The QiLin (麒麟) Toolkit was developed by Jonathan Levin to provide a standardized API for present and future jailbreaks. Having noticed that most PoC exploits end up providing the kernel_task send right, Jonathan Levin came up with the idea of providing a full post-exploitation toolkit with a simple API that could easily be compiled against and linked with.
The QiLin homepage (http://www.NewOSXBook.com/QiLin/) contains the object file required (qilin.o) and the header file (qilin.h). Once these are dropped into an XCode project, QiLin can be used for numerous tasks, including:
- Unsandboxing a process - Entitling a process - Bestowing root privileges - Entitling a process - Unpacking binary utilities - Bestowing platform binary status
A full writeup about how QiLin operates can be found in MacOS Internals, Volume III - Chapter 25, which is also available as a free download from http://NewOSXBook.com/QiLin/qilin.pdf