AppleJPEGDriver

From iPhone Development Wiki
Revision as of 07:51, 25 September 2021 by Artoria2e5 (talk | contribs) (Code making use of this interface)
Jump to: navigation, search

AppleJPEGDriver is a kernel-extension providing the acceleration of encoding and decoding JPEG images via IOSurfaces, especially for ones with YUV color space. It powers the AppleJPEG for decoding, Camera for encoding, and Celestial for both.

Methods

Selector Action Input Output
0 initializeDecoder - -
1 startDecoder struct JPEGDriverArgs (40 bytes) 40 bytes of stuff
2 initializeEncoder - -
3 startEncoder struct JPEGDriverArgs (40 bytes) 40 bytes of stuff.

where

struct JPEGDriverArgs {
  int must_be_zero_1;
  IOSurfaceID src_surface /*in*/;
  size_t src_size /*in*/;
  int must_be_zero_2;
  IOSurfaceID dest_surface /*in*/;
  size_t dest_size /*in*/;
  size_t result_size /*out*/;
  size_t dest_width /*in*/;
  size_t dest_height /*in*/;
  int quality /*in: 4 gives decent quality */;
};

For best results, use an IOSurface that has the kIOSurfaceCacheMode property set to kIOMapInhibitCache.

Code making use of this interface

  • AppleJPEGDriver-memleak calls AppleJPEGDriver to perform an exploit on iOS 10.1.1.
  • demo.m from Alyssa Rosenzweig uses the memleak struct definition to decode an image on M1.

It is unknown why the struct definitions appear to differ from the above in the two examples. As with other IOKit classes, you use IOConnectCallStructMethod to call the methods.