Jailbroken iOS cannot run macOS apps. I spent a week finding out why. (2021)
I ran macOS command line tools such as Bash and Geekbench on a jailbroken iPhone replacing the dyld iOS shared cache (all iOS code) with macOS. However, graphical applications will never work: macOS WindowServer will not start, because iOS drivers are too different.
On the eve of another WWDC, it's time to reflect on the theme that has linked the last 3 WWDCs: the convergence between Apple's mobile and desktop ranges.
Over the past few years, we've seen Apple unify:
design: iOS-inspired styling of macOS Big Sur, iMacs adopting the square lines and colorful back of the iPhone hardware: Apple Silicon on iPad and Mac, Smart Keyboard and trackpad on iPad software: Catalyst and iOS apps on macOSWith this unification, many wondered: if the same CPU can run macOS and iOS, what's stopping jailbreakers from running macOS apps on iOS?
Ultimately: many things.
Steve Jobs announced that the iPhone "runs OS X". After a week of work, we determined: it was a lie. Although iOS and macOS share a base, their driver is different enough to be incompatible.
Part of the iOS kernel/drivers are shared with macOS. For example, both use the same kernel with the same Unix/Darwin foundation.
So to run command line apps, all I had to do was: - replace the iOS dyld with a patched macOS dyld - replace the iOS dyld cache with a macOS dyld cache re-signed - hook some methods in the debugger
However, many drivers on iOS and macOS are different, even after Apple Silicon. macOS graphics code can't communicate with iOS kernel/drivers, so graphics apps can't run.
There is also no way to replace the iOS kernel and drivers with the macOS equivalents: macOS only supports M1 devices, and no iOS device after iPhone X has experienced any problems. 'bootloader exploits.
Getting macOS apps to run on iOS would require either a multi-year unification project comparable in scope to Catalyst, or isolating macOS in a virtual machine similar to how Mac OS 9 ran in classic mode on early OS X.
None of these options are available for jailbreakers, but they are available for Apple. So the best option is to cross your fingers for macOS on iOS at tomorrow's WWDC.
What happens if I just try to run a macOS app on a jailbroken phone?
All my tests are performed on an iPhone 12 running iOS 14.1 and the Taurine jailbreak (1.0.4). The macOS files are from macOS 11.4 (although I did the first tests with 11.3.1).
If I run a macOS app directly on iOS, such as the command line version of Geekbench, an error immediately occurs due to missing libraries:
Phone:~ root# /usr/local/zhuowei/geekbench_aarch64 dyld: warning: Could not load inserted library '/usr/lib/pspawn_payload-stg2.dylib' in hardened process because no suitable image was found. Found : /usr/lib/pspawn_payload-stg2.dylib: mach-o, but not designed for macOS platform /usr/lib/pspawn_payload-stg2.dylib: mach-o, but not designed for macOS platform dyld: Library not loaded: /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon Referenced from: /usr/local/zhuowei/geekbench_aarch64 Reason: image not found zsh: abandon /usr/local/zhuowei/geekbench_aarch64For apps to work, we need to provide them with all the libraries available on macOS. To do this, we need to load the macOS dyld shared cache.
The dyld shared cache is a pre-bundled set of all libraries on iOS or macOS. It is uploaded by dyld.
/usr/bin/dyld is the dynamic linker. When a program starts, the kernel loads that program and dylds it into memory. dyld then loads any other libraries needed by a program.
dyld has several debugging options documented in man dyld, and its source is available online.
The dyld shared cache is usually shared by all processes running on a device, but by using two dyld flags we can tell dyld to load our own shared cache file, separate from other processes.
