* Fix iproxy port number for SSH connection
* Fix iproxy port number in README_zh.md
* Fix iproxy port number in Japanese README
* Fix iproxy port number in README_ko.md
* fix: prefer project venv Python for patchers
* add: VM backup, restore, and switch support
Named backups via rsync --sparse for efficient sparse disk handling.
- vm_backup.sh: save current VM as a named backup to vm.backups/
- vm_restore.sh: restore a named backup into vm/
- vm_switch.sh: save current + restore target in one step
- Makefile targets: vm_backup, vm_restore, vm_switch, vm_list
- Documentation added to all READMEs (EN, ZH, KO, JA)
Closes#204
Made-with: Cursor
Run SwiftFormat on firmware patcher
Remove legacy Python firmware patchers
Fix compare pipeline pyimg4 PATH handling
Restore Python patchers and prefer fresh restore
Update BinaryBuffer.swift
Avoid double scanning in patcher apply
Prefer Python TXM site before fallback
Retarget TXM trustcache finder for 26.1
Remove legacy Python firmware patchers
Fail fast on nested virtualization hosts
Return nonzero on fatal boot startup
Add amfidont helper for signed boot binary
Stage AMFI boot args for next host reboot
Add host preflight for boot entitlements
Fail fast when boot entitlements are unavailable
Switch firmware patch targets to Swift CLI
Record real Swift firmware parity results
Verify Swift firmware pipeline end-to-end parity
Fix Swift firmware pipeline JB dry-run
Implement VM configuration manifest system compatible with security-pcc's
VMBundle.Config format, storing VM settings in config.plist.
**Manifest System:**
- Add VPhoneVirtualMachineManifest.swift with security-pcc compatible structure
- Add scripts/vm_manifest.py for manifest generation during vm_new
- Update VPhoneCLI to support --config option with CLI overrides
- Update vm_create.sh to generate config.plist with CPU/memory/screen settings
**Environment Variables:**
- CPU/MEMORY/DISK_SIZE now only used during vm_new (written to manifest)
- boot/boot_dfu automatically read from config.plist
- Remove unused CFW_INPUT variable (overridden by scripts internally)
- Document remaining variables with their usage scope
**Documentation:**
- Update README.md with VM configuration section
- Update docs/README_{zh,ja,ko}.md with translated VM configuration docs
- Update Makefile help output with vm_new options and config.plist usage
- Fix fw_patch_jb description: "dev + JB extensions"
- Fix restore_get_shsh description: "Dump SHSH response from Apple"
**Code Quality:**
- Add VPhoneVirtualMachineRefactored.swift demonstrating code-clarity principles
- Extract 200+ line init into focused configuration methods
- Improve naming: hardwareModel, graphicsConfiguration, soundDevice
- Add BatteryConnectivity enum for magic numbers
- Create research/manifest_and_refactoring_summary.md with full analysis
**Compatibility with security-pcc:**
- Platform type: Fixed vresearch101 (iPhone-only)
- Network: NAT only (no bridging/host-only needed)
- Added: ScreenConfig and SEP storage (iPhone-specific)
- Removed: VirtMesh plugin support (PCC-specific)
docs: add machineIdentifier storage analysis
Research and validate the integration of machineIdentifier into config.plist.
**Findings:**
- security-pcc stores machineIdentifier in config.plist (same approach)
- VZMacAuxiliaryStorage creation is independent of machineIdentifier
- VZMacMachineIdentifier only requires Data representation, not file source
- No binding or validation between components
**Conclusion:**
- ✅ No compatibility issues
- ✅ Matches security-pcc official implementation
- ✅ Proper handling of first-boot creation and data recovery
- ✅ Safe to use
Delete VPhoneVirtualMachineRefactored.swift
refactor: integrate machineIdentifier into config.plist
Move machineIdentifier storage from standalone machineIdentifier.bin file
into the central config.plist manifest for simpler VM configuration.
