Introducing Project Sandcastle: Android for the iPhone. We’re excited to see what the developer community builds from this foundation. We’d particularly like to thank the team behind Checkra1n and PongoOS for their support and assistance.
"Corellium, a security research firm sued by Apple, has won a major legal victory against the iPhone maker. A federal judge in Florida threw out Apple’s claims that Corellium violated copyright law with its software, which helps security researchers find bugs and security holes."
It's been a long time coming: we’re very excited to announce that virtual iOS-based devices are now available for individual accounts on our groundbreaking security research platform.
Shoutout to
@CorelliumHQ
for giving me access to their amazing platform. This means that I will now be able to test unc0ver on any device running any firmware with extended debugging capabilities!
Ready to be CHARMed? Our Corellium Hypervisor for ARM enables us to run virtual iPhones in the cloud with game-changing features like:
- Run any version of iOS
- On demand thread list & kernel backtrace
- Optional jailbreak for any version
- Web-based debugging
- And much more!
Apple's lawsuit against Corellium might seem like an insider story, but if Apple prevails, it's a terrible blow for all kinds of hackers and tool-makers.
Your security work shouldn't be held up for months waiting on unreliable public jailbreaks. Corellium users know they can depend on getting access to rooted versions of the latest devices and the latest OS's almost as soon as they're released.
"Apple's latest filing should give all security researchers, app developers, and jailbreakers reason to be concerned." Read the full statement from Corellium CEO
@amandalgorton
on Apple's DMCA filing here:
We are pleased to announce that the U.S. Court of Appeals has further upheld the initial court’s ruling of copyright fair use in Corellium’s favor. This is a big win for the security community and technology innovators.
Corellium’s innovative and transformative technology that virtualizes physical devices is changing the way security research and mobile development is done. This should be celebrated, not shut down. Read our statement re:
#Apple
vs.
#Corellium
lawsuit:
We’re proud to be teaming up with Bugcrowd to make mobile & IoT security testing more accessible to researchers 🙌
Through our partnership, Bugcrowd will be offering virtual devices for customers with mobile & IoT bounty programs, so you can hunt bugs without the hardware!
Hey developers 🙃 We have the world’s largest virtual iOS/Android farm — over 2000 virtual devices. We want to push it to new limits. Tell us why you want access and what cool things you would do!
So many of you have signed up that you've maxed out our current capacity! 🤯 If you're experiencing an error creating devices, please stand by -- we're working on adding more capacity now!
The Corellium Cloud has been updated to support the latest iOS 14.5! ✨📱
Want to start testing your apps without the need to jailbreak your device?
Corellium makes it possible for as little as $0.50/hour, with fully integrated security testing tools!
A little internal Corellium lore for you: when our hypervisor panics, we call it a "cat," because this adorable ASCII cat brings us the panic log as a present. We call it Glitch Cat 🐈
If you'll be at
#blackhat
, be sure to drop by our booth and snag a Glitch Cat t-shirt!
A lot of people have been asking us about APRR due to the release of
@s1guza
's amazing research on it. The answer is yes as of 2.1.4 we do support APRR and it can be enabled in settings under general.
Ever wish you could get x-ray vision on an iOS or Android app? With CoreTrace, you can inspect all system calls to dynamically analyze exactly how your app is interacting with the OS. Check out our demo video to learn more!
It's been a long time coming... but thanks to the AWS Graviton, we're finally able to offer individual accounts for our ARM-based virtual devices and groundbreaking security research platform! 🎉 Early Access coming October 15th
In our latest blog post, we reveal some interesting hardware security mechanisms protecting physical memory on mobile devices and the ingenuity of the engineers behind them.
2021 has been a year of incredible challenges, victories, and growth for us. To cap it off, we're excited to share we've raised $25M with
@Paladincap
and
@Cisco_Invests
to bring our virtual magic beyond mobile. We can't wait for you to see what's next!
fwiw when I was there, we, the rank and file, looked at corellium with a combo of respect and envy because whoa what a cool technology. also debugability is not a security boundary
Corellium’s virtualization allows you to debug your hardware IP and your drivers together. Connect your HDL simulator to Corellium ARM virtual machines with AXI 4 or Wishbone bus and speed up your design cycle.
