Virtualizing iPhoneOS 1.0

Virtualizing computers is nothing new. However, Apple devices always present challenges. Just ask anyone who has built a Hackintosh. At least computer hardware is usually exposed, but on phones, the challenge is even harder due to mysterious devices. [Martijn] managed to reverse engineer the iPod Touch 1G enough to run iPhoneOS 1.0 on it and has several blog posts explaining how he did it.

The emulator is the ubiquitous QEMU. He has emulation for the critical hardware, including the cryptographic modules, the hardware clock, and the timer, along with memory and display and interface hardware. However, Wifi, some USB, audio, the light sensor, and some graphics hardware are still absent. That doesn’t stop the OS from booting, however.

The posts give a good explanation of how the device boots, and apparently, the openiBoot project’s code was helpful in figuring the whole thing out. It isn’t perfect. The keyboard crashes things, for example. But it is a major step just to get this far. The second post outlines how to set up QEMU if you want to have your own attempt at it.

On the one hand, the device is just another ARM processor, which QEMU handles quite well. On the other hand, all the strange hardware makes it tricky to emulate, reverse engineer, or even repair.



Virtualizing iPhoneOS 1.0
Source: Manila Flash Report

Post a Comment

0 Comments