Blog

# Running Apple Silicon on Intel with QEMU I found this article the other day. https://www.theregister.com/2021/05/20/mac_os_arm_on_x86/ The fine folks over at cylance (owned by blackberry) figured out how to emulate an apple silicon processor on an intel processor using qemu. Fancy. It has been pretty common for people to try and do the opposite and run intel on an apple processor. See [Crossover](https://www.ithinkdiff.com/how-to-crossover-windows-m1-mac/). Virtualizing ARM on Apple Silicon has seen some serious progress as of recent as well, see [parallels](https://www.parallels.com/blogs/parallels-desktop-m1/) or [utm](https://mac.getutm.app/). It's pretty crazy to me to see they were able to pull the arm on intel magic trick off. Even if they were only able to boot the terminal. I definitely appreciate the level of openness to what they did and how they did it. You can read about the full process here. https://blogs.blackberry.com/en/2021/05/strong-arming-with-macos-adventures-in-cross-platform-emulation It's a fairly long article, but by following the instructions on the github this was actually really straightforward and recreating their results was not nearly as daunting as first anticipated. The zip hosted on mega.co.nz has the binaries, ramdisk, and device tree already made for you, making the process way easier. ## Trying it out If you want to try it yourself head on over to their github: https://github.com/cylance/macos-arm64-emulation#building-qemu From my kali vm I downloaded the 100mB zip and extracted it. Follow the instructions listed under Building QEMU, you'll need to download the diff from the github manually. Otherwise the commands are exactly the same. ``` wget https://download.qemu.org/qemu-5.1.0.tar.xz tar xf qemu-5.1.0.tar.xz mv qemu-5.1.0 xnu-qemu-arm64-5.1.0 wget https://raw.githubusercontent.com/cylance/macos-arm64-emulation/main/xnu-qemu-arm64-5.1.0.diff git apply xnu-qemu-arm64-5.1.0.diff cd xnu-qemu-arm64-5.1.0 ./configure --target-list=aarch64-softmmu --disable-capstone --disable-pie --disable-slirp make -j6 cd .. ``` Building qemu from source only took a couple minutes. You then start the emulator using the command from the github. The premade [zip](https://mega.nz/file/GZwzGYKb#HscZIOg_K5JdUIvbLwwwW7_Ntc1z9c7QPOcEQRKwp8c) has the device tree named without .patched. So I've updated it below. ``` ./xnu-qemu-arm64-5.1.0/aarch64-softmmu/qemu-system-aarch64 \ -M macos11-j273-a12z,\ kernel-filename=kernelcache.release.j273.out,\ dtb-filename=DeviceTree.j273aap.im4p.out,\ ramdisk-filename=arm64eSURamDisk.dmg.out,\ kern-cmd-args="kextlog=0xfff cpus=1 rd=md0 serial=2 -noprogress",\ xnu-ramfb=off \ -cpu max \ -m 6G \ -serial mon:stdio \ -nographic \ ``` It'll take a minute to boot, but you eventually land to a shell. ![](images/appleonintel/asonintel.JPG) There aren't a whole lot of commands you can do with this limited shell, but it is really cool to see this working and I'm excited for the future of qemu dev.