📢 We’re incredibly excited to share that
@Arm
is licensing Corellium’s virtualization technology as part of its Arm Virtual Hardware (AVH) offering, enabling high-performance virtualization of IoT devices for faster R&D!
Today, in honor of our 4th birthday, we’re announcing the Corellium Open Security Initiative to support independent public research into the security & privacy of mobile apps and devices 🎂
✨Wouldn’t it be *great* if curl had support for WebSockets? ✨
We thought so too, which is why when we found out this was one of curl’s most requested features and
@bagder
needed funding to make it happen, we reached out and offered to sponsor it.
(1/3)
To celebrate our upcoming Oct 15th launch of individual accounts, we will be giving 1 month free to anyone who receives a CVE for vulnerabilities in Android or iOS.🙌🐛 Mention you used Corellium and get 6 months free, or donate your bounty award to charity and get 1 year free!
Without
#jailbreaks
, white-hat researchers wouldn’t be able to dynamically analyze mobile apps or discover security flaws.
We're proud to announce that Corellium now supports
#iOS17
, including fully jailbroken iOS 17.
Ever wished your virtual Android device could see the world to take video calls, take photos, or scan QR codes? Well now it can!
Starting today, you can route your microphone and webcam directly to your Corellium Android devices right from your browser!
Linux is now completely usable on the Mac mini M1. Booting from USB a full Ubuntu desktop (rpi). Network works via a USB c dongle. Update includes support for USB, I2C, DART. We will push changes to our GitHub and a tutorial later today. Thanks to the
@CorelliumHQ
team ❤️🙏
“Apple does not provide low-level access to the hardware on their devices, our iOS kernel debugger relies on the Corellium emulator. This is a unique opportunity to debug iOS kernel in an easy and interactive way. In our experience, Corellium is amazing and very easy to use” 🙏❤️
Last week, Arm gave us a glimpse into the future by unveiling the next-generation of Arm processors: the Armv9 architecture. There are two groups of features in Armv9 that we’re particularly excited about!
Check out Corellium's new Network Monitor feature! With one click you can disable pinning and dump all HTTP/S traffic from both the OS and installed applications 🔥
@CorelliumHQ
is hiring! If you‘re an engineer with experience in virtualization, Android RE, hardware modeling, graphics/GPU, &/or building for scale, drop us a line at jobs
@corellium
.com. Remote, flexible, competitive comp.
Can your test device do this? With Corellium's snapshot feature, you can save valuable setup time by instantly restoring to a previously saved state. Check out our quick video to learn more!
If you plan on attending Black Hat USA and would like to see how Corellium rewrites the book on iOS & Android security, DM/Email us to schedule a free 1 hour training which includes iOS 13 - SEP, iBoot & Kernel debugging and an overview of new mitigations/enhancements.
We're extremely proud to support organizations like the EFF that fight tirelessly to protect the fundamental digital rights of both users and developers.
@EFF
, we deeply appreciate your relentless work to defend security research.
Huge thanks and appreciation to
@cmwdotme
& the
@CorelliumHQ
team for directing their
@Apple
bug bounty as a donation to EFF. Your hard work finding bugs will now help EFF fight for digital rights, including protecting and defending security research.
Haven't received a CVE yet? No worries. Starting November 1st Corellium will be offering free security workshops which come with a 1 day trial pass to Corellium's security research platform. Keep an eye out for more details.
To celebrate our upcoming Oct 15th launch of individual accounts, we will be giving 1 month free to anyone who receives a CVE for vulnerabilities in Android or iOS.🙌🐛 Mention you used Corellium and get 6 months free, or donate your bounty award to charity and get 1 year free!
Corellium version 5.2.0 just released, and we think you’re gonna love it.
- iOS 16.5.1 support
- Update iOS version on device
- SSO Beta
- And more…
Start your research on the latest iPhone models today.
