Kernel debugging on Apple Silicon

Question

With Apple Silicon being heavily locked down when it comes to kernel debugging, how would one develop kernel exploits that require single-stepping and setting breakpoints?

Someone · Accepted Answer

The supported way is to use the Kernel Debug Kit and use two Macs. See https://developer.apple.com/documentation/apple-silicon/debu....I guess you could also write a kernel extension that allows inspecting memory, changing memory, setting breakpoints, etc. from a user-mode program using fcntl but if you stop the kernel, chances are user-mode locks up, too (might be guaranteed; I don&rsquo;t know how much multi-threading there is in the MacOS kernel)