Page 1 of 1

KextLoad binary available?

PostPosted: Fri Jul 10, 2015 5:33 pm
by backendbilly
Hi Johnathan,

I'm interested in the binary version of your kextLoad where you demonstrate loading kernel extensions and getting the "service not available" in iOS. I tired to compile the source code but having issues with the include file "OSKextLib.h". I'm compiling on iOS using clang. Do you have the include file OSKextLib.h as well or did you simply extract it from the XCode OSX SDK?

Re: KextLoad binary available?

PostPosted: Fri Jul 10, 2015 6:48 pm
by morpheus
That's the standard header which I'm using. Here's the TGZ to make it easier for you. I haven't tried the code since about the World War, but it should compile cleanly on both OS X and iOS, and work on the former by passing kext. Use gcc-iphone (from the samples page) to compile with your SDK.

Re: KextLoad binary available?

PostPosted: Sun Jul 12, 2015 4:45 am
by backendbilly
Thanks for the sources. Please pardon my ignorance and lack of expertise in compiling the code for iOS. I'm able to compile on OSX and generate x86-64 code no problem but not ARM code. The iPhoneOS.sdk does not include or contain "#include <libkern/OSReturn.h>". I'm using the latest xcode and iOS sdk 8.4.

Also, the gcc-iphone script seem to point to unavailable directories such as:


Also, gcc is clang --> xcrun -sdk iphoneos gcc --help --> prints the clang LLVM compiler

Is it me or is the iphone-gcc outdated?

FYI, I tested the compiled kextload.arm by passing it /System/Library/Extensions/IOUSBDeviceFamily.kext/ as follows:

Code: Select all
./kextload.arm /System/Library/Extensions/IOUSBDeviceFamily.kext/
Kext user-space log filter changed from 0xff2 to 0xffffffff.
Kext library recording diagnostics for: validation authentication dependencies warnings.
Running kernel architecture is arm64.
Kext library architecture set to arm64.
Creating /System/Library/Extensions/IOUSBDeviceFamily.kext.
Opening CFBundle for /System/Library/Extensions/IOUSBDeviceFamily.kext.
/System/Library/Extensions/IOUSBDeviceFamily.kext has no Info.plist file.
Releasing CFBundle for /System/Library/Extensions/IOUSBDeviceFamily.kext
Removed /System/Library/Extensions/IOUSBDeviceFamily.kext, id __unknown__, version (missing).
Unable to create Kext

Re: KextLoad binary available?

PostPosted: Sun Jul 12, 2015 9:45 pm
by morpheus
No ignorance needs be pardoned. I set up this forum exactly for clarifications and questions, so:

A) re- gcc-iphone - that's a small script that I devised so I don't have to use Xcode (UGH!) to compile. gcc/clang - same same. If you have the Xcode command line tools, the script should work with the only required change being the SDK link:

Zephyr:~ morpheus$ cat `which gcc-iphone`
# Do yourselves a favor and create a symlink to the mile long path of the SDK. Mine is:
# ls -l /iOSDeveloper
# lrwxr-xr-x 1 root wheel 80 Mar 30 16:15 /iOSDeveloper -> /Applications/

gcc -arch arm64 \
-framework IOKit \
-framework CoreFoundation \
-F /iOSDeveloper/SDKs/$SDK/System/Library/Frameworks \
-F /iOSDeveloper/SDKs/$SDK/System/Library/PrivateFrameworks \
-L /iOSDeveloper/SDKs/$SDK/usr/lib \
-L /iOSDeveloper/SDKs/$SDK/usr/lib/system \
-I /iOSDeveloper/SDKs/$SDK/usr/include \

So i) create the symlink and ii) change SDK=...

B) In a release build of iOS, in the /System/Library/Extensions you only have plugins (user mode) and not actual kexts. The kexts are all prelinked in the (encrypted) kernel cache.. To get kextload to (almost) work on iOS - that is, reject at kernel level but still say it created the kext, you need a valid kext in that directory, and if I recall tweak the Info.plist a little. Take an x86_64 kext project and slightly modify it so as to compile it for ARM (generally requires replacing "gcc" with "gcc-iphone" in the pbxroj file. It'll be a dead end, but will run a few more stages. The OS X version, btw, should work well.

Re: KextLoad binary available?

PostPosted: Mon Jul 13, 2015 1:27 pm
by backendbilly
Thank you for sharing. I would make one small modification to gcc --> xcrun -sdk iphoneos gcc. Otherwise you'll run into errors including "unknown architecture".