Skip to main content

Kernel Hooks using the UI

The Kernel Hooks feature is available for iOS devices only for on-site customers.

Kernel Hooks UI

When you navigate to the iOS device you will see a new Kernel Hooks tab (1) available. To start using this feature, you need to power on (2) the device first.

Overview

You can configure kernel hook behavior for select devices.

A few options are available:

  • Disabled
  • Enabled
  • Enabled next boot only

Kernel Hooks UI Kernel Hooks UI

Creating your first hook

note

We only support executing one kernel hook at a time. Attempting to execute more than one hook simultaneously will result in only the last hook being executed.

If you wanted to hook into the execve sandbox hook at 0xfffffff0068a1b1c, typically you would use something like this in the debugger:

mon patch 0xfffffff0068a1b1c print("execve sandbox hook\n");

To do the same thing in the Corellium UI, you can create a new hook by clicking the add new hook button (1)

Kernel Hooks UI

When you click the add new hook button, you will see a new hook draft:

  1. Hook name, by default every new hook name has the following pattern - hook {hook order number}, you can change it to something more recognizable.
  2. Hook address, must be a valid hex address and 16 chars long
  3. Patch type. Supports csmfcc and csmfvm (more on this below)
  4. Hook code itself
  5. Is the hook enabled?
  6. Create hook
  7. Discard unsaved hook
  8. A little tooltip which indicates a hook's status (draft hooks have an orange icon color)

Kernel Hooks UI

Patch Types

  • csmfcc: A Limited C-like language. This compiles into csmfvm automatically.
  • csmfvm: Custom stack-based virtual machine language.

Existing Hooks

Once you have created your first hook you can see extra buttons (4, 5, 6).

  1. Updated tooltip with created/updated datetime + enabled/disabled status
  2. Update hook data
  3. Delete hook (confirmation required)
  4. Execute all hooks
  5. See execution result in device Console (navigates directly to the device Console)
  6. Clears hooks execution result
  7. Add one more hook (same steps as creating your first hook)

Kernel Hooks UI

Searching through hooks

If you have more than 5 hooks you can search by hook name and see matching results

Kernel Hooks UI