**Changes:**
- VPhoneVirtualMachineManifest: Remove machineIDFile field
- VPhoneVirtualMachine: Load/create machineIdentifier from manifest
- VPhoneCLI: Remove --machine-id parameter, require --config
- Makefile: Remove --machine-id from boot/boot_dfu targets
- vm_manifest.py: Remove machineIDFile from manifest structure
**Behavior:**
- First boot: Creates machineIdentifier and saves to config.plist
- Subsequent boots: Loads machineIdentifier from config.plist
- Invalid/empty machineIdentifier: Auto-regenerates and updates manifest
- All VM configuration now centralized in single config.plist file
**File cleanup:**
- Move VPhoneVirtualMachineRefactored.swift to research/ as reference
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix JB boot chain patch count: 66/78 → 112 (per research doc)
- Merge PR #148: remove cfw_install_jb_finalize, update SSH to openssh-server
- Keep dropbear instructions for Regular/Dev variants
- Add Option 2 (amfidont) to prerequisites and FAQ in all translations
- Add setup_machine options comment to all translations
- Add .tipa FAQ entry (from #142) to all translations
- Add openssh-server FAQ entries to all translations
- Run prettier on all docs
JB setup now runs automatically on first boot. SSH access is via
openssh-server from Sileo instead of dropbear. Update all READMEs
(en, zh, ja, ko) accordingly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace Python cfw_inject_dylib.py with tyilo/insert_dylib (built by setup_tools)
- Use --weak flag for LC_LOAD_WEAK_DYLIB injection (avoids crash on missing dylib)
- Preserve original launchd entitlements on re-sign (fixes "operation not permitted")
- Deploy dylibs from pre-built basebin payload instead of building from source
- Remove launchdhook, systemhook, treblehook sources (no longer needed)
- Print GDB debug stub port after VM starts
- Cleanup: remove test scripts, rename patch comparison doc
- Add git-lfs to brew deps and document git lfs install/pull steps
in both English and Chinese READMEs
- Fix continuation line alignment in make help (off by one)
- Add missing blank line before VM management section
Add rpc-project rpcserver_ios LaunchDaemon to CFW install, update
cfw_input.tar.zst with the plist, and add iproxy 5910 + rpcclient
to README.
Co-authored-by: zqxwce <yyyyyy6yyyyyy6@gmail.com>
iproxy 2222 22 is a blocking command, so it can't share a terminal
with make cfw_install. Clarify that a third terminal is needed and
note the "Running server" output as the cue to proceed.
Closes#58
Update README.md
Add Simplified Chinese README and link
Add README_zh-Hans.md containing a full Simplified Chinese translation of the project README and update README.md to include a link/badge to the new Chinese README. This makes the documentation accessible to zh-Hans readers.
Introduce a new vphone virtual iPhone project:
- Add VPhoneObjC (.m/.h) providing Objective-C wrappers around private Virtualization.framework APIs (PV=3 hardware model creation, bootloader ROM setting, NVRAM helpers, PL011 serial port, SEP coprocessor, debug/panic devices, and production-mode toggle).
- Add Swift CLI and VM implementation (VPhoneCLI.swift, VPhoneVM.swift, VPhoneHardwareModel.swift) to configure and boot a PV=3 VM, capture serial console, start in DFU, and manage SEP/storage. Includes validation and minimal device config (graphics, storage, networking).
- Add helper scripts (build_and_sign.sh, boot.sh, boot_dfu.sh) to build, codesign with entitlements, and launch the VM.
- Add vphone.entitlements enabling the required private virtualization entitlements.
Notes: this targets macOS 15+ and requires appropriate entitlements and disabled SIP/AMFI to use private virtualization APIs.
Create .gitignore
Update README.md
Update README.md
Update README.md
README: add demo image and fix formatting
Add demo.png and embed it in the README; clean up markdown and code snippet formatting, remove stray backticks/bold markers, normalize list bullets, fix a resource path (vrevm), tidy whitespace/trailing chars, and add an Acknowledgements section. These changes improve readability and correctness of the setup instructions.
