Welcome to the iOS Hacker Wiki

If you have anything you want added or changed to this wiki, feel free to open a Pull Request or Tweet me @ClevrPwn.
Currently you can find Beta 1 - Beta 6 Decrypted Kernels, Disassembled Beta 1 and some Beta 2, we'll be steadily updating the site with more info. Catch ClevrPwn and WVabrinskas at WWJC2016 speaking about on the wiki. We will post slides at the end of the con.

The following was generated via output from jtool:

This is a 64-bit kernel from iOS 10.x, or later (3705.0.0.2.3)
Syscalls at address 0xfffffff0074664c8
Sysent offset in file (for patching purposes): 624c8
Suppressing enosys (fffffff00779fd74) and old (fffffff00779fd54)
1.. exit 0xfffffff007774e8c
2.. fork 0xfffffff007779424
3.. read 0xfffffff00779fda4
4.. write 0xfffffff0077a0468
5.. open 0xfffffff0075aa324
6.. close 0xfffffff00775da74
7.. wait4 0xfffffff00777622c
9.. link 0xfffffff0075ab5e4
10.. unlink 0xfffffff0075ac594
12.. chdir 0xfffffff0075a948c
13.. fchdir 0xfffffff0075a91c8
14.. mknod 0xfffffff0075aae04
15.. chmod 0xfffffff0075ae738
16.. chown 0xfffffff0075aea88
18.. getfsstat 0xfffffff0075a8a5c
20.. getpid 0xfffffff0077809d4
23.. setuid 0xfffffff007781004
24.. getuid 0xfffffff007780ad4
25.. geteuid 0xfffffff007780b2c
26.. ptrace 0xfffffff00779b690
27.. recvmsg 0xfffffff0077daa20
28.. sendmsg 0xfffffff0077d9a90
29.. recvfrom 0xfffffff0077da478
30.. accept 0xfffffff0077d820c
31.. getpeername 0xfffffff0077dbb74
32.. getsockname 0xfffffff0077dba40
33.. access 0xfffffff0075ad1f4
34.. chflags 0xfffffff0075ae0bc
35.. fchflags 0xfffffff0075ae304
36.. sync 0xfffffff0075a7cf4
37.. kill 0xfffffff0077878ec
39.. getppid 0xfffffff0077809e4
41.. dup 0xfffffff0077590ec
42.. pipe 0xfffffff0077a6d58
43.. getegid 0xfffffff007780cc8
46.. sigaction 0xfffffff007785730
47.. getgid 0xfffffff007780c70
48.. sigprocmask 0xfffffff007785e68
49.. getlogin 0xfffffff00778249c
50.. setlogin 0xfffffff007782560
51.. acct 0xfffffff007751fac
52.. sigpending 0xfffffff007786184
53.. sigaltstack 0xfffffff007787788
54.. ioctl 0xfffffff0077a0d58
55.. reboot 0xfffffff00779ab84
56.. revoke 0xfffffff0075b2260
57.. symlink 0xfffffff0075abbfc
58.. readlink 0xfffffff0075add94
59.. execve 0xfffffff007772390
60.. umask 0xfffffff0075b2208
61.. chroot 0xfffffff0075a9790
65.. msync 0xfffffff00777aba8
66.. vfork 0xfffffff007778060
73.. munmap 0xfffffff00777ac94
74.. mprotect 0xfffffff00777ad3c
75.. madvise 0xfffffff00777ae64
78.. mincore 0xfffffff00777af50
79.. getgroups 0xfffffff007780d20
80.. setgroups 0xfffffff007782434
81.. getpgrp 0xfffffff0077809f4
82.. setpgid 0xfffffff007780e44
83.. setitimer 0xfffffff00779a084
85.. swapon 0xfffffff0077f14b0
86.. getitimer 0xfffffff007799db8
89.. getdtablesize 0xfffffff007758abc
90.. dup2 0xfffffff007759904
92.. fcntl 0xfffffff00775a6b8
93.. select 0xfffffff0077a1558
95.. fsync 0xfffffff0075af954
96.. setpriority 0xfffffff007782aec
97.. socket 0xfffffff0077d6e68
98.. connect 0xfffffff0077d8240
100.. getpriority 0xfffffff0077826a8
104.. bind 0xfffffff0077d7314
