Alternatives and similar repositories for KextRW

Users that are interested in KextRW are comparing it to the libraries listed below

• Proteas / sep-fw-dyld-cache-loader
  IDA loader for SEP firmware with dyld cache support.
  ☆66Updated last year
• blacktop / symbolicator
  `ipsw` symbolication signatures
  ☆83Updated last month
• Siguza / IOKernelRW
  Insecurity as an IOService
  ☆95Updated 10 months ago
• Proteas / a7-sep-bug
  a7 sep bug
  ☆55Updated 2 years ago
• wh1te4ever / xnu_1day_practice
  ☆68Updated this week
• opa334 / Presentations
  ☆84Updated 8 months ago
• droe / binja-blocks
  Apple Blocks Plugin for Binary Ninja
  ☆33Updated 4 months ago
• alfiecg24 / Trigon
  Deterministic kernel exploit based on CVE-2023-32434.
  ☆120Updated 5 months ago
• jonpalmisc / respawn
  Experimentation environment for checkm8-vulnerable devices
  ☆57Updated 2 years ago
• aemmitt-ns / funtime
  Objective-C runtime tracing tool
  ☆40Updated 2 years ago
• jir4vv1t / CVE-2025-43529
  exploit for cve-2025-43529
  ☆55Updated 3 weeks ago
• pwn0rz / xnu-build
  xnu build script
  ☆70Updated 2 years ago
• ChiChou / ios-debug.py
  Shortcut to automate your iproxy, debugserver, lldb workflow
  ☆41Updated last year
• Siguza / tachy0n
  iOS 13.5 ✌️
  ☆49Updated 8 months ago
• cellebrite-labs / ida_kernelcache
  An IDA Toolkit for analyzing iOS kernelcaches.
  ☆109Updated 8 months ago
• 0cyn / ksuite
  My BinaryNinja toolkit I use for iOS centric RE || Prerelease!
  ☆46Updated 2 years ago
• pattern-f / xattr-oob-swap
  Demo exploit code for CVE-2020-27904, a tfp0 bug.
  ☆68Updated 4 years ago
• cellebrite-labs / PacXplorer
  IDA plugin to find code cross references to virtual functions using PAC codes
  ☆147Updated 3 years ago
• WHW0x455 / CVE-2023-41992
  ☆57Updated 3 months ago
• felix-pb / remote_pocs
  Some old unexploited remote kernel memory corruption PoCs
  ☆25Updated last year
• jsherman212 / ktrw
  An iOS kernel debugger based on a KTRR bypass for A11 iPhones; works with LLDB and IDA Pro.
  ☆59Updated 4 years ago
• jonpalmisc / ibis
  Segment-accurate iBoot/SecureROM loader for Binary Ninja & IDA Pro
  ☆45Updated 2 weeks ago
• jevinskie / xnu-trace
  Tracing of iOS/macOS binaries using HW single step and Frida DBI
  ☆85Updated last year
• CRKatri / trustcache
  Interact with trustcaches
  ☆41Updated 2 years ago
• alfiecg24 / Presentations
  ☆45Updated 8 months ago
• cellebrite-labs / ida_kcpp
  An IDAPython module for enhancing c++ support on top of ida_kernelcache
  ☆140Updated 8 months ago
• 0x7ff / golb
  Mapping physical memory to user space (EL0) on iOS.
  ☆74Updated 3 years ago
• tony-go / snixpc
  XPC sniffer using LLDB
  ☆48Updated last year
• cellebrite-labs / sandblaster
  Reversing the Apple sandbox
  ☆158Updated last month
• matteyeux / seprom-loader
  Binary Ninja loader for 64 bits Apple SEPROMs
  ☆58Updated 4 months ago