A WIP (work-in progress) "Vulnerable by Design" kext for iOS/macOS to play/learn with *OS kernel exploitation
-
Documentation can be found at https://fuzzing.science/vulnerable-kext
-
Basic setup requirements
- iOS device that can be jailbroken with checkra1n
- Currently the make files are made to be used on a Mac. So, a macOS device or a VM.
-
Running the following command causes checkra1n to listen for attached iOS devices in DFU mode and boot pongoOS:
/Applications/checkra1n.app/Contents/MacOS/checkra1n -c -p
- Run
run.sh
to build kext_loader, pongo_module, and the vulnerable kext and to start kext_loader kext_loader waits for a device that's booted pongo shell!
./run.sh
For more details about ktrw, check ktrw
Vulnerable-Kext is an intentionally vulnerable kext for iOS/macOS, meant for educational purpose only.
- Add IOKit stuff
- Add vulnerabilities from reported XNU/IOKit bugs? 🤔
- Maybe improve stability of loading kexts
- Fix the bugs in the vulnerabilities I implemented 🧐
- Add Writeups for exploitation