105.. setsockopt 0xfffffff0077db514
106.. listen 0xfffffff0077d7670
111.. sigsuspend 0xfffffff0077861c4
116.. gettimeofday 0xfffffff007799760
117.. getrusage 0xfffffff007783dc8
118.. getsockopt 0xfffffff0077db790
120.. readv 0xfffffff0077a023c
121.. writev 0xfffffff0077a09e8
122.. settimeofday 0xfffffff0077998f8
123.. fchown 0xfffffff0075aed54
124.. fchmod 0xfffffff0075aea20
126.. setreuid 0xfffffff0077816ec
127.. setregid 0xfffffff007781ccc
128.. rename 0xfffffff0075b071c
131.. flock 0xfffffff007760070
132.. mkfifo 0xfffffff0075ab3dc
133.. sendto 0xfffffff0077d93b4
134.. shutdown 0xfffffff0077db4b4
135.. socketpair 0xfffffff0077d90a8
136.. mkdir 0xfffffff0075b18fc
137.. rmdir 0xfffffff0075b1a0c
138.. utimes 0xfffffff0075aef0c
139.. futimes 0xfffffff0075af2c8
140.. adjtime 0xfffffff007799a90
142.. gethostuuid 0xfffffff0077a4190
147.. setsid 0xfffffff007780dcc
151.. getpgid 0xfffffff007780a04
152.. setprivexec 0xfffffff0077809b4
153.. pread 0xfffffff0077a0144
154.. pwrite 0xfffffff0077a0804
157.. statfs 0xfffffff0075a8164
158.. fstatfs 0xfffffff0075a85b4
159.. unmount 0xfffffff0075a7128
165.. quotactl 0xfffffff0075a7e30
167.. mount 0xfffffff0075a6e30
169.. csops 0xfffffff00777f048
170.. csops_audittoken 0xfffffff00777fcdc
173.. waitid 0xfffffff0077767bc
177.. 177 0xfffffff00774e784
178.. kdebug_trace_string 0xfffffff00774ed5c
179.. kdebug_trace64 0xfffffff00774e994
180.. kdebug_trace 0xfffffff00774e928
181.. setgid 0xfffffff0077819a4
182.. setegid 0xfffffff007781b4c
183.. seteuid 0xfffffff007781568
184.. sigreturn 0xfffffff007811434
187.. fdatasync 0xfffffff0075afa7c
188.. stat 0xfffffff0075ada38
189.. fstat 0xfffffff00775e5d8
190.. lstat 0xfffffff0075adb10
191.. pathconf 0xfffffff0075adc5c
192.. fpathconf 0xfffffff00775e628
194.. getrlimit 0xfffffff007783b50
195.. setrlimit 0xfffffff007783390
196.. getdirentries 0xfffffff0075b1ce8
197.. mmap 0xfffffff007779eb8
199.. lseek 0xfffffff0075acadc
200.. truncate 0xfffffff0075af3b8
201.. ftruncate 0xfffffff0075af59c
202.. __sysctl 0xfffffff00778f198
203.. mlock 0xfffffff00777b128
204.. munlock 0xfffffff00777b1dc
205.. undelete 0xfffffff0075ac038
216.. mkcomplex 0xfffffff0075aa194
220.. getattrlist 0xfffffff007585e28
221.. setattrlist 0xfffffff007586de0
222.. getdirentriesattr 0xfffffff0075b24a4
223.. exchangedata 0xfffffff0075b28b0
225.. searchfs 0xfffffff0075b2dd8
226.. delete 0xfffffff0075ac560
227.. copyfile 0xfffffff0075afab4
228.. fgetattrlist 0xfffffff007583bdc
229.. fsetattrlist 0xfffffff007587a8c
230.. poll 0xfffffff0077a2804
231.. watchevent 0xfffffff0077a3544
232.. waitevent 0xfffffff0077a3890
233.. modwatch 0xfffffff0077a3bbc
234.. getxattr 0xfffffff0075b4974
235.. fgetxattr 0xfffffff0075b4c00
236.. setxattr 0xfffffff0075b4dfc
237.. fsetxattr 0xfffffff0075b4ffc
238.. removexattr 0xfffffff0075b51fc
239.. fremovexattr 0xfffffff0075b5388
240.. listxattr 0xfffffff0075b54fc
241.. flistxattr 0xfffffff0075b56b0
242.. fsctl 0xfffffff0075b32cc
243.. initgroups 0xfffffff0077821e0
244.. posix_spawn 0xfffffff00776f254
