The handset maker turned security vendor BlackBerry has released technical documentation on how to run a lightweight version of the ARM64 kernel of the macOS operating system for Apple Silicon, for debugging and vulnerability discovery.
Apple last year released its first non-Intel-based M1 chips, based on the ARM architecture, which BlackBerry says have created difficulties for security researchers looking for bugs on the new platform.
By using a modified version of the open source QEMU emulator that supports Apple’s XNU kernel, manually correcting and updating files, BlackBerry researchers made progress in running the foundational software that under- tends the operating system macOS.
However, further work to disassemble the macOS ARM64 kernel using the IDA 7.5 program was required.
Because the open source XNU Darwin kernel for macOS did not contain any debugging symbols, the BlackBerry researchers had to manually name the functions one at a time during the two months of research and testing, reading simple ASCII text strings for them. signals.
Describing the two-month process of accessing a bash command prompt after kernel booting as “grueling” and “anything but simple,” BlackBerry researchers scoured the source code and made a working emulation that can mostly accept the system. . orders.
Support for hard disk and other features is still awaiting implementation, and the shutdown command crashes the emulated system.
“Yes, it’s a panic at the end. Add ‘fatal shutdown’ to the list of problems awaiting a solution,” BlackBerry researchers said.
In the recent past, Apple has frowned upon efforts to run its software under virtualization for security research purposes.
The hardware and software giant sued emulation provider Corellium for copyright infringement for creating a virtualized version of the iOS operating system for mobile devices, but lost the case the year last.