./xnu-qemu-arm64
git reset --hard HEAD^1
git checkout master
git remote add sickcodes https://github.com/sickcodes/xnu-qemu-arm64.git
git remote add mcapollo https://github.com/MCApollo/xnu-qemu-arm64.git
git fetch --all
git reset --hard HEAD^1
git pull --all
git checkout bbd2d9955021d72d5dbfccc94a034cc671c41181
echo 'Thank you MCApollo && Lev Aronsky!'
cd ..


# will NOT work on GNU right now, but will work on OSX
make -C xnu-qemu-arm64-tools/aleph_bdev_drv clean
make -C xnu-qemu-arm64-tools/aleph_bdev_drv



python3 xnu-qemu-arm64-tools/bootstrap_scripts/asn1rdskdecode.py ./048-58813-634.dmg ./048-58813-634.dmg.out
# python3 xnu-qemu-arm64-tools/bootstrap_scripts/asn1rdskdecode.py ./048-58666-519.dmg ./048-58666-519.dmg.out #failed
python3 xnu-qemu-arm64-tools/bootstrap_scripts/asn1rdskdecode.py ./048-58904-639.dmg ./048-58904-639.dmg.out

# /run/media/user/OS/LINUX/IPSW/048-58666-519.dmg


echo "BIG DISK ./048-58666-519.dmg"
echo "LITTLE DISK ./048-58904-639.dmg.out #98"

Offload to OSX

scp ./048-58904-639.dmg.out macc:~/hfs.14.main
scp ./048-58666-519.dmg macc:~/hfs.14.sec

In OSX

hdiutil resize -size 10G -imagekey diskimage-class=CRawDiskImage ./hfs.14.main
hdiutil attach -imagekey diskimage-class=CRawDiskImage ./hfs.14.main
hdiutil attach ./hfs.14.sec

sudo diskutil enableownership /Volumes/Azul18A373.arm64CustomerRamDisk/
sudo rm -rf /Volumes/Azul18A373.arm64CustomerRamDisk/*
sudo rsync -av /Volumes/Azul18A373.N71OS/* /Volumes/Azul18A373.arm64CustomerRamDisk/
sudo chown root /Volumes/Azul18A373.arm64CustomerRamDisk/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64

sudo rm -rf /Volumes/Azul18A373.arm64CustomerRamDisk/private/var/*

git clone https://github.com/jakeajames/rootlessJB
cd rootlessJB/rootlessJB/bootstrap/tars/
tar xvf iosbinpack.tar
sudo cp -R iosbinpack64 /Volumes/Azul18A373.arm64CustomerRamDisk/
echo "Thank you @jakeajames!"
cd -

command dropbear || brew install dropbear
dropbearkey -t rsa -f ./dropbear_key | grep "^ssh-rsa " >> dropbear_key.pub
sudo mkdir -p /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear
sudo cp dropbear_key /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear/dropbear_key
sudo cp dropbear_key.pub /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear/dropbear_key.pub

### MAC

# drop Dropbear keys inside the 
if [[ $(uname) = Linux ]]; then
    sudo rm ./dropbear_ecdsa_host_key
    sudo rm ./dropbear_rsa_host_key
    sudo rm ./dropbear_ed25519_host_key
    sudo mkdir -p /run/media/user/Azul18A373.arm64CustomerRamDisk/var/dropbear/
    sudo mkdir -p /run/media/user/Azul18A373.arm64CustomerRamDisk/etc/dropbear/

    sudo dropbearkey -t ecdsa -f ./dropbear_ecdsa_host_key | grep "^ecdsa-sha2-nistp256 " >> dropbear_ecdsa_host_key.pub
    sudo dropbearkey -t rsa -f ./dropbear_rsa_host_key | grep "^ssh-rsa " >> dropbear_rsa_host_key.pub
    sudo dropbearkey -t ed25519 -f ./dropbear_ed25519_host_key | grep "^ssh-ed25519 " >> dropbear_ed25519_host_key.pub

    KEY_FILES=(
dropbear_ecdsa_host_key
dropbear_ecdsa_host_key.pub
dropbear_rsa_host_key
dropbear_rsa_host_key.pub
dropbear_ed25519_host_key
dropbear_ed25519_host_key.pub
)
    for KEY_FILE in "${KEY_FILES[@]}"; do
        sudo cp -f "${KEY_FILE}" /run/media/user/Azul18A373.arm64CustomerRamDisk/var/dropbear/"${KEY_FILE}"
        sudo cp -f "${KEY_FILE}" /run/media/user/Azul18A373.arm64CustomerRamDisk/etc/dropbear/"${KEY_FILE}"
    done

else
    sudo mkdir -p /Volumes/Azul18A373.arm64CustomerRamDisk/var/dropbear/
    sudo mkdir -p /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear/
    sudo dropbearkey -t dss -f /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear/dropbear_dss_host_key
    sudo dropbearkey -t rsa -f /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear/dropbear_rsa_host_key
    sudo dropbearkey -t ecdsa -f /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear/dropbear_ecdsa_host_key
    sudo dropbearkey -t ed25519 -f /Volumes/Azul18A373.arm64CustomerRamDisk/etc/dropbear/dropbear_ed25519_host_key
    sudo dropbearkey -t dss -f /Volumes/Azul18A373.arm64CustomerRamDisk/var/dropbear/dropbear_dss_host_key
    sudo dropbearkey -t rsa -f /Volumes/Azul18A373.arm64CustomerRamDisk/var/dropbear/dropbear_rsa_host_key
    sudo dropbearkey -t ecdsa -f /Volumes/Azul18A373.arm64CustomerRamDisk/var/dropbear/dropbear_ecdsa_host_key
    sudo dropbearkey -t ed25519 -f /Volumes/Azul18A373.arm64CustomerRamDisk/var/dropbear/dropbear_ed25519_host_key
fi