Request a free trial today ➡️
“Every successful suit that invokes 1201 sets a precedent for further abuse. The purpose of copyright is set out in the US constitution as simply ‘to promote the progress of science and useful arts.’ Apple’s suit does the opposite.”
Corellium researcher Chris Williams takes a look at a vulnerability in XNU, the kernel used by
#iOS
and
#macOS
, and explores how Corellium
#kernel
hooks can help to disable exploit mitigations.
More here:
We have started rolling out Corellium with vGPU to our cloud environment. We are now not only the fastest hypervisor for ARM, but also the only hypervisor that supports mobile vGPU.
(Is this thing on?) Time to head over to to claim your spot in the Early Access line!
Note: currently, Early Access is for Android only, iOS isn't fully supported yet on AWS.
#priorities
Stay tuned for updates!
@cfriedt
@cmwdotme
We fully support the Asahi project and hope our work helps it come to life even faster. We encourage everyone interested in M1 Linux to sign up to Asahi's Patreon, or donate to the EFF on our behalf.
We are always thrilled to see our virtual devices supporting
#MobileSecurity
trainings around the world. Trainings by teams like
@enciphers_
equip security researchers with the skills they need to stay ahead of the curve and keep users protected.
We pioneered an Arm hypervisor, which allows a VM (virtual machine) to run native Arm-on-Arm (Arm OS running on Arm hardware). It's Arm-native virtualization, not an emulator.
Visit for how it works.
ARM + VIRTUAL = AWESOME!
We’ve reached our 1-year anniversay for our Corellium Cloud service! 🎉Thanks to the amazing AWS EC2 Graviton powered by Arm. It makes our Arm virtualization platform fire 🔥for our security research and testing customers. Join us!
#HiringNow
Fantastic article by
@washingtonpost
's
@ReedAlbergotti
, who used Corellium to discover malware, scams, and scareware in the iOS AppStore and report it to Apple
Virtual devices run in the cloud, but where's that on a map?
That's why we're introducing virtual GPS for Corellium Android devices!
Set your location anywhere you want! With the altitude setting, you can even make it feel at home among the real clouds!
Here is a very early beta of Linux on the m1 for *advanced users only*. if you don't know how to run this then wait till tomorrow when the more complete release with USB, SMP is posted (with instructions).
Corellium users already have access to jailbroken iOS 17. Do you?
Get in-depth testing of the latest OS without the risks or hassles of traditional jailbreaks. We're committed to supporting the security community in the safest way possible.
#jailbreak
Did you know that with our usage-based subscriptions you can spin up a virtual iPhone for just $0.50/hr? Check out our quick blog post on usage-based billing to learn more!
“Onlookers who spy a Goliath flexing its muscles against a plucky David are hoping, for the sake of iPhone security, an agreement is found.”- Thomas Brewster, Forbes. See our full legal response to
#Apple
vs.
#Corellium
lawsuit here:
Apple's lawsuit against iPhone virtualization startup Corellium could kill the young company. But it wasn't long ago Apple was trying to buy the founders' previous startup
We're looking for a Node.js wizard to help us make virtual magic 🪄 Full time / remote, must have strong proficiency in Node, experience with scaling cloud products a bonus. Contact info
@corellium
.com!
Enjoyed the
#BlackHat21
Keynote from our COO
@pwnallthethings
?
Meet our team and visit us at the Corellium booth 1682 in the business hall for a demo of our virtual mobile devices for security testing (and get cool swag!)
Ready to take a closer look inside iOS? With our new hypervisor-based strace functions, you can view and change sys calls in real time (even on non-jailbroken devices). Check out this iPhone XS 12.1.2 snip from restore:
Corellium now lets you create multiple Android Containers within the same VM. Each Container has its own launcher and can be controlled and streamed independently while only using the resources of 1 device.
#android
#containers
Extremely proud to see top-tier security researchers using Corellium to make in-depth security research more accessible and help the community find bugs to keep iOS users secure!