Does that mean we can expect to find both the x86-64 and ARM64 kernels in this release? In June 2020, Apple announced the first beta releases of MacOS 11 (Big Sur) along with universal binary support for both x86-64 and ARM64.
Mac os 1.0 emulator full#
You can see the full output on our GitHub page: The MacOS 11.1 ARM64e kernel bootstrap process is shown below:Īll of this is virtualized in a QEMU session, on a Linux® host, running an Intel® Core™ i5-7500 CPU 3.40GHz. This is normally when the earliest kernel output appears and is the first visible output during an emulation session of the MacOS® ARM64e kernel. When emulating a kernel image, the first phase of the kernel boot stage is typically referred to as the 'bootstrap' phase. It was only a matter of time before XNU, Apple’s own Unix-derived kernel, joined the party. Even the Android™ emulator is based on QEMU. QEMU, the versatile and dynamic emulator responsible for bringing this practice into practicality, is popular among developers and pen-testers for cross-platform emulation. Cross-platform virtualization like this is nothing new: ARM-based systems have been virtualizable on Intel-based host systems as early as 2009. iOS® kernel emulation on a MacOS host had already been attempted, accomplished, and published. This project was inspired by a series of recent developments in emulation software and Apple hardware as well as a race to be the first to coalesce them. The first Apple silicon processors are appearing in the market in conjunction with the growing extent of ARM64 support on the most popular operating systems. Introductionĭemand for ARM-targeted testing environments is increasing.
More importantly, this project was a successful experiment in cross-platform emulation that has the potential for future development.
Mac os 1.0 emulator Patch#
Pen-testers and researchers can use the virtualized environment of a stripped-down MacOS kernel for debugging and vulnerability discovery, and this illustrates the extent to which one can use emulation to manipulate and control the kernel to their desired ends, whether it be to find a critical bug or to patch an area of the kernel.
Mac os 1.0 emulator how to#
Recent developments in Apple® hardware have made it even more difficult for security researchers to keep up, and the demand for ARM-targeted testing environments is increasing.īlackBerry recognizes the importance of supporting the cybersecurity community in the fight against cyberthreats, and is therefore following up its release of the PE Tree Tool in 2020 by sharing this methodology report to inform security researchers and pen-testers on how to successfully emulate a MacOS ARM64 kernel under QEMU. In a world where adversaries are becoming more sophisticated by the day, it is important that threat hunters can keep a competitive advantage and remain one step ahead of threat actors.