Skip to content

UKERN-Developers/xnu-kernel-fuzzer

BranchesTags

Repository files navigation

XNU Kernel Fuzzer

A fuzzer for Apple's iOS (Darwin) Operating System.

The fuzzer talks to several endpoints accessible from within the sandbox and can attack both userland and kernelspace interfaces.

The fuzzer is written in C, Objective-C and inline assembly.

Userland

  • TODO

Kernelspace

  • System calls
  • MACH (MUCK) traps
  • IOKit and it's children (Kexts and drivers)

Debugging functionality

  • Logs to either Xcode or an in-app view
  • Logs processor registers in real-time

Credits

  • Jake James (Mach-O parser for the kernelcache)
  • Willem Hengeveld (lzss decompression algorithm)
  • OSXFuzz (generic fuzzing functionality)
  • Apple Inc. (private headers and frameworks, they might be licensed)
  • liblorgnette
  • Capstone

About

Kernel Fuzzer for Apple's XNU, mainly meant for the iOS operating system

xnu.exploit.cool/?comingsoon

Topics

ios apple kernel fuzzer xnu security-research kernel-fuzzing

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

10 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages