BlackBerry's cybersecurity team has shared a new report that details how to emulate an ARM macOS kernel on Intel chips for Apple Silicon security research.
The report, penned by the BlackBerry Research & Intelligence Team, offers a method for security researchers and penetration testers to successfully emulate a macOS ARM64 kernel using the QEMU open source machine emulator.
This stripped-down macOS kernel can be used by security researchers for debugging and vulnerability discovery. BlackBerry also says the methodology illustrates how emulation can be used to manipulate and control a kernel to find critical bugs or patch a specific kernel area.
"Recent developments in Apple hardware have made it even more difficult for security researchers to keep up, and the demand for ARM-targeted testing environments is increasing," BlackBerry wrote in the report.
The emulation was released in response to Apple Silicon chips like the M1, as well as growing support for ARM64 in popular operating systems. The next version of the Linux kernel, for example, is slated to offer preliminary Apple Silicon support.
The BlackBerry team was able to virtualize an ARM64 macOS environment on a Linux host machine equipped with an Intel Core processor. The method involves downloading macOS Big Sur installer package, configuring QEMU, and tweaking additional settings and files.
As the researchers point out, cross-platform virtualization isn't new — it's been possible to virtualize an ARM system on an Intel host machine since 2009. Emulating an iOS kernel on a macOS host has also been accomplished and published, so BlackBerry says "it was only a matter of time before XNU, Apple's own Unix-derived kernel, joined the party."
BlackBerry has published resources and additional details so researchers or interested parties can emulate ARM macOS on their own machines. Additional information is available on this BlackBerry Cylance Github page.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
13 Comments
Of course this use is not permitted in the Apple EULA but who cares these days. Do it under the guise of security and everything is magically allowed. BlackBerry is done so why are they even doing this?
Got excited for a moment but then read that it was an Arm64 emulated on a x86-64 CPU on Linux. Why not use an M1 Mac with QEMU’s hvf accelerator to virtualize MacOS at nearly native speed. Oh well, maybe there is enough info in the paper to do this. I’ll check it out.
Is BlackBerry still a thing? Learn something new every day... :)