Skip to main content
Product

GLx Research Platform

Run and analyze Apple security components in a controlled hypervisor environment with deep introspection and debugging.

Request info Contact form
Hypervisor workflow Debugger attachment Repeatable analysis
At a glance
What GLx Research Platform enables
Run SPTM / TXM / SK / Exclaves in a controlled environment
Attach debuggers and inspect state live
Trace bootstrapping and state-machine transitions
Correlate logs, memory maps, registries, and identifiers
Validate hypotheses with repeatable experiments

Overview

GLx Research Platform is a research platform for low-level security analysis of Apple’s newer security components, including SPTM, TXM, SK and Exclaves. It is designed for repeatable experiments and deep visibility. You can run components in a controlled environment, attach a debugger, inspect state, and generate artifacts for offline analysis. It is built on Apple’s Hypervisor Framework and combines it with custom binary instrumentation to enable controlled execution and repeatable experiments.

Key capabilities

Controlled execution

  • Run SPTM, TXM, SK and Exclave userland components inside a controlled hypervisor environment

  • Powered by Apple’s Hypervisor Framework combined with custom binary instrumentation

  • Reproduce behavior deterministically for experiments

Custom GDB stub

The platform includes a custom GDB stub designed for this problem space:

  • Software breakpoints and hardware breakpoints

  • Hardware watchpoints

  • Physical memory access (read/write)

  • Page table dumping and inspection helpers

  • System register access (including Apple-specific registers)

  • Component core dump generation for offline analysis

Introspection and visibility

  • Full runtime introspection across components (state, memory, control flow)

  • Runtime enumeration of components, ASIDs and threads

  • Correlation of logs, memory maps and collected artifacts

  • Code coverage collection and visualization for components

Instrumentation and injection

  • Code injection at multiple levels for controlled experiments (SPTM, TXM, SK and Exclaves)

  • Running SPTM and TXM in userland with binary instrumentation (where applicable)

  • Targeted experiments to validate hypotheses by triggering behavior and inspecting results with full context

Fuzzing and evaluation

  • Support for fuzzing approaches to evaluate parsing/validation paths (where applicable)

  • Coverage-guided exploration of code paths and validation behavior

Extensibility

  • Plugin interface for custom analysis helpers and automation

  • Export hooks for maps, tables, traces, and reports into external tooling

Use cases

  • Reverse engineering and security evaluation of SPTM/TXM/SK/Exclaves

  • Crash analysis and root cause investigation with full context

  • Coverage-guided exploration of code paths and validation behavior

  • Training and teaching workflows (used in the Deep Dive training)

Availability

training@antid0te.com

GLx Research Platform is used in our SPTM/TXM/SK/Exclaves training and is also available for commercial licensing. Email us with your intended use (research, internal security, training) and environment requirements.