Skip to content

UKERN-Developers/xnu-kernel-fuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

PrivateHeaders

PrivateHeaders

 
 

XNUFuzzer.xcodeproj

XNUFuzzer.xcodeproj

 
 

XNUFuzzer

XNUFuzzer

 
 

XNUFuzzerTests

XNUFuzzerTests

 
 

XNUFuzzerUITests

XNUFuzzerUITests

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

XNU Kernel Fuzzer

A fuzzer for Apple's iOS (Darwin) Operating System.

The fuzzer talks to several endpoints accessible from within the sandbox and can attack both userland and kernelspace interfaces.

The fuzzer is written in C, Objective-C and inline assembly.

Userland

  • TODO

Kernelspace

  • System calls
  • MACH (MUCK) traps
  • IOKit and it's children (Kexts and drivers)

Debugging functionality

  • Logs to either Xcode or an in-app view
  • Logs processor registers in real-time

Credits

  • Jake James (Mach-O parser for the kernelcache)
  • Willem Hengeveld (lzss decompression algorithm)
  • OSXFuzz (generic fuzzing functionality)
  • Apple Inc. (private headers and frameworks, they might be licensed)
  • liblorgnette
  • Capstone

About

Kernel Fuzzer for Apple's XNU, mainly meant for the iOS operating system

xnu.exploit.cool/?comingsoon

Topics

ios apple kernel fuzzer xnu security-research kernel-fuzzing

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

10 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages