iOS emulators

From Emulation General Wiki
Revision as of 22:37, 24 June 2024 by 172.69.33.208 (talk) (Comparison)
Jump to navigation Jump to search

iOS
IOS.png
Developer Apple Inc.
Release date 2007
Emulated ~
This page is about software that emulates iOS on other hardware, like desktops.
For emulators that run on iOS, see Emulators on iOS.

iOS and iPadOS are operating systems created by Apple.

iOS devices started the smartphone craze, which would go on to replace conventional mobile phones in both Japan (which had its own subset of cell phones) and the rest of the world, with more advanced touch-controlled devices.

Formerly, iOS was used for both Apple's phones and tablets. Then, the iOS brand was split into two parts in 2019, with iOS now being the OS exclusively used in the iPhone and the now-defunct iPod Touch. The second half, named iPadOS, is a fork of iOS for iPads that makes use of their larger screens, hence its name. Most iOS apps and games work on iPadOS.

Unlike its direct competitor, Android, there are practically no usable emulators, as the official iOS SDK (macOS-only) only allows for running your own projects, i.e., they run code generated for an x86 target rather than ARM code as used by iOS. Similar to most of the Android emulators, some emulators (e.g., BlackThunder) uses two-step approach, making use of the simulator in the iOS SDK to run a few chosen iOS apps that are recompiled for x86. Unlike previous emulation trails, BlackThunder first loads a highly trimmed Hackintosh image via VirtualBox, which loads Xcode and an iOS simulator into it, then runs decompiled iOS apps recompiled for the x86 architecture. Appetize.io and other tools that claim to emulate iOS on a web browser are in reality just the iOS simulator in XCode wrapped around a cloud stream to the web browser, and like the iOS XCode simulator, need the source code to run. More recently, touchHLE managed to get a few older iPhone OS apps running by recreating some of iOS’s standard libraries and emulating just the iPhone’s CPU, and nearly the same time, QEMU-iOS got released and can successfully emulate iPhone OS 1.0 on an iPod Touch 1st generation, albeit with bugs.

Emulators

Name Platform(s) Latest version Hardware features Enhancements Compatibility FLOSS Active Recommended
PC / x86
touchHLE Windows macOS 0.2.2 ~ ~ 28%
52 out of 188 reported titles
~
QEMU-iOS macOS Linux git ~ ? N/A
BlackThunder Windows macOS ? ? ? ? ?
MAME Windows Linux macOS FreeBSD 0.271 ? ? N/A *
unidbg Windows macOS Linux 0.9.7 ? ? ?
Unnamed iOS emulator Windows Unreleased due to touchHLE ? ? ?
aah macOS ? ? ? ?
ipasim Windows PatchV1.0.1 ? ? ?
unidbg Windows macOS Linux 0.9.7 ? ? ? ~
TruEmu Windows Linux macOS ? ? ? ?
xnu-qemu-arm64 Windows Linux macOS ? ? ? ?
iEmu Windows Linux macOS ? ? ? ?
Mobile / ARM
touchHLE Android 0.2.2 ~ ~ 28%
52 out of 188 reported titles
~

Hypervisors (...)

Name Platform(s) Latest version Hardware features Enhancements Compatibility FLOSS Active Recommended
Corellium Web Web-based ($) ? ? ? ~[N 1]

Native

Name Platform(s) Latest version Hardware features Enhancements Compatibility FLOSS Active Recommended
Mobile / ARM
macOS macOS [N 2] 11 Big Sur to 14 Sonoma ? ? ?
Cycada Android Unreleased ? ? ?
  1. Would be completely recommended if it wasn’t paid and/or a local version that runs on Windows/macOS/Linux is available.
  2. Requires Mac computers with Apple Silicon (M series) processors.

