Difference between revisions of "IOS emulators"

iOS

Developer	Apple Inc.
Release date	2007
Emulated	~

This page is about software that emulates iOS on other hardware, like desktops.

For emulators that run on IOS, see Emulators on iOS.

iOS devices started the smartphone craze, which would go on to replace conventional mobile phones in both Japan (which had its own subset of cell phones) and the rest of the world, with more advanced touch-controlled devices.

Unlike its direct competitor, Android, there are practically no usable emulators, as the official iOS SDK (macOS-only) only allows for running your own projects, i.e., they run code generated for an x86 target rather than ARM code as used by iOS. Some simulators (e.g., BlackThunder) make use of the simulator in the iOS SDK to run a few chosen iOS apps that are recompiled for x86. Unlike previous emulation trails, BlackThunder first loads a highly trimmed Hackintosh image via VirtualBox, which loads Xcode and an iOS simulator into it, then runs decompiled iOS apps recompiled for the x86 architecture. More recently, touchHLE managed to get a few older iPhone OS apps running by recreating some of iOS’s standard libraries and emulating just the iPhone’s CPU, and nearly the same time, QEMU-iOS got released and can successfully emulate iPhone OS 1.0 on an iPod Touch 1st generation.

ROMs

TODO: Merge this with ROM & ISO sites
https://archive.org/details/ipaarchive is the best source for classic ROMs. Just search your app or find collections with your app in it. https://decrypt.day/ is the best source for modern app ROMs that are all free.

Emulators

Name	Platform(s)	Latest version	FLOSS	Active	Recommended
PC / x86
macOS Big Sur and up		?	✗	✓	✓
Corellium		Web-based	✗	✓	✓
touchHLE		0.1.2 Actions	✓	✓	~
QEMU-iOS		git	✓	✗	~
BlackThunder		???	✗	?	~
aah		???	✓	✗	~
ipasim		PatchV1.0.1	✓	✗	✗
unidbg		0.9.7	✓	~	✗
TruEmu		???	✓	✗	✗
xnu-qemu-arm64		???	✓	✗	✗
iEmu		???	✓	✗	✗
MAME		0.264	✓	✗	✗
Mobile / ARM
touchHLE		1.0	✓	✓	TBD
Cycada		Unreleased	✗	✗	TBD
QEMU-iOS port		Not released yet	✗	?	TBD

macOS Big Sur

The 17th major operating system of the macOS line. It has support for iOS and iPadOS applications for Apple M1- and M2-based Macs. However, some apps are not installed due to Apple DRM. This can be bypassed using an IPA file and PlayCover/Sideloady.

touchHLE

A promising new endeavor that aims to run older iOS apps by reimplementing standard libraries instead of internal components. Because of this very high-level approach, no dump of the operating system is required. Its initial target is iPhone OS 2.x, with plans to support other 32-bit iOS versions, mainly 3.x and 4.x, as well as the iPad. Development started in December 2022, and its initial 0.1.0 release came out in February 2023. The only officially supported applications are Super Monkey Ball – the dev’s inspiration for the project – which is fully playable and runs at full speed, even on mid-range laptops, as well as Crash Bandicoot Nitro Kart 3D. touchHLE supports running IPA files directly. Super Monkey Ball Lite and Touch & Go Lite, the only supported free games, are the third and fourth ones supported. A game controller is required to control the accelerometer.

QEMU-iOS

Previously unnamed and referred to as “devos50’s qemu fork”, Based on earlier work emulating the S5L8900 and the iPhone 11 in QEMU. It can emulate an iPod Touch 1G running iOS 1.0, including iBoot, the kernel, and the Springboard, although it requires a modified NOR and NAND image. Some features, such as audio and Wi-Fi, are not emulated, and there are multiple crashes.

Corellium

A service made by the Israeli company of the same name that runs any modern iOS devices, some Android devices, or bring-your-own IoT devices on either the cloud or a self-hosted server. Emulation is basically perfect, and they have hardware iOS 10.3 to the latest iOS version, with debugging features and security tools, as well as IPA installing. They also have iPhone 7 to the latest iPhone in terms of hardware. The devices run on an ARM hypervisor. For individuals, it costs 99 USD for two cores, which only has iPhone 7, and 295 USD for six cores, to use modern iPhones. The site also prohibits users under 18 from using their service. The service is also made for cybersecurity, not gaming.

MAME

Very basic iPhone 2G support available here. Unlikely to ever be completed.

BlackThunder

The official iOS SDK (macOS-only) only allows for running your own projects, i.e. they run code generated for an x86 target rather than ARM code as used by iOS. However, some simulators, e.g. BlackThunder, make use of the simulator in the iOS SDK to run a few chosen iOS apps that are recompiled for x86. BlackThunder is a closed source, commercial iOS simulator that can run a few commercial iOS apps. Unlike previous emulation trails, BlackThunder firstly loads a highly trimmed Hackintosh image via VirtualBox, which loads Xcode and an iOS simulator into it, then runs iOS apps that are decompiled and recompiled for the x86 architecture.

