Welcome to the iOS Hacker Wiki

If you have anything you want added or changed to this wiki, feel free to open a Pull Request or Tweet me @ClevrPwn.
Currently you can find Beta 1 - Beta 6 Decrypted Kernels, Disassembled Beta 1 and some Beta 2, we'll be steadily updating the site with more info. Catch ClevrPwn and WVabrinskas at WWJC2016 speaking about on the wiki. We will post slides at the end of the con.


Runtime Headers

Here you can find the iOS 10 Objective-C headers as derived from runtime introspection.

Decrypted Kernels

Decrypted iOS 10 kernels for all device families.

Disassembled Kernels

Disassembled kernels for a few devices, more to come. Feel free to contribute for devices not included.

More Information

Useful Tools

Tools that helped us along the way.

Kext List

List of all the kexts included… pretty self explanatory.

Mach Traps and MIG tables

Mach system calls are commonly known as “traps”. At the trap level, the interface to most Mach abstractions consists of messages sent to and from kernel ports representing those objects. The trap-level interfaces (such as mach_msg_overwrite_trap) and message formats are themselves abstracted in normal usage by the Mach Interface Generator (MIG). MIG is used to compile procedural interfaces to the message-based APIs, based on descriptions of those APIs.


sysctl is an interface for examining and dynamically changing parameters in UNIX-like operating systems.

UNIX Syscalls

A system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on. This may include hardware-related services (for example, accessing a hard disk drive), creation and execution of new processes, and communication with integral kernel services such as process scheduling.

Hardware Info

Table of device identifiers

Who We Are

Core Team

About us.