Comparison

Emulators
touchHLE
A promising new endeavor that aims to run older iOS apps by reimplementing standard libraries instead of internal components. Because of this very high-level approach, no dump of the operating system is required. Its initial target is iPhone OS 2.x, with plans to support other 32-bit iOS versions, mainly 3.x and 4.x, as well as the iPad. Development started in December 2022, and its initial 0.1.0 release came out in February 2023. touchHLE supports a handful of apps, with most apps that do not crash on the start working absolutely perfectly. touchHLE supports running IPA files directly. A game controller is required to control the accelerometer. touchHLE has an app archive that currently only has two apps being touch and go and it’s lite version, which are licensed to be free to use with touchHLE. Unfortunately, touchHLE does not currently have a “canary” branch which gets all the additions of it’s multiple concurrent pull requests.
QEMU-iOS
Previously unnamed and referred to as “devos50’s qemu fork”, Based on earlier work emulating the S5L8900 and the iPhone 11 in QEMU. It can emulate an iPod Touch 1G running iOS 1.0, including iBoot, the kernel, and the Springboard, although it requires a modified NOR and NAND image. Some features, such as audio and Wi-Fi, are not emulated, and there are multiple crashes. About a year later, the same user managed to run iPhone OS 2 on an emulated iPod Touch 2G, however internet connectivity is not figured out yet, and nobody has yet ran a 3rd party app via filesystem hacks as of now, as both networking and USB (iTunes) are unemulated and cannot be installed regularly.
MAME
Very basic iPhone 2G support available here (that cannot boot iOS, nor even get to the Apple logo). Unlikely to ever be completed.
BlackThunder
Closed-source, commercial iOS emulator that can run a few commercial iOS apps. The official iOS SDK (macOS-only) only allows for running your own projects, i.e. they run code generated for an x86 target rather than ARM code as used by iOS. However, some emulators, e.g. BlackThunder, make use of the simulator in the iOS SDK to run a few chosen iOS apps that are recompiled for x86. Unlike previous emulation trails, BlackThunder first loads a highly trimmed Hackintosh image via VirtualBox, which loads Xcode and an iOS simulator into it, then runs iOS apps that are decompiled and recompiled for the x86 architecture.
Unnamed iOS Emulator
This is a Low-Level Emulator made by user “K-8-L-Y-N” discussed on the Darling Discord Server, which can run Springboard and the Calculator. They said it’s their own codename and own interpreter. It does not support touch at all, making it almost useless. It only emulates the kernel and the user provides a filesystem DMG. They’ve gotten iOS 1.0 springboard to boot, which they said was not too difficult and said they were also using iOS 1.0 dyld directly. They said it was a Low-Level-Emulation project as they had to emulate the CPU. They also said the kernel emulation is shorty and it only works. They said they’ll never release it in the state that is in, and refuses to even work on it due to touchHLE’s existence. It does load the original frameworks but doesn’t emulate UIKit. The interpreter was for x86 and interprets ARM. They got it to boot via emulated/recreated parts of the darwin/bsd kernel. Again, it’s emulating the kernel and not doing BSD syscalls on windows. When they feel like the code is in a better state, they do want to release it under the unlicense. However they do not plan to ever work on it anymore due to touchHLE. They say the code is in some pretty messy C++ stuff. They plan on rewriting in C# as they feel more comfortable continuing it in C#.
TruEmu
QEMU-t8030, also known as TruEmu, is an iPhone 11 emulated in QEMU, however, the current version with a published source cannot boot. TruEmu is a software that offers support for iOS 14 up to the latest iOS 16 and is built to work on iPhone 6S SecureROM hardware. It also provides out-of-box kernel debugging support and USB support (with Firmware Restore) and utilizes Apple's custom CPU features such as SPRR/GXF and custom PAC. Additionally, TruEmu is open-source software. TruEmu is made to counteract the paid Corellium’s monopoly in iOS emulation for security reasearch. The creator’s mastodon and X (formally Twitter) shows work on full SEP emulation and it booting to SpringBoard and operating the Calculator and Settings apps, but it is currently unreleased, with only minor graphical glitches. The day videos of it’s operation were posted on social medias, a user made an issue about it and archived the repo with no comment, only with a comment before it was emulated saying that he was working on multitouch. The reason it was unreleased remains uncertain. He may be developing a very capable iOS emulator, may have been hired by Corellium, or he may have been stopped by an Apple employee or has been paranoid about possible Copyright issues and decided to not release it nor make a comment.
iEmu