Create LICENSE
Create README.md
Add Package.swift; use interactive serial console
Add a Swift Package manifest for vphone-cli (macOS v14) with targets VPhoneObjC and vphone-cli, dependency on swift-argument-parser, and necessary linker/swift settings. Modify VPhoneVM to remove the intermediate Pipe-based serial capture: attach the PL011 serial port directly to FileHandle.standardInput/standardOutput for an interactive console, remove the readabilityHandler-based console capture and related plumbing, and update log/print messages accordingly.
Add CFW installer and patching tools
Add scripts and input archive to install a custom firmware (CFW) on vphone via an SSH ramdisk. Includes:
- Scripts/install_cfw.sh: zsh installer that extracts Cryptex DMGs from a restore, mounts device filesystems, copies Cryptexes, installs GPU driver and iosbinpack64, patches system binaries, injects LaunchDaemons and configures persistent SSH/VNC. Idempotent, caches decrypted DMGs and signs patched binaries with provided tools.
- Scripts/patch_cfw.py: Python tool using capstone/keystone to locate and patch binaries (seputil, launchd_cache_loader, mobileactivationd), parse BuildManifest for Cryptex paths, and inject daemon plists.
- Scripts/cfw_input.tar.zst: bundled input resources (Cryptexs, daemons, signing cert, and helper tools).
The installer requires ipsw, aea, python3 with capstone/keystone-engine and is designed to be safe to re-run. Intended to automate CFW deployment and runtime patches on the target device.
Add ramdisk build and deployment scripts
Add Scripts/build_ramdisk.py to build a signed SSH ramdisk for vphone600 from a patched restore set: it extracts firmware components, patches iBEC boot-args, repacks/signs IM4P/IMG4 artifacts (iBSS, iBEC, TXM, kernel, DeviceTree, SEP, trustcache, ramdisk) using an IM4M from an SHSH blob. Include a prepackaged ramdisk_input.tar.zst with tooling/resources and a helper Scripts/ramdisk_send.sh to load the generated IMG4 files to a device via irecovery in the correct order. The Python script expects firmware patched by patch_firmware.py and requires keystone-engine, capstone, pyimg4, and the pyimg4 CLI; usage and temp/output directories are documented at the top of the script.
Add firmware prepare and patch scripts
Add two tools for building and modifying a hybrid restore image for vphone600:
Scripts/prepare_firmware.sh
- Bash helper to download an iPhone IPSW and a cloudOS IPSW, extract them, merge cloudOS boot components into the iPhone restore directory, and generate hybrid BuildManifest.plist and Restore.plist tailored for vresearch101/vphone600 use-cases.
- Produces a ready Restore directory. Usage: ./prepare_firmware.sh [iphone_ipsw_url] [cloudos_url]
Scripts/patch_firmware.py
- Python tool that runs after prepare_firmware.sh to patch boot-chain components (AVPBooter, iBSS, iBEC, LLB, TXM, kernelcache).
- Auto-detects IM4P vs raw payloads, supports recompressing/repacking IM4P (preserving PAYP metadata when required), and applies a variety of binary patches (image4 callback bypass, serial labels, boot-args injection, trustcache/ DGST bypasses, many kernelcache fixes).
- Implements assembler/disassembler helpers (keystone/capstone) and multiple heuristics for locating patch sites.
- Usage: python3 patch_firmware.py [vm_directory]
- Dependencies: keystone-engine, capstone, pyimg4 (pip install keystone-engine capstone pyimg4)
These scripts automate preparing a hybrid restore and applying the required boot-chain patches for research devices.
Update demo.png
Create boot_sweet.sh
Add multi-touch support and VM window
Enable multi-touch input and a GUI VM window: add ObjC helpers to configure a _VZUSBTouchScreenConfiguration, create _VZTouch objects via KVC (workaround for init crash), build _VZMultiTouchEvent instances, and send/get multi-touch devices. Expose these APIs in the VPhoneObjC header and invoke VPhoneConfigureMultiTouch from VPhoneVM before VM start. Add a VPhoneVMWindow implementing a touch-enabled VZVirtualMachineView that maps mouse/right-click/drag events to multi-touch phases (with edge detection for swipe aim) and a window controller to show the VM. Also update the CLI to present the window in GUI mode.