Cycada

Cycada (2014), formally known as Cider and Chameleon before that is an unreleased research project made by a few folks at Columbia that ran iOS 5.1.1 and experimentally iOS 6 apps at a high, but not perfect quality and compatibility (see paper for list). It is based on pirated iOS libraries. It is seriously not recommended to initiate contact with the developers of the project, as they never planned on releasing it and want people to use their paper to reproduce it with "significant effort". All attempts to release it by contacting them have resulted in them saying they are not interested. You may try to recreate Cycada on your own, provided that you know the internals of Android, iOS, XNU, and Linux. Out of 69 tested apps, 19 apps fully work, 10 work with minor bugs that do not affect functionality, 15 have major errors that affect functionality, and 27 crash. Only one recreation is know to exist, which is also unreleased, and it was made by the creator of DarlingHQ along with two other unknown individuals. It took about a year to develop, and one component of it was released [The one exception where some original code was published was https://github.com/darlinghq/darling-newlkm

here], to be reused in Darling later on.

TruEmu

QEMU-t8030 (2022), also known as TruEmu, is an iPhone 11 emulated in QEMU, however it does not have a display, and seems abandoned. TruEmu is a software that offers support for iOS 14 up to the latest iOS 16, and is built to work on iPhone 6S SecureROM hardware. It also provides out-of-box kernel debugging support and USB support (with Firmware Restore), and utilizes Apple's custom CPU features such as SPRR/GXF and custom PAC. Additionally, TruEmu is an open-source software.

iEmu

QEMU-s5l89xx-port (2012), also known as iEmu, is another failed attempt to get an iPhone running in QEMU, this time the 1st generation. The last commits were made in 2013. Any Android app going by the name iEmu is a *scam* and should be avoided.

unidbg

unidbg (2020) is a developer library that allows emulating Android binaries, however "experimental" iOS support was added some time in 2021. It is unknown if any apps are supported.

aah

aah (arm64 architecture handler) uses unicorn and libffi to run iOS arm64 binaries on x86_64 macOS, with varying degrees of success. Most things will fail to launch because they need frameworks/symbols that aren't available on macOS. aah relies on the Mac Catalyst frameworks that are present on macOS 10.15. Additionally aah requires the source code of the app to run it, like the iOS simulator/emulator in XCode. https://twitter.com/maczydeco/status/1155588054486310912 https://github.com/zydeco/aah

ipasim

ipasim (2017) is a high level emulator written in C++ that uses Microsoft's winObjC to recompile 64-bit iOS apps into apps in live. It doesn't support much apps except for really basic ones. It was more focused on apps then games.

xnu-qemu-arm64

A security research emulator created by Aleph. Security that like TruEmu, it can partially run iOS, with launchd services working correctly.

Darling

Although no iOS support exists at the moment, Darling wants to add support for iOS apps in the “long term”. Although not stated, they might add support for other platforms based on iOS, such as tvOS or watchOS in the future.

Our most recommended

This is an overall guide for people looking for an iOS emulator. If you have a Apple Silicon Mac and want to emulate 64-bit/modern apps, just use Sideloady and DecryptDay to install the app itself on your M1/M2 Mac. If you have an Intel Mac, try using “aah” which is your best option. If you want to emulate 32-bit iOS apps, use touchHLE for iPhone OS 2 apps, if your app is one of the only of the handful of supported apps, and if not, you can wait for Cycada to release or get recreated, but it likely won’t ever happen. If you just want to try the look and feel of the first iPhone/iOS, devos19’s QEMU fork is the best option. If you are emulating for the purpose of something related for cybersecurity or advanced testing not in the XCode emulator, try and purchase Corellium, however if you are broke or a minor, your only real option is TruEmu, even though it can only be used for testing low level iOS components because it cannot boot to iOS. If you want to easily run VERY simple iOS apps on Windows, use ipasim, even though there is nearly zero people in this category. If you would like to run a few commercial iOS apps and games from China, use BlackThunder.

History of failed iOS emulation attempts

Many of the currently available "simulators" only try recreating popular iOS apps (like browsers) in a PC application with no real emulation involved. Some notable scams in such fashion are called iPadian or variations on the name, and are often malware.

• A project to emulate various smartphones (iPhone, iPod Touch, iPad, Apple TV 2G) called iEmu, started in 2011 but got mysteriously abandoned two years later before anything usable surfaced. All pages related to the project were removed. It's speculated Apple had a hand in this.
• Nowadays, a malicious APK file going by the iEmu moniker is also being circulated on blogs run by script kiddies claiming to offer a way to run iOS apps on Android. More often than not, they're uploaded with the intention of generating revenue from impressionable users (through pay-per-click URL shorteners) who fall easily for those types of scams.
• There has been a project to provide a runtime for iOS apps to run on Android called Cycada (formerly known as Cider). Not much progress has been made, and the original author was accused of being a sellout for leaving the project to work as a kernel programmer for Apple. The project booted many 32-bit iOS apps successfully, albeit slowly. The last update to this project was in 2017. (NOTE: If you search "Cider APK", you will get iPhone 12 launcher adware)
• There was also a project based on QEMU that usually went around by the name QEMU-s5l89xx (based on the part number of the original iPhone), or iVM. The last known commits to this project were in 2013, and it is unclear if this project will ever come to fruition.

Your best bet, until a new emulation effort is ever started, is to hope that whatever iOS app you're interested in gets an Android port. This is very rare, especially for Japanese ones, as Android is perceived to be more open to piracy. That appears to be gradually changing lately and isn't of as much concern for non-gaming apps.

Apple Inc.
	Desktop: Apple I • Apple II Line (Apple IIGS) • Apple III line • Lisa • Macintosh line • MacOS Mobile: iPod • iOS Consoles: Pippin