If I put macOS shared cache on my phone, I get:
Phone:~ root# DYLD_SHARED_REGION=private DYLD_SHARED_CACHE_DIR=/usr/local/zhuowei /usr/local/zhuowei/geekbench_aarch64 dyld: error loading cache dyld: shared cache file is for another platformThis check is performed by
I ran macOS command line tools such as Bash and Geekbench on a jailbroken iPhone replacing the dyld iOS shared cache (all iOS code) with macOS. However, graphical applications will never work: macOS WindowServer will not start, because iOS drivers are too different.
On the eve of another WWDC, it's time to reflect on the theme that has linked the last 3 WWDCs: the convergence between Apple's mobile and desktop ranges.
Over the past few years, we've seen Apple unify:
design: iOS-inspired styling of macOS Big Sur, iMacs adopting the square lines and colorful back of the iPhone hardware: Apple Silicon on iPad and Mac, Smart Keyboard and trackpad on iPad software: Catalyst and iOS apps on macOSWith this unification, many wondered: if the same CPU can run macOS and iOS, what's stopping jailbreakers from running macOS apps on iOS?
Ultimately: many things.
Steve Jobs announced that the iPhone "runs OS X". After a week of work, we determined: it was a lie. Although iOS and macOS share a base, their driver is different enough to be incompatible.
Part of the iOS kernel/drivers are shared with macOS. For example, both use the same kernel with the same Unix/Darwin foundation.
So to run command line apps, all I had to do was: - replace the iOS dyld with a patched macOS dyld - replace the iOS dyld cache with a macOS dyld cache re-signed - hook some methods in the debugger
However, many drivers on iOS and macOS are different, even after Apple Silicon. macOS graphics code can't communicate with iOS kernel/drivers, so graphics apps can't run.
There is also no way to replace the iOS kernel and drivers with the macOS equivalents: macOS only supports M1 devices, and no iOS device after iPhone X has experienced any problems. 'bootloader exploits.
Getting macOS apps to run on iOS would require either a multi-year unification project comparable in scope to Catalyst, or isolating macOS in a virtual machine similar to how Mac OS 9 ran in classic mode on early OS X.
None of these options are available for jailbreakers, but they are available for Apple. So the best option is to cross your fingers for macOS on iOS at tomorrow's WWDC.
What happens if I just try to run a macOS app on a jailbroken phone?
All my tests are performed on an iPhone 12 running iOS 14.1 and the Taurine jailbreak (1.0.4). The macOS files are from macOS 11.4 (although I did the first tests with 11.3.1).
If I run a macOS app directly on iOS, such as the command line version of Geekbench, an error immediately occurs due to missing libraries:
Phone:~ root# /usr/local/zhuowei/geekbench_aarch64 dyld: warning: Could not load inserted library '/usr/lib/pspawn_payload-stg2.dylib' in hardened process because no suitable image was found. Found : /usr/lib/pspawn_payload-stg2.dylib: mach-o, but not designed for macOS platform /usr/lib/pspawn_payload-stg2.dylib: mach-o, but not designed for macOS platform dyld: Library not loaded: /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon Referenced from: /usr/local/zhuowei/geekbench_aarch64 Reason: image not found zsh: abandon /usr/local/zhuowei/geekbench_aarch64For apps to work, we need to provide them with all the libraries available on macOS. To do this, we need to load the macOS dyld shared cache.
The dyld shared cache is a pre-bundled set of all libraries on iOS or macOS. It is uploaded by dyld.
/usr/bin/dyld is the dynamic linker. When a program starts, the kernel loads that program and dylds it into memory. dyld then loads any other libraries needed by a program.
dyld has several debugging options documented in man dyld, and its source is available online.
The dyld shared cache is usually shared by all processes running on a device, but by using two dyld flags we can tell dyld to load our own shared cache file, separate from other processes.
If I put macOS shared cache on my phone, I get:
Phone:~ root# DYLD_SHARED_REGION=private DYLD_SHARED_CACHE_DIR=/usr/local/zhuowei /usr/local/zhuowei/geekbench_aarch64 dyld: error loading cache dyld: shared cache file is for another platformThis check is performed by
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