sudo tee /Volumes/Azul18A373.arm64CustomerRamDisk/System/Library/LaunchDaemons/bash.plist <<'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnablePressuredExit</key>
    <false/>
    <key>Label</key>
    <string>com.apple.bash</string>
    <key>POSIXSpawnType</key>
    <string>Interactive</string>
    <key>ProgramArguments</key>
    <array>
        <string>/iosbinpack64/bin/bash</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/dev/console</string>
    <key>StandardInPath</key>
    <string>/dev/console</string>
    <key>StandardOutPath</key>
    <string>/dev/console</string>
    <key>Umask</key>
    <integer>0</integer>
    <key>UserName</key>
    <string>root</string>
</dict>
</plist>
EOF


sudo tee /Volumes/Azul18A373.arm64CustomerRamDisk/System/Library/LaunchDaemons/mount_sec.plist <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CFBundleIdentifier</key>
    <string>com.apple.mount_sec</string>
    <key>EnablePressuredExit</key>
    <false/>
    <key>EnableTransactions</key>
    <false/>
    <key>HighPriorityIO</key>
    <true/>
    <key>Label</key>
    <string>mount_sec</string>
    <key>POSIXSpawnType</key>
    <string>Interactive</string>
    <key>ProgramArguments</key>
    <array>
        <string>/sbin/mount</string>
        <string>/private/var</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>Umask</key>
    <integer>0</integer>
    <key>UserName</key>
    <string>root</string>
</dict>
</plist>
EOF


sudo tee /Volumes/Azul18A373.arm64CustomerRamDisk/System/Library/LaunchDaemons/tcptunnel.plist <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CFBundleIdentifier</key>
    <string>com.apple.tcptunnel</string>
    <key>EnablePressuredExit</key>
    <false/>
    <key>EnableTransactions</key>
    <false/>
    <key>HighPriorityIO</key>
    <false/>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>TcpTunnel</string>
    <key>POSIXSpawnType</key>
    <string>Interactive</string>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/tunnel</string>
        <string>2222:127.0.0.1:22</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>Umask</key>
    <integer>0</integer>
    <key>UserName</key>
    <string>root</string>
</dict>
</plist>
EOF


sudo tee /Volumes/Azul18A373.arm64CustomerRamDisk/System/Library/LaunchDaemons/dropbear.plist <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CFBundleIdentifier</key>
    <string>com.apple.dropbear</string>
    <key>EnablePressuredExit</key>
    <false/>
    <key>EnableTransactions</key>
    <false/>
    <key>HighPriorityIO</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>Dropbear</string>
    <key>POSIXSpawnType</key>
    <string>Interactive</string>
    <key>ProgramArguments</key>
    <array>
        <string>/iosbinpack64/usr/local/bin/dropbear</string>
        <string>--shell</string>
        <string>/iosbinpack64/bin/bash</string>
        <string>-R</string>
        <string>-E</string>
        <string>-F</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>Umask</key>
    <integer>0</integer>
    <key>UserName</key>
    <string>root</string>
</dict>
</plist>
EOF


# sudo sed -i -e 's%REPLACE_ME%/iosbinpack64%g' /Volumes/Azul18A373.arm64CustomerRamDisk/iosbinpack64/dropbear.plist

mkdir -p jtool
cd jtool
wget http://newosxbook.com/tools/jtool.tar
tar xvf jtool.tar
sudo chmod +x *
sudo cp jtool /usr/local/bin
cd -

git clone https://github.com/theos/sdks.git

export XNU_SOURCES=$PWD/darwin-xnu
export KERNEL_SYMBOLS_FILE=$PWD/symbols.nm
export QEMU_DIR=$PWD/xnu-qemu-arm64
export QEMU_TOOLS_DIR=$PWD/xnu-qemu-arm64-tools/
export NUM_BLOCK_DEVS=2
export KERNEL_CACHE=$PWD/kernelcache.release.n71.out
export DTB_FIRMWARE=$PWD/Firmware/all_flash/DeviceTree.n71ap.im4p.out
export DRIVER_FILENAME=$PWD/aleph_bdev_drv.bin
export IOS_DIR=$PWD
export HFS_MAIN=$PWD/hfs.14.main
export HFS_SEC=$PWD/hfs.14.sec
export SDK_DIR=$PWD/sdks/iPhoneOS11.2.sdk

# Update tree & Build the Custom Block Device Driver
cd ${QEMU_TOOLS_DIR}
git pull
cd ${IOS_DIR}

echo "Thanks you @Maroc-OS for these edits!"

make -C ${QEMU_TOOLS_DIR}/aleph_bdev_drv clean
make -C ${QEMU_TOOLS_DIR}/aleph_bdev_drv
cp ${QEMU_TOOLS_DIR}/aleph_bdev_drv/bin/aleph_bdev_drv.bin ${DRIVER_FILENAME}