QEMU-s5l89xx-port (also known without the -port) (2012), also known as iEmu, is another failed attempt to get an iPhone running in QEMU, this time the 1st generation. The last commits were made in 2013. Any Android app going by the name iEmu is a *scam* and should be avoided. Nowadays, a malicious APK file going by the iEmu moniker is also being circulated on blogs run by script kiddies claiming to offer a way to run iOS apps on Android. More often than not, they're uploaded with the intention of generating revenue from impressionable users (through pay-per-click URL shorteners) who fall easily for those types of scams. The project started in 2011 but got mysteriously abandoned two years later before anything usable surfaced. All pages related to the project were removed. It's speculated Apple had a hand in this. The name is based on the part number of the original iPhone, and also is known to be called iVM, however, this is unconfirmed.
unidbg
unidbg (2020) is a developer library that allows emulating Android binaries, however, "experimental" iOS support was added sometime in 2021. It is unknown if any apps are supported.
aah
aah (arm64 architecture handler) uses unicorn and libffi to run iOS arm64 binaries on x86_64 macOS, with varying degrees of success. Most things will fail to launch because they need frameworks/symbols that aren't available on macOS. aah relies on the Mac Catalyst frameworks that are present on macOS 10.15. Additionally aah requires the source code of the app to run it, like the iOS simulator/emulator in XCode. https://twitter.com/maczydeco/status/1155588054486310912 https://github.com/zydeco/aah
ipasim
ipasim (2017) is a high-level emulator written in C++ that uses Microsoft's winObjC to recompile 64-bit iOS apps into apps in live. It doesn't support much apps except for really basic ones. It was more focused on apps than games.
xnu-qemu-arm64
A security research emulator created by Aleph. Much like TruEmu, it can partially run iOS, with launch services working correctly.
Hypervisor
Corellium
A service made by the Israeli company of the same name that runs any modern iOS devices, some Android devices, or bring-your-own IoT devices on either the cloud or a self-hosted server. Compatibility is basically perfect, and they have hardware iOS 10.3 to the latest iOS version, with debugging features and security tools, as well as IPA installing. They also have iPhone 7 to the latest iPhone in terms of hardware. The devices run on an ARM hypervisor called "CHARM". For individuals, it costs 3 USD per hour for most use excluding some cybersecurity tools. The site also prohibits users under 18 from using their service. The service is made for cybersecurity, not general use.
Native
macOS 11 and up
Since macOS 11 Big Sur, the 17th major operating system of the macOS line, the operating system for Mac computers has support for iOS and iPadOS applications for Apple Silicon-based Macs. However, some apps cannot be installed directly due to Apple DRM. This can be bypassed using an IPA file and PlayCover/Sideloady. See this page. If you have an ARM Mac, and want to emulate newer/modern apps/games, native execution is the most recommended
Cycada
Cycada (2014), formally known as Cider and Chameleon before that is an unreleased research project made by a few folks at Columbia that ran iOS 5.1.1 and experimentally iOS 6 apps at a high, but not perfect quality and compatibility (see paper for list). It is based on pirated iOS libraries. It is seriously not recommended to initiate contact with the developers of the project, as they never planned on releasing it and want people to use their paper to reproduce it with "significant effort". All attempts to release it by contacting them have resulted in them saying they are not interested. You may try to recreate Cycada on your own, provided that you know the internals of Android, iOS, XNU, and Linux. Out of 69 tested apps, 19 apps fully work, 10 work with minor bugs that do not affect functionality, 15 have major errors that affect functionality, and 27 crash. Only one recreation is known to exist, which is also unreleased, and it was made by the creator of DarlingHQ along with two other unknown individuals. It took about a year to develop, and one component of it was released. The one exception where some original code was published was here, to be reused in Darling later on. Jeremy Andrus was accused of being a sellout for leaving the project to work as a kernel programmer (Now a Cloud Computing Efficiency worker) for Apple. The project booted many 32-bit iOS apps successfully, albeit slowly. The last update to this project was in 2017. (NOTE: If you search "Cider APK", you will get iPhone 12 launcher adware) To see the paper, its specifications, its compatible apps, and possibly recreate it, see here
Compatibility layer (...)?
Darling
Although no iOS support exists at the moment, Darling wants to add support for iOS apps in the “long term”. Although not stated, they might add support for other platforms based on iOS, such as tvOS or watchOS in the future.

