Romain THOMAS

Extracting liblockdown.dylib from visionOS dyld shared cache and running it
with a DBI on macOS?

Challenge accepted!

📖 Blog: https://www.romainthomas.fr/post/24-09-apple-lockdown-dbi-lifting/

🎞️ Demo: https://www.youtube.com/watch?v=5L05OE5mL2o

⌨️ Code: https://github.com/romainthomas/visionOS-liblockdown

Instrumenting an Apple Vision Pro Library with QBDI | Romain Thomas

This blog post demonstrates how to extract liblockdown.dylib from the visionOS dyld shared cache to be instrumented with QBDI on an Apple M1.

Romain Thomas
Sep 30, 2024 at 6:09pmWeb
Show threadJJTechNov 23, 2024

@rh0main I created a program based on Unicorn and a custom Mach-O loader in Python, wish I knew QBDI existed!

One of the main advantages of my approach is that I implemented process cooperation using CFRunLoop and a virtual Mach message passing layer, would be cool to try that with QBDI