# Update tree & Build XNU QEMU for iOS
cd ${QEMU_DIR}
git pull --all
cd -

tee ./ent.xml <<EOF
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>platform-application</key>
        <true/>
        <key>com.apple.private.security.container-required</key>
        <false/>
    </dict>
</plist>
EOF

cd xnu-qemu-arm64-tools/tcp-tunnel

make distclean
make clean
make
make install


cd -

# re attach
hdiutil attach -imagekey diskimage-class=CRawDiskImage ./hfs.14.main

Looking to patch DeviceTree.n71ap.im4p to run RAMDISK

back in Linux

yay img4lib-git
img4 -image Firmware/all_flash/DeviceTree.n71ap.im4p DeviceTree.n71ap.im4p.bin
git clone https://github.com/freedomtan/iOS-device-tree-dump.git
cd iOS-device-tree-dump
make
cd -
export PATH="$PWD/iOS-device-tree-dump:$PATH"
dtdump DeviceTree.n71ap.im4p.bin
dtdump DeviceTree.n71ap.im4p.bin | grep \/

back in OSX

sudo cp /Volumes/Azul18A373.arm64CustomerRamDisk/etc/fstab /Volumes/Azul18A373.arm64CustomerRamDisk/etc/fstab_orig

sudo tee /Volumes/Azul18A373.arm64CustomerRamDisk/etc/fstab <<EOF
/dev/disk0 / hfs ro 0 1
/dev/disk1 /private/var hfs rw,nosuid,nodev 0 2
EOF

sudo rm /Volumes/Azul18A373.arm64CustomerRamDisk/System/Library/LaunchDaemons/com.apple.mobile.keybagd.plist

sudo cp /Volumes/Azul18A373.arm64CustomerRamDisk/sbin/launchd ./launchd_unpatched

Patch launchd somehow

OSX: Insert tunnel back in

hdiutil attach -imagekey diskimage-class=CRawDiskImage ./hfs.14.main
sudo cp -f xnu-qemu-arm64-tools/tcp-tunnel/bin/tunnel /Volumes/Azul18A373.arm64CustomerRamDisk/bin/tunnel
# SIGN everything that wants a signature and add to static trust cache
>tchashes
>static_tc

# sign the patched launchd, the patched dyld, and the tcp-tunnel
sudo jtool --sign --ent ent.xml --ident com.apple.xpc.launchd --inplace /Volumes/Azul18A373.arm64CustomerRamDisk/sbin/launchd
sudo jtool --sign --ent ent.xml --inplace /Volumes/Azul18A373.arm64CustomerRamDisk/usr/lib/dyld
sudo jtool --sign --ent ent.xml --inplace /Volumes/Azul18A373.arm64CustomerRamDisk/bin/tunnel

# rip out the trust cache hashes and add to your very own static trust cache
sudo jtool --sig --ent /Volumes/Azul18A373.arm64CustomerRamDisk/sbin/launchd  | grep CDHash | cut -d' ' -f6 | cut -c 1-40 >> ./tchashes
sudo jtool --sig --ent /Volumes/Azul18A373.arm64CustomerRamDisk/usr/lib/dyld  | grep CDHash | cut -d' ' -f6 | cut -c 1-40 >> ./tchashes
sudo jtool --sig --ent /Volumes/Azul18A373.arm64CustomerRamDisk/bin/tunnel  | grep CDHash | cut -d' ' -f6 | cut -c 1-40 >> ./tchashes

python xnu-qemu-arm64-tools/bootstrap_scripts/create_trustcache.py tchashes static_tc

hdiutil detach /Volumes/Azul18A373.arm64CustomerRamDisk

echo 'FIN; Docker-eyeOS'

Get images back into Linux

scp -P 50922 fullname@localhost:~/static_tc .
scp -P 50922 fullname@localhost:~/tchashes .
scp -P 50922 fullname@localhost:~/hfs.14.main .
scp -P 50922 fullname@localhost:~/hfs.14.sec .

Run Docker-eyeOS with debugging

docker run -it --privileged \
    --device /dev/kvm \
    -e RAM=6 \
    -e HFS_MAIN=./images/hfs.14.main \
    -e HFS_SEC=./images/hfs.14.sec \
    -p 2222:2222 \
    -v "$PWD:/home/arch/docker-eyeos/images" \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 1233:1234 \
    -e GDB_ARGS='-S -s' \
    sickcodes/docker-eyeos:latest

Connect to container running iOS14

docker exec -it e712e685b9b5 /bin/bash -c "cd /home/arch/docker-eyeos/xnu-qemu-arm64-tools/gdb; gdb-multiarch -q"

[COMING SOON] Dockerized iPhones + iOS 14! >>> FRAMEBUFFER SUPPORT!! xnu-qemu-arm64 with a REAL DISPLAY!

Unbelievable work upstream by @jonyafek from @alephsecurity.

COMING SOON!!!!