Hardware features

This table focusing on early iOS operating system and crucial hardware features that can be possible to emulated through software or will be possible in the near future. Including everything or niche modern iOS features (e.g. 3D Touch / Pressure Sensitive Buttons, Game Mode) would result in an endless list.

Name TouchHLE QEMU-iOS Corellium
Home screen
This shouldn't be confused with emulator frontend/GUI.
~
Non-game apps ~
Notification Center
Sideloading/Installing ?
Wi-Fi ~*
Bluetooth
Multi-touch ? ? ?
Motion sensors * ?
Location
Connectivity Game Center
Achievements, Challenges, Leaderboards etc.
?
Apple Push Notification service
OS versions
iPhone OS 1
iPhone OS 2
iPhone OS 2.2.1 was the last version compatible solely with ARMv6 chips.
iPhone OS 3
Supported both ARMv6 and ARMv7-A chips.

(Only 3.0)
iOS 4
iOS 4.2.1 was the last version supported ARMv6 chips.
WIP
iOS 5 Future goal
iOS 6
iOS 6.1.6 was the last version compatible solely with 32-bit ARMv7-A chips.
Future goal
iOS 7 to 10
Supports both 64-bit ARMv8x-A and 32-bit ARMv7-A chips. iOS 10.3.4 was the last version that supported 32-bit chips.
Never ~ (iOS 10.3.3 and 10.3.4 only)
iOS 11 to present Never
iPadOS Never
WatchOS Never
Supported ABIs
ios_armv6 (iPhone OS 1 – iOS 4.2.1)
Supporting ios_armv6 ABI is crucial for emulators due to compatibility and preservation reasons.
*
ios_armv7a (iPhone OS 3 – iOS 10.3.4)
Supporting ios_armv7a ABI is crucial for emulators due to compatibility and preservation reasons.
Older applications and games often rely on the ARM 32-bit (Cortex) architecture, which isn't used in newer hardware.
*
ios_armv8.xa (iOS 11.0 to present) Never ?
Supported APIs
OpenGL ES x.x (iPhone OS 2 – iOS 12.0)
Supporting OpenGL ES x.x APIs is crucial for emulators due to compatibility and preservation reasons.
* ? ?
Metal (iOS 8 to present) Never ?


Enhancements

Name TouchHLE QEMU-iOS
Graphics Resizable Internal Resolution * ?
Post-Processing Shader Chain
Filters
AI-powered filter compatible
(Freestyle)
? ?
Post-rendering AA
(FXAA, TXAA and MLAA/SMAA)
Post-rendering scaling
(Sharp bilinear, Lanczos and FSR 1)
Inverse tone mapping compatible ? ?
TAS features Macros/Scripts/Lua ? ?
Rewind
Fast-Forward/Turbo Speed
Savestates
Movie recording/playback
Input Keyboard input injection
Early versions of iOS didn't support keyboard input.
One way an iOS emulator can provide keyboard input for these versions is through the injection method, which sends keystrokes input data directy into emulated memory.
Mouse input injection
Early versions of iOS didn't support mouse input.
One way an iOS emulator can provide mouse input for these versions is through the injection method, which sends cursor input data directy into emulated memory.
Gamepad input injection
Before MFi extended support in iOS 7 (unlocking gamepad compatibility for devices like the Logitech Powershell Controller).
Earlier iOS versions (1-to-6) offered no native gamepad support.
Quality of life Streamable compression format
Per-Game Profiles
Command Line Options ?
On-Screen Display
Showcases messages, controller input state which is useful for speedrunners, performance data, active settings, and various notifications.
Built-in On-Screen Control
Simulating touch input on display via keyboard or gamepad. This QoL enhancement is crucial for lots of touch input exclusive games.
Also you can use third party apps such as ShootingPlus V3 for this.
*
Big Picture Mode
Misc Variable Refresh Rate compatible
EmuVR support Exclusive to libretro cores at the moment. So there is no support.
AI Service
With the help of OCR and other techniques, the AI service can provide a live translation of a game, or text-to-speech capabilities for the visually impaired among other things, either on demand or automatically.
Exclusive to libretro cores at the moment. So there is no support.
Debug features ~* ?


Scams

Many of the currently available "solutions" only try recreating popular iOS apps (like browsers) in a PC application with no real emulation involved. Some notable scams in such fashion are called iPadian or variations on the name, and are often malware. iPadian itself is not a real emulator and cannot actually emulate any iOS, iPadOS, or watchOS code and just use recreations that are limited in functionality and are not ports. “AIR iPhone” is also a simulator in Adobe Flash. Malware on Android also goes by the name “iEmu”, “Cider” and “Cycada”, based on the unfinished and unreleased projects of the same name, and is sometimes iOS launcher software that is possibly infected by malware. iOS emulators that aren't scams operate like XCode, where they cannot run non-development builds.

  • TikTok videos by the user “iPod Emulator Hype” appear to show QEMU-iOS running on an Android device and a web browser, however, the Android version is confirmed to be a VNC client and faked, with the HTML5 version likely fake as well.
  • Blog sites suggest “iOSEmus” as an iOS emulator for Android devices. In reality, it is an alternate App Store for iOS to install jailbreak tools including console emulators and other tools on iOS 11.

Your best bet, until touchHLE supports your 32-bit app, ARM macOS is able to be virtualized without an ARM Mac (for 64-bit), or a new emulation effort is ever started, is to hope that whatever iOS app you're interested in gets an Android port. This is very rare, especially for Japanese ones, as Android is perceived to be more open to piracy. That appears to be gradually changing lately and isn't of as much concern for non-gaming apps. However, in the U.S., the trend goes to iOS exclusively, including the Faves, Bloom, and the official ChatGPT apps getting iOS versions first, and a trend of users in Anglo-America discriminating against Android users, forcing them to switch to iOS also may contribute to the need for one.

External links

Apple Inc.
1998 apple logo.png
Desktop: Apple IApple II Line (Apple IIGS) • Apple III lineLisaMacintosh lineMacOS
Mobile: iPodiOS
Consoles: Pippin