A while ago I tried to build PongOS (a pre-boot execution enviroinment for checkm8 vulnerable iOS devices) on my Linux (ubuntu 24.04) machine but it didn’t compile out of the box.

DOCUMENTING IT FOR FUTURE REFERENCES.

echo 'deb https://assets.checkra.in/debian /' | sudo tee /etc/apt/sources.list.d/checkra1n.list
sudo apt-key adv --fetch-keys https://assets.checkra.in/debian/archive.key
sudo apt update && sudo apt install cctools-strip

Download PongOS repo from github.

git clone --recursive https://github.com/checkra1n/PongoOS

Download checkra1n ld64 linker.

wget https://github.com/checkra1n/ld64-build/releases/download/954.16-0/ld64-x86_64 -o /usr/bin/ld64

Apply the below patches.

diff --git a/src/kernel/task.c b/src/kernel/task.c
index 0e6fa22..3ffffd1 100644
--- a/src/kernel/task.c
+++ b/src/kernel/task.c
@@ -27,6 +27,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <pongo.h>
+#include <stdarg.h>

 extern void task_load(struct task* to_task);
 extern void task_load_asserted(struct task* to_task);

diff --git a/Makefile b/Makefile
index 38bef74..cdd9391 100644
--- a/Makefile
+++ b/Makefile
@@ -52,7 +52,7 @@ RA1N                    := checkra1n/kpf

 # General options
 EMBEDDED_LD_FLAGS       ?= -nostdlib -static -Wl,-fatal_warnings -Wl,-dead_strip -Wl,-Z $(EMBEDDED_LDFLAGS)
-EMBEDDED_CC_FLAGS       ?= --target=arm64-apple-ios12.0 -std=gnu17 -Wall -Wunused-label -Werror -O3 -flto -ffreestanding -U__nonnull -nostdlibinc -DTARGET_OS_OSX=0 -DTARGET_OS_MACCATALYST=0 -I$(LIB)/include $(EMBEDDED_LD_FLAGS) $(EMBEDDED_CFLAGS)
+EMBEDDED_CC_FLAGS       ?= --target=arm64-apple-ios12.0 -std=gnu17 -Wall -Wunused-label -Wunused-but-set-variable -O3 -flto -ffreestanding -U__nonnull -nostdlibinc -DTARGET_OS_OSX=0 -DTARGET_OS_MACCATALYST=0 -I$(LIB)/include $(EMBEDDED_LD_FLAGS) $(EMBEDDED_CFLAGS)

 # Pongo options
 PONGO_LDFLAGS           ?= -L$(LIB)/lib -lc -lm -Wl,-preload -Wl,-no_uuid -Wl,-e,start -Wl,-order_file,$(SRC)/sym_order.txt -Wl,-image_base,0x100000000 -Wl,-sectalign,__DATA,__common,0x8 -Wl,-segalign,0x4000

Use clang-15 to compile.

EMBEDDED_CC=clang-15 EMBEDDED_LDFLAGS="-fuse-ld=/usr/bin/ld64 -fno-lto" STRIP=cctools-strip make -j1 all

After building PongOS binaries can be found in build/ dir.

ls -la build/
total 2228
drwxrwxr-x  2 puck puck   4096 Jan 26 23:59 .
drwxrwxr-x 14 puck puck   4096 Jan 26 23:58 ..
-rwxrwxr-x  1 puck puck  87848 Jan 26 23:59 checkra1n-kpf-pongo
-rwxrwxr-x  1 puck puck 758368 Jan 26 23:59 Pongo
-rw-rw-r--  1 puck puck 659712 Jan 26 23:59 Pongo.bin
-rw-rw-r--  1 puck puck 747576 Jan 26 23:59 PongoConsolidated.bin
-rwxrwxr-x  1 puck puck  16824 Jan 26 23:58 vmacho

Boot the pongOS binary using checkra1n loader.

checkra1n -k Pongo.bin

Building PongOS In Linux

References#