Jonathan Afek's news: https://twitter.com/JonathanAfek/status/1350000894784495617

/r/jailbreak Reddit post: https://www.reddit.com/r/jailbreak/comments/kxr0v8/news_ios_qemu_is_getting_a_graphical_display_ios/

Aleph Security @AlephSecurity
Vera Mens @v3rochka GitHub && @v3rochka Twitter
Jonathan Afek @jonyafek GitHub && @JonathanAfek Twitter
Lev Aronsky @aronsky GitHub && @levaronsky Twitter

And follow me for when it's Dockerized!

Sick Codes https://twitter.com/sickcodes

Container image size

It's huge, will reduce the container similar to Docker-OSX

Can't Boot because I get this Error.

tylerjaacks@Tyler-Jaacks-MacBook-Pro images % docker run -it --privileged
--device /dev/kvm
-e RAM=6
-e HFS_MAIN=./images/hfs.main
-e HFS_SEC=./images/hfs.sec
-p 2222:2222
-v "$PWD:/home/arch/docker-eyeos/images"
-e "DISPLAY=${DISPLAY:-:0.0}"
-v /tmp/.X11-unix:/tmp/.X11-unix
-p 1233:1234
-e GDB_ARGS='-S -s'
sickcodes/docker-eyeos:latest
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
nohup: appending output to 'nohup.out'
Unable to init server: Could not connect: Connection refused
gtk initialization failed
tylerjaacks@Tyler-Jaacks-MacBook-Pro images % ls
hfs.main hfs.main.zst hfs.sec hfs.sec.zst
tylerjaacks@Tyler-Jaacks-MacBook-Pro images %

VNC

Since there is no screenbuffer, is there any way to get VNC working? I've tried the category in the README but it doesn't provide any output or allow connections



Is there some way to add qemu-system-armv6 (/dev/kvm) to container that will not share it with Host

Is there some way to add qemu-system-armv6 (/dev/kvm) to container that will not share it with Host ;
like /dev/kvm build with container such as dockerpi-vm

