Hello, The following simple code leads to memory leak IOHIDManagerRef hidManager = IOHIDManagerCreate(kCFAllocatorDefault, kIOHIDManagerOptionNone); ... IOHIDManagerSetDeviceMatching(hidManager, matchingCriteria); CFRelease(matchingCriteria); if (IOHIDManagerOpen(hidManager, kIOHIDOptionsTypeNone) != kIOReturnSuccess) { return 1; } ... if (IOHIDManagerClose(hidManager, kIOHIDOptionsTypeNone) != kIOReturnSuccess) { return 1; } CFRelease(hidManager); The following leaks report: STACK OF 2 INSTANCES OF ROOT LEAK: : 17 dyld 0x19b3aeb98 start + 6076 16 a.out 0x1027147e4 main + 200 15 com.apple.framework.IOKit 0x19f6781b8 __ApplyToDevices + 100 14 com.apple.CoreFoundation 0x19b801cfc CFSetApplyFunction + 224 13 com.apple.CoreFoundation 0x19b801dc0 CFBasicHashApply + 148 12 com.apple.CoreFoundation 0x19b801f94 __CFSetApplyFunction_block_invoke + 28 11 com.apple.framework.IOKit 0x19f6784c8 __IOHIDManagerDeviceApplier + 76 10 com.apple.framework.IOKit 0x19f5e18ec IOHIDDeviceOpen + 56 9 com.apple.iokit.IOHIDLib 0x102992cf0 0x102984000 + 60656 8 com.apple.iokit.IOHIDLib 0x10298d8ec 0x102984000 + 39148 7 com.apple.iokit.IOHIDLib 0x10298d3e8 0x102984000 + 37864 6 com.apple.framework.IOKit 0x19f5d5760 IORegistryEntrySearchCFProperty + 420 5 com.apple.framework.IOKit 0x19f5d66b4 IOCFUnserializeBinary + 480 4 com.apple.CoreFoundation 0x19b7d9ef0 __NSArrayM_new + 60 3 com.apple.CoreFoundation 0x19b7c2378 __CFAllocateObject + 20 2 libobjc.A.dylib 0x19b35b7ec class_createInstance + 76 1 libsystem_malloc.dylib 0x19b56ba40 _calloc + 88 0 libsystem_malloc.dylib 0x19b581270 _malloc_zone_calloc_instrumented_or_legacy + 132 _ I have not found any mention in documentation what should be released before/after the call IOHIDManagerClose. Are there any advices? Thank you in advance!

Hello, As part of developing a DLP system, the microphone and speakers should be blocked. My solution involves muting devices by changing the property kAudioDevicePropertyMute. However, this solution allows the user to unmute the device, and the app must implement a property listener to mute the device again. The problem is that muting takes some time and the device is temporarily unmuted. Admittedly, it takes less than a second, but nevertheless, it appears insecure. Is there an Apple-recommended approach to implement such blocking more securely? Maybe some solution which is based on IOKit. Thank you in advance, Pavel

Is there a way to ensure a kernel extension in the Auxiliary Kernel Collection loads (and runs its start routines) before launchd? I'm emitting logs via os_log_t created with an os_log_create (custom subsystem/category) in both my KMOD's start function and the IOService::start() function. Those messages-- which both say "I've been run"-- inconsistently show up in log show --predicate 'subsystem == "com.bluefalconhd.pandora"' --last boot, which makes me think they are running very early. However, I also record timestamps (using mach_absolute_time, etc.) and expose them to user space through an IOExternalMethod. The results (for the most recent boot): hayes@fortis Pandora/tests main % build/pdtest Pandora Metadata: kmod_start_time: Time: 2025-07-22 14:11:32.233 Mach time: 245612546 Nanos since boot: 10233856083 (10.23 seconds) io_service_start_time: Time: 2025-07-22 14:11:32.233 Mach time: 245613641 Nanos since boot: 10233901708 (10.23 seconds) user_client_init_time: Time: 2025-07-22 14:21:42.561 Mach time: 14893478355 Nanos since boot: 620561598125 (620.56 seconds) hayes@fortis Pandora/tests main % ps -p 1 -o lstart= Tue Jul 22 14:11:27 2025 Everything in the kernel extension appears to be loading after launchd (PID 1) starts. Also, the kext isn't doing anything crazy which could cause that kind of delay. For reference, here's the Info.plist: <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleExecutable</key> <string>Pandora</string> <key>CFBundleIdentifier</key> <string>com.bluefalconhd.Pandora</string> <key>CFBundleName</key> <string>Pandora</string> <key>CFBundlePackageType</key> <string>KEXT</string> <key>CFBundleVersion</key> <string>1.0.7</string> <key>IOKitPersonalities</key> <dict> <key>Pandora</key> <dict> <key>CFBundleIdentifier</key> <string>com.bluefalconhd.Pandora</string> <key>IOClass</key> <string>Pandora</string> <key>IOMatchCategory</key> <string>Pandora</string> <key>IOProviderClass</key> <string>IOResources</string> <key>IOResourceMatch</key> <string>IOKit</string> <key>IOUserClientClass</key> <string>PandoraUserClient</string> </dict> </dict> <key>OSBundleLibraries</key> <dict> <key>com.apple.kpi.dsep</key> <string>24.2.0</string> <key>com.apple.kpi.iokit</key> <string>24.2.0</string> <key>com.apple.kpi.libkern</key> <string>24.2.0</string> <key>com.apple.kpi.mach</key> <string>24.2.0</string> </dict> </dict> </plist> My questions are: A. Why don't the early logs (from KMOD's start function and IOService::start) consistently appear in the unified log, while logs later in IOExternalMethods do? B. How can I force this kext to load earlier-- ideally before launchd? Thanks in advance for any guidance!

