Emulator File Setup

Caution

Do not share any files, such as pre-made modified or unmodified images or decrypted, patched, modified or unmodified firmware, etc. It surely violates Apple's EULA. However, if the EULA violation isn't a crime, the other cases aforementioned may be under your jurisdiction, check your local laws.

Creating the Disks

QEMUAppleSilicon/build/qemu-img create -f raw nvme.1 16G # or 32G
QEMUAppleSilicon/build/qemu-img create -f raw nvme.2 8M
QEMUAppleSilicon/build/qemu-img create -f raw nvme.3 128K
QEMUAppleSilicon/build/qemu-img create -f raw nvme.4 8K
QEMUAppleSilicon/build/qemu-img create -f raw nvram  8K
QEMUAppleSilicon/build/qemu-img create -f raw nvme.6 4K
QEMUAppleSilicon/build/qemu-img create -f raw nvme.7 1M
QEMUAppleSilicon/build/qemu-img create -f raw nvme.8 3M
QEMUAppleSilicon/build/qemu-img create -f raw sep_nvram 2K
QEMUAppleSilicon/build/qemu-img create -f raw sep_ssc 128K

Fetching the SEP ROM

Find file from [REDACTED]. Sorry, don't want Apple to get mad. Google "Apple ROM Collection", the result will certainly be fun.

It must be Cebu B1 for t8030/iPhone 11.

Preparing the SEP firmware

Prerequisites

Ticket Creation Script: https://github.com/ChefKissInc/QEMUAppleSiliconTools/raw/refs/heads/master/create_septicket.py img4tool utility from https://github.com/tihmstar/img4tool img4 utility from https://github.com/xerub/img4lib

Creating the Ticket

python3 create_septicket.py n104ap BuildManifest.plist ticket.shsh2 sep_root_ticket.der

Fetching the Firmware

Download iOS 14.7.1 ipsw for iPhone12,1.

Extract the necessary files

mkdir temporary && cd temporary
unzip ../iPhone11,8,iPhone12,1_14.7.1_18G82_Restore.ipsw
cd ..

Decrypting the Firmware

img4tool -e --iv THE_SEP_FW_IV --key THE_SEP_FW_KEY -o sep-firmware.n104.RELEASE temporary/Firmware/all_flash/sep-firmware.n104.RELEASE.img4

Repackaging the Firmware to an IMG4

img4tool -t rsep -d ff86cbb5e06c820266308202621604696d706c31820258ff87a3e8e0730e300c1604747a3073020407e78000ff868bc9da730e300c160461726d73020400d84000ff87a389da7382010e3082010a160474626d730482010036373166326665363234636164373234643365353332633464666361393732373734353966613362326232366635643962323032383061643961303037666635323834393936383138653962303461336434633034393061663833313630633464356330313832396536633635303836313230666133346539663263323165373237316265623231636139386237386464303064363037326530366464393962666163623262616362623261373830613465636161303363326361333930303931636334613461666231623737326238646234623865653566663365636437373135306531626566333633303034336637373665666265313130316538623433ff87a389da7282010e3082010a160474626d720482010034626631393164373134353637356364306264643131616166373734386138663933373363643865666234383830613130353237633938393833666636366538396438333330623730626237623561333530393864653735353265646635373762656166363137353235613831663161393838373838613865346665363734653936633439353066346136366136343231366561356438653333613833653530353962333536346564633533393664353539653337623030366531633637343633623736306336333164393163306339363965366662373130653962333061386131396338333166353565636365393835363331643032316134363361643030 -c sep-firmware.n104.RELEASE.im4p sep-firmware.n104.RELEASE
img4 -F -o sep-firmware.n104.RELEASE.new.img4 -i sep-firmware.n104.RELEASE.im4p -M sep_root_ticket.der

iOS Firmware

Fetch the firmware

Download iOS 14.0 beta 5 ipsw for iPhone12,1.

Extract the necessary files

mkdir iPhone11_8_iPhone12_1_14.0_18A5351d_Restore && cd iPhone11_8_iPhone12_1_14.0_18A5351d_Restore
unzip ../iPhone11,8,iPhone12,1_14.0_18A5351d_Restore.ipsw

The largest file in iPhone11_8_iPhone12_1_14.0_18A5351d_Restore can be deleted as it's the main OS disk image.