iOS fails to boot

❯ sudo docker run -it --privileged \
    --device /dev/kvm \
    -e RAM=6 \
    -e HFS_MAIN=./images/hfs.main \
    -e HFS_SEC=./images/hfs.sec \
    -p 2222:2222 \
    -v /tmp/dbus-IBEErsEHFZ:/tmp/dbus-IBEErsEHFZ \
    -v "$PWD/images:/home/arch/docker-eyeos/images" \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    sickcodes/docker-eyeos:latest
[sudo] password for xten: 
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 
nohup: appending output to 'nohup.out'
iBoot version: 
corecrypto_kext_start called
FIPSPOST_KEXT [39945037] fipspost_post:156: PASSED: (8 ms) - fipspost_post_integrity
FIPSPOST_KEXT [40061725] fipspost_post:162: PASSED: (4 ms) - fipspost_post_hmac
FIPSPOST_KEXT [40110504] fipspost_post:163: PASSED: (1 ms) - fipspost_post_aes_ecb
FIPSPOST_KEXT [40160625] fipspost_post:164: PASSED: (1 ms) - fipspost_post_aes_cbc
FIPSPOST_KEXT [44170846] fipspost_post:165: PASSED: (166 ms) - fipspost_post_rsa_sig
FIPSPOST_KEXT [46516613] fipspost_post:166: PASSED: (96 ms) - fipspost_post_ecdsa
FIPSPOST_KEXT [47066704] fipspost_post:167: PASSED: (22 ms) - fipspost_post_ecdh
FIPSPOST_KEXT [47116072] fipspost_post:168: PASSED: (1 ms) - fipspost_post_drbg_ctr
FIPSPOST_KEXT [47236778] fipspost_post:169: PASSED: (4 ms) - fipspost_post_aes_ccm
FIPSPOST_KEXT [47366206] fipspost_post:171: PASSED: (4 ms) - fipspost_post_aes_gcm
FIPSPOST_KEXT [47459580] fipspost_post:172: PASSED: (2 ms) - fipspost_post_aes_xts
FIPSPOST_KEXT [47587210] fipspost_post:173: PASSED: (4 ms) - fipspost_post_tdes_cbc
FIPSPOST_KEXT [47669961] fipspost_post:174: PASSED: (2 ms) - fipspost_post_drbg_hmac
FIPSPOST_KEXT [47684493] fipspost_post:197: all tests PASSED (331 ms)
AUC[<ptr>]::init(<ptr>)
AUC[<ptr>]::probe(<ptr>, <ptr>)
Darwin Image4 Validation Extension Version 1.0.0: Tue Oct 16 21:46:27 PDT 2018; root:AppleImage4-1.200.18~1853/AppleImage4/RELEASE_ARM64
AppleCredentialManager: init: called, instance = <ptr>.
ACMRM: init: called, ACMDRM_ENABLED=YES, ACMDRM_STATE_PUBLISHING_ENABLED=YES, ACMDRM_KEYBAG_OBSERVING_ENABLED=YES.
ACMRM: _loadRestrictedModeForceEnable: restricted mode force-enabled = 0 .
ACMRM-A: init: called, .
ACMRM-A: _loadAnalyticsCollectionPeriod: analytics collection period = 86400 .
ACMRM: _loadStandardModeTimeout: standard mode timeout = 259200 .
ACMRM-A: notifyStandardModeTimeoutChanged: called, value = 259200 (modified = YES).
AppleS8000IO::start: chip-revision: A0
ACMRM: _loadGracePeriodTimeout: device lock timeout = 3600 .
ACMRM-A: notifyGracePeriodTimeoutChanged: called, value = 3600 (modified = YES).
AppleCredentialManager: init: returning, result = true, instance = <ptr>.
AUC[<ptr>]::start(<ptr>)
AppleS8000IO::start: this: <ptr>, TCC virt addr: <ptr>, TCC phys addr: 0x202240000
AppleKeyStore starting (BUILT: Oct 17 2018 20:34:07)
AppleSEPKeyStore::start: _sep_enabled = 1
AppleCredentialManager: start: called, instance = <ptr>.
ACMRM: _publishIOResource: AppleUSBRestrictedModeTimeout = 259200.
AppleCredentialManager: start: initializing power management, instance = <ptr>.
AppleCredentialManager: start: started, instance = <ptr>.
AppleCredentialManager: start: returning, result = true, instance = <ptr>.
virtual bool AppleARMLightEmUp::start(IOService *): starting...
AppleARMPE::getGMTTimeOfDay can not provide time of day: RTC did not show up
: apfs_module_start:1277: load: com.apple.filesystems.apfs, v748.220.3, 748.220.3, 2018/10/16
com.apple.AppleFSCompressionTypeZlib kmod start
IOSurfaceRoot::installMemoryRegions()
IOSurface disallowing global lookups
apfs_sysctl_register:911: done registering sysctls.
com.apple.AppleFSCompressionTypeZlib load succeeded
L2TP domain init
L2TP domain init complete
PPTP domain init
Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOService</string><key>BSD Name</key><string ID="2">disk0</string></dict>
Got boot device = IOService:/AppleARMPE/AlephStorageBlockDevice/IOBlockStorageDriver/1Aleph 1AlephBDev Media
BSD root: disk0, major 1, minor 0
apfs_vfsop_mountroot:1468: apfs: mountroot called!
dev_init:261: /dev/disk0: device accelerated crypto: 0 (compiled @ Oct 16 2018 21:46:13)
dev_init:264: /dev/disk0: device_handle block size 4096 block count 1572864 features 0 internal 
apfs_vfsop_mount:1231: unable to root from devvp <ptr> (root_device): 79
apfs_vfsop_mountroot:1472: apfs: mountroot failed, error: 79
hfs: mounted PeaceB16B92.arm64UpdateRamDisk on device b(1, 0)
Darwin Bootstrapper Version 6.0.0: Tue Oct 16 22:26:06 PDT 2018; root:libxpc_executables-1336.220.5~209/launchd/RELEASE_ARM64
boot-args = debug=0x8 kextlog=0xfff cpus=1 rd=disk0 serial=2
Thu Jan  1 00:01:08 1970  com.apple.xpc.launchd[1] <Notice>: Restore environment starting.
: : Thu Jan  1 00:01:09 1970 localhost com.apple.xpc.launchd[1] <Notice>: Early boot complete. Continuing system boot.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.BTServer.pbap) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.BTServer.map) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.AdminLite) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.BTServer.avrcp) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.BlueTool) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.CommCenter) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.CommCenterMobileHelper) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.DMHelper) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:10 1970 localhost com.apple.xpc.launchd[1] (com.apple.CommCenterRootHelper) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.ReportCrash.SimulateCrash) <Warning>: Unknown key for string: EfficiencyMode
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.ReportCrash.Jetsam) <Warning>: Unknown key for string: EfficiencyMode
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.ReportCrash) <Warning>: Unknown key for string: EfficiencyMode
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.ReportMemoryException (lint): Unrecognized MachService property: DrainMessagesOnCrash
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.ReportMemoryException (lint): Unrecognized MachService property: DrainMessagesOnCrash
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.SpringBoard) <Warning>: Unknown key for Boolean: HighPriorityIO
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.SpringBoard (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.SpringBoard (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.SpringBoard (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.SpringBoard) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Could not import service from caller: path = /System/Library/LaunchDaemons/com.apple.SepUpdateTimer.plist, caller = launchd.1, error = 138: Service cannot be loaded on this hardware
Thu Jan  1 00:01:11 1970 localhost com.apple.xpc.launchd[1] (com.apple.UserEventAgent-System) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.WirelessRadioManager) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.adid) <Warning>: Unknown key for Boolean: com.apple.security.system-container
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.aggregated) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.accessoryd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.accessoryd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.askpermissiond) <Warning>: Unknown key for dictionary: EnvironmentalVariables
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.assertiond) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.awdd) <Error>: The ServiceIPC key is no longer respected. Please remove it.
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.atc (lint): Unknown key for array: com.apple.security.exception.mach-lookup.global-name
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.backboardd) <Warning>: Unknown key for Boolean: HighPriorityIO
Thu Jan  1 00:01:12 1970 localhost com.apple.xpc.launchd[1] (com.apple.backboardd) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:13 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.calaccessd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:13 1970 localhost com.apple.xpc.launchd[1] (com.apple.certui.relay) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:13 1970 localhost com.apple.xpc.launchd[1] (com.apple.configd) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:13 1970 localhost com.apple.xpc.launchd[1] (com.apple.coreservices.useractivityd) <Warning>: Unknown key for Boolean: DrainMessagesAfterFailedInit