245.. ffsctl 0xfffffff0075b486c
250.. minherit 0xfffffff00777ae24
266.. shm_open 0xfffffff0077e3050
267.. shm_unlink 0xfffffff0077e39c8
268.. sem_open 0xfffffff0077e1b20
269.. sem_close 0xfffffff0077e2754
270.. sem_unlink 0xfffffff0077e24d8
271.. sem_wait 0xfffffff0077e28b8
272.. sem_trywait 0xfffffff0077e2ad0
273.. sem_post 0xfffffff0077e2bfc
274.. sem_getvalue 0xfffffff00778f4a4
277.. open_extended 0xfffffff0075aa000
278.. umask_extended 0xfffffff0075b2168
279.. stat_extended 0xfffffff0075ad414
280.. lstat_extended 0xfffffff0075adadc
281.. fstat_extended 0xfffffff00775dca0
282.. chmod_extended 0xfffffff0075ae39c
283.. fchmod_extended 0xfffffff0075ae844
284.. access_extended 0xfffffff0075accfc
285.. settid 0xfffffff007781f3c
286.. gettid 0xfffffff007780b84
287.. setsgroups 0xfffffff007782448
288.. getsgroups 0xfffffff007780dbc
289.. setwgroups 0xfffffff007782450
290.. getwgroups 0xfffffff007780dc4
291.. mkfifo_extended 0xfffffff0075ab2d4
292.. mkdir_extended 0xfffffff0075b14f4
294.. shared_region_check_np 0xfffffff0077f2824
296.. vm_pressure_monitor 0xfffffff0077f388c
297.. psynch_rw_longrdlock 0xfffffff0077e96d8
298.. psynch_rw_yieldwrlock 0xfffffff0077e97a0
299.. psynch_rw_downgrade 0xfffffff0077e97d8
300.. psynch_rw_upgrade 0xfffffff0077e97d0
301.. psynch_mutexwait 0xfffffff0077e9548
302.. psynch_mutexdrop 0xfffffff0077e9578
303.. psynch_cvbroad 0xfffffff0077e95a8
304.. psynch_cvsignal 0xfffffff0077e95ec
305.. psynch_cvwait 0xfffffff0077e963c
306.. psynch_rw_rdlock 0xfffffff0077e9708
307.. psynch_rw_wrlock 0xfffffff0077e9770
308.. psynch_rw_unlock 0xfffffff0077e9738
309.. psynch_rw_unlock2 0xfffffff0077e9768
310.. getsid 0xfffffff007780a60
311.. settid_with_pid 0xfffffff00778205c
312.. psynch_cvclrprepost 0xfffffff0077e968c
313.. aio_fsync 0xfffffff007753324
314.. aio_return 0xfffffff00775391c
315.. aio_suspend 0xfffffff007753d20
316.. aio_cancel 0xfffffff00775298c
317.. aio_error 0xfffffff00775321c
318.. aio_read 0xfffffff0077538e4
319.. aio_write 0xfffffff007754074
320.. lio_listio 0xfffffff0077540ac
322.. iopolicysys 0xfffffff00778425c
323.. process_policy 0xfffffff0077eea10
324.. mlockall 0xfffffff00777b25c
325.. munlockall 0xfffffff00777b264
327.. issetugid 0xfffffff007780ff0
328.. __pthread_kill 0xfffffff0077867b0
329.. __pthread_sigmask 0xfffffff00778742c
330.. __sigwait 0xfffffff00778750c
331.. __disable_threadsignal 0xfffffff007786304
332.. __pthread_markcancel 0xfffffff007786324
333.. __pthread_canceled 0xfffffff007786398
334.. __semwait_signal 0xfffffff00778661c
336.. proc_info 0xfffffff0077e982c
338.. stat64 0xfffffff0075ada70
339.. fstat64 0xfffffff00775e60c
340.. lstat64 0xfffffff0075adb48
341.. stat64_extended 0xfffffff0075adaa8
342.. lstat64_extended 0xfffffff0075adb80
343.. fstat64_extended 0xfffffff00775e5f4
344.. getdirentries64 0xfffffff0075b210c
345.. statfs64 0xfffffff0075a86d0
346.. fstatfs64 0xfffffff0075a8964
347.. getfsstat64 0xfffffff0075a8dec
348.. __pthread_chdir 0xfffffff0075a9788
349.. __pthread_fchdir 0xfffffff0075a9484
