Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated in /var/www/html/extensions/Variables/includes/ExtVariables.php on line 198
AppleJPEGDriver - iPhone Development Wiki


From iPhone Development Wiki

AppleJPEGDriver is a kernel-extension providing the acceleration of encoding and decoding JPEG images via IOSurfaces, especially for ones with YUV color space. It powers the AppleJPEG for decoding, Camera for encoding, and Celestial for both.


Selector Action Input Output
0 initializeDecoder - -
1 startDecoder struct JPEGDriverArgs (40 bytes) 40 bytes of stuff
2 initializeEncoder - -
3 startEncoder struct JPEGDriverArgs (40 bytes) 40 bytes of stuff.


struct JPEGDriverArgs {
  int must_be_zero_1;
  IOSurfaceID src_surface /*in*/;
  size_t src_size /*in*/;
  int must_be_zero_2;
  IOSurfaceID dest_surface /*in*/;
  size_t dest_size /*in*/;
  size_t result_size /*out*/;
  size_t dest_width /*in*/;
  size_t dest_height /*in*/;
  int quality /*in: 4 gives decent quality */;

For best results, use an IOSurface that has the kIOSurfaceCacheMode property set to kIOMapInhibitCache.

Code making use of this interface

  • AppleJPEGDriver-memleak calls AppleJPEGDriver to perform an exploit on iOS 10.1.1.
  • demo.m from Alyssa Rosenzweig uses the memleak struct definition to decode an image on M1.

It is unknown why the struct definitions appear to differ from the above in the two examples (probably just an upgrade). As with other IOKit classes, you use IOConnectCallStructMethod to call the methods.