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.fairplayd.H2) <Warning>: Unknown key for string: CFBundleDevelopmentRegion
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.fairplayd.H2) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.fairplayd.H2) <Warning>: Unknown key for string: CFBundleName
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.fairplayd.H2) <Warning>: Unknown key for string: CFBundleInfoDictionaryVersion
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.familynotification) <Warning>: Unknown key for dictionary: EnvironmentalVariables
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.familycircled) <Warning>: Unknown key for dictionary: EnvironmentalVariables
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.fseventsd) <Error>: The HopefullyExitsLast key is no longer respected. Please remove it.
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.fseventsd) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.healthd) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.healthd) <Warning>: Unknown key for Boolean: CFBundleAllowMixedLocalizations
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.iapd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.iapd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:14 1970 localhost com.apple.xpc.launchd[1] (com.apple.icloud.fmfd) <Error>: The Debug key is no longer respected. Please remove it.
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Could not import service from caller: path = /System/Library/LaunchDaemons/com.apple.iomfb_bics_daemon.plist, caller = launchd.1, error = 138: Service cannot be loaded on this hardware
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.logd) <Warning>: Unknown key for Boolean: BeginTransactionAtShutdown
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.logd) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdmsed) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdmsed) <Warning>: Unknown key for string: CFBundleDevelopmentRegion
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdmsed) <Warning>: Unknown key for string: CFBundleName
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdmsed) <Warning>: Unknown key for string: CFBundleVersion
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdmsed) <Warning>: Unknown key for string: CFBundleInfoDictionaryVersion
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (Listeners) <Error>: assertion failed: 16B92: launchd + 65484 [3BF1C569-F782-3856-9244-69B5EF08DAC2]: 0x2
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdd) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdd) <Warning>: Unknown key for string: CFBundleDevelopmentRegion
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdd) <Warning>: Unknown key for string: CFBundleName
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdd) <Warning>: Unknown key for string: CFBundleVersion
Thu Jan  1 00:01:15 1970 localhost com.apple.xpc.launchd[1] (com.apple.lskdd) <Warning>: Unknown key for string: CFBundleInfoDictionaryVersion
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.managedconfiguration.profiled) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.mediaartworkd) <Warning>: Unknown ProcessType: AdaptiveUtility
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.mediaserverd) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.mediastream.mstreamd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.mediastream.mstreamd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Warning>: com.apple.midiserver (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.mobile.lockdown) <Error>: The ServiceIPC key is no longer respected. Please remove it.
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (MyUnixSocket) <Error>: assertion failed: 16B92: launchd + 65484 [3BF1C569-F782-3856-9244-69B5EF08DAC2]: 0x2
Thu Jan  1 00:01:16 1970 localhost com.apple.xpc.launchd[1] (com.apple.mobilewatchdog) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:17 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.mobiletimerd (lint): Invalid type for a LaunchEvent stream, should be a dictionary (stream/type): com.apple.alarm/bool
Thu Jan  1 00:01:17 1970 localhost com.apple.xpc.launchd[1] (com.apple.nfcd) <Warning>: Service has increased maximum shutdown time to 50 seconds. This will create a poor experience for the user.
Thu Jan  1 00:01:17 1970 localhost com.apple.xpc.launchd[1] (com.apple.passd) <Warning>: Unknown key for string: com.apple.application-identifier
Thu Jan  1 00:01:17 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.pluginkit.pkd (lint): Service sets EnableTransactions=false and EnablePressuredExit=true, which makes no sense. Enabling Transactions.
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.powerd) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.preboardservice_v2) <Warning>: Unknown key for dictionary: Debug
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.preboardservice_v2) <Warning>: Unknown key for dictionary: Info
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.preboardservice_v2) <Warning>: Unknown key for dictionary: DEFAULT-OPTIONS
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (Listeners) <Error>: assertion failed: 16B92: launchd + 65484 [3BF1C569-F782-3856-9244-69B5EF08DAC2]: 0x2
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (Listeners) <Error>: assertion failed: 16B92: launchd + 65484 [3BF1C569-F782-3856-9244-69B5EF08DAC2]: 0x2
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.remotemanagementd (lint): Invalid type for a LaunchEvent stream, should be a dictionary (stream/type): LaunchOnDemand/string
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.replayd) <Warning>: Unknown key for Boolean: com.apple.private.security.no-sandbox
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.searchd) <Warning>: Unknown key for dictionary: NoEnvironmentVariables
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.sharingd) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.sharingd) <Warning>: The endpoint "com.apple.private.alloy.nearby-idswake" defined in plist already exists and is owned by: com.apple.rapportd
Thu Jan  1 00:01:18 1970 localhost com.apple.xpc.launchd[1] (com.apple.softwareupdateservicesd) <Notice>: This key does not do anything: OnDemand
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.sysdiagnose_helper) <Warning>: Unknown key for string: EfficiencyMode
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.sysdiagnose) <Warning>: Unknown key for string: EfficiencyMode
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.syslogd) <Error>: The HopefullyExitsLast key is no longer respected. Please remove it.
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.syslogd) <Notice>: Please switch away from OnDemand to KeepAlive.
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.voicememod) <Warning>: Unknown key for Boolean: EnabledPressuredExit
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.wifi.hostapd) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] <Error>: assertion failed: 16B92: launchd + 186880 [3BF1C569-F782-3856-9244-69B5EF08DAC2]: 0x9
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.wifid) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (com.apple.wifi.wapic) <Error>: ThrottleInterval set to zero. You're not that important. Ignoring.
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (mount_sec) <Warning>: Unknown key for Boolean: HighPriorityIO
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (Dropbear) <Warning>: Unknown key for Boolean: HighPriorityIO
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (Dropbear) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (TcpTunnel) <Warning>: Unknown key for Boolean: HighPriorityIO
Thu Jan  1 00:01:19 1970 localhost com.apple.xpc.launchd[1] (TcpTunnel) <Notice>: This service is defined to be constantly running and is inherently inefficient.
Thu Jan  1 00:01:20 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Could not read path: path = /AppleInternal/Library/LaunchDaemons, error = 2: No such file or directory