350.. audit 0xfffffff00774201c
351.. auditon 0xfffffff007742024
353.. getauid 0xfffffff00774202c
354.. setauid 0xfffffff007742034
357.. getaudit_addr 0xfffffff00774203c
358.. setaudit_addr 0xfffffff007742044
359.. auditctl 0xfffffff00774204c
360.. bsdthread_create 0xfffffff0077e9424
361.. bsdthread_terminate 0xfffffff0077e94a8
362.. kqueue 0xfffffff007764c5c
363.. kevent 0xfffffff007764c74
364.. lchown 0xfffffff0075aecd0
365.. stack_snapshot 0xfffffff0077513a8
366.. bsdthread_register 0xfffffff0077e944c
367.. workq_open 0xfffffff0077e9534
368.. workq_kernreturn 0xfffffff0077e9508
369.. kevent64 0xfffffff007766f78
370.. __old_semwait_signal 0xfffffff007786444
371.. __old_semwait_signal_nocancel 0xfffffff007786490
372.. thread_selfid 0xfffffff0077e94f4
373.. ledger 0xfffffff0077a432c
374.. kevent_qos 0xfffffff007766fe0
380.. __mac_execve 0xfffffff0077723c4
381.. __mac_syscall 0xfffffff0078c906c
382.. __mac_get_file 0xfffffff0078c87d0
383.. __mac_set_file 0xfffffff0078c8e08
384.. __mac_get_link 0xfffffff0078c8a58
385.. __mac_set_link 0xfffffff0078c9060
386.. __mac_get_proc 0xfffffff0078c7f7c
387.. __mac_set_proc 0xfffffff0078c80e8
388.. __mac_get_fd 0xfffffff0078c83bc
389.. __mac_set_fd 0xfffffff0078c8a64
390.. __mac_get_pid 0xfffffff0078c7dfc
394.. setlcid 0xfffffff0077a2628
395.. getlcid 0xfffffff0077a265c
396.. read_nocancel 0xfffffff00779fdd8
397.. write_nocancel 0xfffffff0077a049c
398.. open_nocancel 0xfffffff0075aa4a0
399.. close_nocancel 0xfffffff00775daa8
400.. wait4_nocancel 0xfffffff007775d0c
401.. recvmsg_nocancel 0xfffffff0077daa54
402.. sendmsg_nocancel 0xfffffff0077d9ac4
403.. recvfrom_nocancel 0xfffffff0077da4ac
404.. accept_nocancel 0xfffffff0077d789c
405.. msync_nocancel 0xfffffff00777abdc
406.. fcntl_nocancel 0xfffffff00775a6ec
407.. select_nocancel 0xfffffff0077a158c
408.. fsync_nocancel 0xfffffff0075afa74
409.. connect_nocancel 0xfffffff0077d8274
410.. sigsuspend_nocancel 0xfffffff0077862a0
411.. readv_nocancel 0xfffffff0077a0270
412.. writev_nocancel 0xfffffff0077a0a1c
413.. sendto_nocancel 0xfffffff0077d93e8
414.. pread_nocancel 0xfffffff0077a0178
415.. pwrite_nocancel 0xfffffff0077a0838
416.. waitid_nocancel 0xfffffff007776288
417.. poll_nocancel 0xfffffff0077a2838
420.. sem_wait_nocancel 0xfffffff0077e28ec
421.. aio_suspend_nocancel 0xfffffff007753d54
422.. __sigwait_nocancel 0xfffffff007787540
423.. __semwait_signal_nocancel 0xfffffff007786660
424.. __mac_mount 0xfffffff0075a6e70
425.. __mac_get_mount 0xfffffff0078c93d8
426.. __mac_getfsstat 0xfffffff0075a8a9c
427.. fsgetpath 0xfffffff0075b5850
428.. audit_session_self 0xfffffff007742004
429.. audit_session_join 0xfffffff00774200c
430.. fileport_makeport 0xfffffff007760208
431.. fileport_makefd 0xfffffff0077604d0
432.. audit_session_port 0xfffffff007742014
433.. pid_suspend 0xfffffff0077f2020
434.. pid_resume 0xfffffff0077f2150
435.. pid_hibernate 0xfffffff0077f23a8
436.. pid_shutdown_sockets 0xfffffff0077f2698
438.. shared_region_map_and_slide_np 0xfffffff0077f28f8