The container starts just fine and starts booting iOS, I was even able to attach gdb during boot. But at some point it stops and gdb gets disconnected.

Notice that I added a new mounted volume /tmp/dbus-IBEErsEHFZ to the container just to avoid a file not found message but this did not affect anything else, the boot log is exactly the same with or without the extra volume and with or without gdb attached.

I suspect that the error that is stopping the boot process is Thu Jan 1 00:01:20 1970 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Could not read path: path = /AppleInternal/Library/LaunchDaemons, error = 2: No such file or directory but that are other errors though.

Docker image I'm using:
docker pull sickcodes/docker-eyeos:latest

iOS image I'm using:

wget https://images.sick.codes/hfs.sec.zst
wget https://images.sick.codes/hfs.main.zst

# decompress images, uses about 15GB
zstd -d hfs.main.zst
zstd -d hfs.sec.zst

I also ran:

xhost +

My OS:

Linux arch 5.16.8-arch1-1 #1 SMP PREEMPT Tue, 08 Feb 2022 21:21:08 +0000 x86_64 GNU/Linux

Arm64 support?

My friend have a linux server running in raspbberry pi but the arch is arm64, KVM is supported. It can't run because only AMD64 is supported.

 WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
standard_init_linux.go:228: exec user process caused: exec format error

I have tried ways to build as arm64 but no luck, getting manifest error which I have no idea how to solve. Most solution i found are for mac M1 only

So can you add support for arm64 v8?

Can't run or start

Sorry about the non-descriptive title, but I'm not sure what the(s) is/are, and am not very familiar with docker.

I am trying to run this on Linux Mint 20, with kernel v5.4.0-52-generic. I have installed qemu, kvm, and docker, have pulled sickcodes/docker-eyeos, and have downloaded and decompressed hfs.main.zst and hfs.sec.zst into ~/Downloads/images/, and am currently cd'd into that directory.

Here is what I run: sudo docker run -it --privileged --device /dev/kvn -e RAM=6 -e HFS_MAIN=./hfs.main -e HFS_SEC=./hfs.sec -p 2222:2222 -v "$PWD:/home/webserver/Downloads/images" -e "DISPLAY=${DISPLAY:-:0.0}" -v /tmp/.X11-unix:/tmp/.X11-unix sickcodes/docker-eyeos:latest

That gives me this output:

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
nohup: appending output to 'nohup.out'
./hfs.main: No such file or directory
./hfs.main: CAN'T CHECK FILE SYSTEM.
./hfs.main: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
./hfs.sec: No such file or directory
./hfs.sec: CAN'T CHECK FILE SYSTEM.
./hfs.sec: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
No protocol specified
Unable to init server: Could not connect: Connection refused
bash: line 13:    18 Aborted                 sudo xnu-qemu-arm64/aarch64-softmmu/qemu-system-aarch64 -M iPhone6splus-n66-s8000,kernel-filename=/home/arch/docker-eyeos/kernelcache.release.n66.out,dtb-filename=/home/arch/docker-eyeos/Firmware/all_flash/DeviceTree.n66ap.im4p.out,driver-filename=/home/arch/docker-eyeos/aleph_bdev_drv.bin,qc-file-0-filename=./hfs.main,qc-file-1-filename=./hfs.sec,kern-cmd-args="debug=0x8 kextlog=0xfff cpus=1 rd=disk0 serial=2",xnu-ramfb=off -cpu max -m ${RAM:-6}G -serial mon:stdio -vga std ${EXTRA:-}

I tried to connect via ssh ~15 times, every time I got the message connection refused.

Is there something easy that needs to be done to be able to run this? I noticed that you've hard-coded the directory /home/arch/docker-eyeos/, I'm not familiar with docker though, so I don't know whether that could be causing an issue.

Emulate camera?

This would be extremely useful for automatically testing if a app's camera integration works as expected by emulatating a frame buffer

Looks like images.sick.codes is down

eric@tower:~/dev/Docker-eyeOS/images$ wget https://images.sick.codes/hfs.sec.zst
--2020-12-01 11:40:47--  https://images.sick.codes/hfs.sec.zst
Resolving images.sick.codes (images.sick.codes)... 104.28.6.220, 172.67.154.17, 104.28.7.220, ...
Connecting to images.sick.codes (images.sick.codes)|104.28.6.220|:443... connected.
HTTP request sent, awaiting response... 521 
2020-12-01 11:40:47 ERROR 521: (no description).

I get an error message when I try to run it

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 
nohup: appending output to 'nohup.out'
No protocol specified
Unable to init server: Could not connect: Connection refused
gtk initialization failed

Docker won't start on Container Station

I'm trying to run it on my QNAP's Container Station but getting the following errors and it shuts down.