439.. kas_info 0xfffffff0077f3918
440.. memorystatus_control 0xfffffff007795640
441.. guarded_open_np 0xfffffff007760bc8
442.. guarded_close_np 0xfffffff007761024
443.. guarded_kqueue_np 0xfffffff007760f9c
444.. change_fdguard_np 0xfffffff0077611a4
445.. old __proc_suppress 0xfffffff00779b65c
446.. proc_rlimit_control 0xfffffff007784abc
447.. proc_connectx 0xfffffff0077d8518
448.. proc_disconnectx 0xfffffff0077d8f64
449.. proc_peeloff 0xfffffff0077d8cfc
450.. proc_socket_delegate 0xfffffff0077d72f0
451.. proc_telemetry 0xfffffff0077a4964
452.. proc_uuid_policy 0xfffffff0077f6a9c
453.. memorystatus_get_level 0xfffffff007790a90
454.. system_override 0xfffffff0077ef5f0
455.. vfs_purge 0xfffffff0075b5954
456.. sfi_ctl 0xfffffff0077994f4
457.. sfi_pidctl 0xfffffff0077995a4
458.. coalition 0xfffffff0077a8304
459.. coalition_info 0xfffffff0077a866c
460.. necp_match_policy 0xfffffff00762317c
461.. getattrlistbulk 0xfffffff007586090
462.. placeholder for clonefile 0xfffffff0075afe1c
463.. openat 0xfffffff0075aa8f8
464.. openat_nocancel 0xfffffff0075aa5f4
465.. renameat 0xfffffff0075b14c0
466.. faccessat 0xfffffff0075ad3c8
467.. fchmodat 0xfffffff0075ae7b4
468.. fchownat 0xfffffff0075aed04
469.. fstatat 0xfffffff0075adbb4
470.. fstatat64 0xfffffff0075adc08
471.. linkat 0xfffffff0075abbac
472.. unlinkat 0xfffffff0075ac5c8
473.. readlinkat 0xfffffff0075ae060
474.. symlinkat 0xfffffff0075ac00c
475.. mkdirat 0xfffffff0075b1984
476.. getattrlistat 0xfffffff007586018
477.. proc_trace_log 0xfffffff007780690
478.. bsdthread_ctl 0xfffffff0077e94d0
479.. openbyid_np 0xfffffff0075aa958
480.. recvmsg_x 0xfffffff0077dacbc
481.. sendmsg_x 0xfffffff0077d9cd8
482.. thread_selfusage 0xfffffff007784cf8
484.. guarded_open_dprotected_np 0xfffffff007760dc4
485.. guarded_write_np 0xfffffff00776174c
486.. guarded_pwrite_np 0xfffffff00776184c
487.. guarded_writev_np 0xfffffff00776199c
488.. rename_ext 0xfffffff0075b148c
489.. mremap_encrypted 0xfffffff00777b26c
490.. netagent_trigger 0xfffffff007626fe4
491.. stack_snapshot_with_config 0xfffffff007751790
492.. microstackshot 0xfffffff007751990
493.. grab_pgo_data 0xfffffff0077f6b2c
494.. persona 0xfffffff0077a8b48
499.. work_interval_ctl 0xfffffff0077a9f50
500.. getentropy 0xfffffff00757f208
501.. necp_open 0xfffffff00761eb08
502.. necp_client_action 0xfffffff00761edd0
503.. __nexus_open 0xfffffff00780a714
504.. __nexus_register 0xfffffff00780aa30
505.. __nexus_deregister 0xfffffff00780acd4
506.. __nexus_create 0xfffffff00780ae30
507.. __nexus_destroy 0xfffffff00780b02c
508.. __nexus_get_opt 0xfffffff00780b194
509.. __nexus_set_opt 0xfffffff00780b294
510.. __channel_open 0xfffffff0077feab0
511.. __channel_get_info 0xfffffff0077fefc8
512.. __channel_sync 0xfffffff0077ff140
513.. __channel_get_opt 0xfffffff0077ffa20
514.. __channel_set_opt 0xfffffff0077ffb20
515.. ulock_wait 0xfffffff0077a94b8
516.. ulock_wake 0xfffffff0077a9d80
517.. fclonefileat 0xfffffff0075b063c
518.. fs_snapshot 0xfffffff0075b5a3c
520.. terminate_with_payload 0xfffffff007787f54