My QNAP is TS451+ running QTS 5.0 with Linux Kernel 5.10

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 
nohup: appending output to 'nohup.out'
/home/arch/docker-eyeos/hfs.main: No such file or directory
/home/arch/docker-eyeos/hfs.main: CAN'T CHECK FILE SYSTEM.
/home/arch/docker-eyeos/hfs.main: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
/home/arch/docker-eyeos/hfs.sec: No such file or directory
/home/arch/docker-eyeos/hfs.sec: CAN'T CHECK FILE SYSTEM.
/home/arch/docker-eyeos/hfs.sec: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
Unable to init server: Could not connect: Connection refused
bash: line 13:    20 Aborted                 sudo xnu-qemu-arm64/aarch64-softmmu/qemu-system-aarch64 -M iPhone6splus-n66-s8000,kernel-filename=/home/arch/docker-eyeos/kernelcache.release.n66.out,dtb-filename=/home/arch/docker-eyeos/Firmware/all_flash/DeviceTree.n66ap.im4p.out,driver-filename=/home/arch/docker-eyeos/aleph_bdev_drv.bin,qc-file-0-filename=/home/arch/docker-eyeos/hfs.main,qc-file-1-filename=/home/arch/docker-eyeos/hfs.sec,kern-cmd-args="debug=0x8 kextlog=0xfff cpus=1 rd=disk0 serial=2",xnu-ramfb=off -cpu max -m ${RAM:-6}G -serial mon:stdio -vga std ${EXTRA:-}
nohup: appending output to 'nohup.out'
/home/arch/docker-eyeos/hfs.main: No such file or directory
/home/arch/docker-eyeos/hfs.main: CAN'T CHECK FILE SYSTEM.
/home/arch/docker-eyeos/hfs.main: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
/home/arch/docker-eyeos/hfs.sec: No such file or directory
/home/arch/docker-eyeos/hfs.sec: CAN'T CHECK FILE SYSTEM.
/home/arch/docker-eyeos/hfs.sec: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
Unable to init server: Could not connect: Connection refused
bash: line 13:    21 Aborted                 sudo xnu-qemu-arm64/aarch64-softmmu/qemu-system-aarch64 -M iPhone6splus-n66-s8000,kernel-filename=/home/arch/docker-eyeos/kernelcache.release.n66.out,dtb-filename=/home/arch/docker-eyeos/Firmware/all_flash/DeviceTree.n66ap.im4p.out,driver-filename=/home/arch/docker-eyeos/aleph_bdev_drv.bin,qc-file-0-filename=/home/arch/docker-eyeos/hfs.main,qc-file-1-filename=/home/arch/docker-eyeos/hfs.sec,kern-cmd-args="debug=0x8 kextlog=0xfff cpus=1 rd=disk0 serial=2",xnu-ramfb=off -cpu max -m ${RAM:-6}G -serial mon:stdio -vga std ${EXTRA:-}
nohup: appending output to 'nohup.out'
/home/arch/docker-eyeos/hfs.main: No such file or directory
/home/arch/docker-eyeos/hfs.main: CAN'T CHECK FILE SYSTEM.
/home/arch/docker-eyeos/hfs.main: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
/home/arch/docker-eyeos/hfs.sec: No such file or directory
/home/arch/docker-eyeos/hfs.sec: CAN'T CHECK FILE SYSTEM.
/home/arch/docker-eyeos/hfs.sec: UNEXPECTED INCONSISTENCY; RUN fsck_hfs MANUALLY.
Unable to init server: Could not connect: Connection refused
bash: line 13:    19 Aborted                 sudo xnu-qemu-arm64/aarch64-softmmu/qemu-system-aarch64 -M iPhone6splus-n66-s8000,kernel-filename=/home/arch/docker-eyeos/kernelcache.release.n66.out,dtb-filename=/home/arch/docker-eyeos/Firmware/all_flash/DeviceTree.n66ap.im4p.out,driver-filename=/home/arch/docker-eyeos/aleph_bdev_drv.bin,qc-file-0-filename=/home/arch/docker-eyeos/hfs.main,qc-file-1-filename=/home/arch/docker-eyeos/hfs.sec,kern-cmd-args="debug=0x8 kextlog=0xfff cpus=1 rd=disk0 serial=2",xnu-ramfb=off -cpu max -m ${RAM:-6}G -serial mon:stdio -vga std ${EXTRA:-}

Only 2 parts of the OSX script are stopping full container build of the disks

Only 2 things are stopping full build inside the container

Making the tcp tunnel clang12 or something else eg
arm64-apple-ios12.0.0-clang main.c -o test_module -arch arm64 -mabi=aapcs -Xlinker -kext -nostdlib -Xlinker -fatal_warnings -I../include/ -D_SECURE__STRING_H_ -O3

From https://github.com/checkra1n/pongoOS

Resizing hfs - could just create a disk ad hoc with mkfs.hfsplus

2.5 - mounting loop devices inside a container (haven't learnt how yet)

All that has to change is all of the hdiutil commands to sudo losetup

What iOS versions are available?

Hi, an amazing idea with the tool!

But back to the business:

-What iOS versions are available?
-Does it support iPadOS?

Cheers,
PM