Hi, we are listed for the MFI program as a licensed manufacturer. We have now started with the IAP3 sample code and the IAP chips to build up a USB communication between our accessory and an iOS device. We are looking for a sample project for the iOS part. Is there some available? The only official I can find is this: https://developer.apple.com/library/archive/samplecode/EADemo/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010079 This app is somehow outdated and from 2016. Is there something else available as a starting point? And how does this relate to IOKit since it is available for serial communication on iOS16 as well? Kind regards,

I developed a driverkit extension based on overriding-the-default-usb-video-class-extension, but the link didn’t give the details of realization. I asked DTS who gave two tips: 1, Do you also have a CMIO extension to load in place of the default overriding-the-default-usb-video-class-extension 2, Your DriverKit extension’s info.plist is also missing the CameraAssistantBundleID. I want to know why a driverkit extension needs a CMIO extension, what’s the data and control flow?

When I use IOKit/usb/IOUSBLib to toggle build-in camera, I got an ERROR:ret IOReturn -536870210 How can I resolve it? Can I use IOUSBLib to disable or hide build-in camera? My environment: Model Name: MacBook Pro ProductVersion: 15.5 Model Identifier: MacBookPro15,2 Processor Name: Quad-Core Intel Core i5 Processor Speed: 2.4 GHz Number of Processors: 1 // 禁用/启用USB设备 bool toggleUSBDevice(uint16_t vendorID, uint16_t productID, bool enable) { std::cout << (enable ? "Enabling" : "Disabling") << " USB device with VID: 0x" << std::hex << vendorID << ", PID: 0x" << productID << std::endl; // 创建匹配字典查找指定VID/PID的USB设备 CFMutableDictionaryRef matchingDict = IOServiceMatching(kIOUSBDeviceClassName); if (!matchingDict) { std::cerr << "Failed to create USB device matching dictionary." << std::endl; return false; } // 设置VID/PID匹配条件 CFNumberRef vendorIDRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt16Type, &vendorID); CFNumberRef productIDRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt16Type, &productID); CFDictionarySetValue(matchingDict, CFSTR(kUSBVendorID), vendorIDRef); CFDictionarySetValue(matchingDict, CFSTR(kUSBProductID), productIDRef); CFRelease(vendorIDRef); CFRelease(productIDRef); // 获取匹配的设备迭代器 io_iterator_t deviceIterator; if (IOServiceGetMatchingServices(kIOMainPortDefault, matchingDict, &deviceIterator) != KERN_SUCCESS) { std::cerr << "Failed to get USB device iterator." << std::endl; CFRelease(matchingDict); return false; } io_service_t usbDevice; bool result = false; int deviceCount = 0; // 遍历所有匹配的设备 while ((usbDevice = IOIteratorNext(deviceIterator)) != IO_OBJECT_NULL) { deviceCount++; // 获取设备路径 char path[1024]; if (IORegistryEntryGetPath(usbDevice, kIOServicePlane, path) == KERN_SUCCESS) { std::cout << "Found device at path: " << path << std::endl; } // 打开设备 IOCFPlugInInterface** plugInInterface = NULL; IOUSBDeviceInterface** deviceInterface = NULL; SInt32 score; IOReturn ret = IOCreatePlugInInterfaceForService( usbDevice, kIOUSBDeviceUserClientTypeID, kIOCFPlugInInterfaceID, &plugInInterface, &score); if (ret == kIOReturnSuccess && plugInInterface) { ret = (*plugInInterface)->QueryInterface(plugInInterface, CFUUIDGetUUIDBytes(kIOUSBDeviceInterfaceID), (LPVOID*)&deviceInterface); (*plugInInterface)->Release(plugInInterface); } if (ret != kIOReturnSuccess) { std::cerr << "Failed to open USB device interface. Error:" << ret << std::endl; IOObjectRelease(usbDevice); continue; } // 禁用/启用设备 if (enable) { // 启用设备 - 重新配置设备 ret = (*deviceInterface)->USBDeviceReEnumerate(deviceInterface, 0); if (ret == kIOReturnSuccess) { std::cout << "Device enabled successfully." << std::endl; result = true; } else { std::cerr << "Failed to enable device. Error: " << ret << std::endl; } } else { // 禁用设备 - 断开设备连接 ret = (*deviceInterface)->USBDeviceClose(deviceInterface); if (ret == kIOReturnSuccess) { std::cout << "Device disabled successfully." << std::endl; result = true; } else { std::cerr << "Failed to disable device. Error: " << ret << std::endl; } } // 关闭设备接口 (*deviceInterface)->Release(deviceInterface); IOObjectRelease(usbDevice); } IOObjectRelease(deviceIterator); if (deviceCount == 0) { std::cerr << "No device found with specified VID/PID." << std::endl; return false; } return result; }

Hello, As part of developing a DLP system, I need to block input devices upon detection of data leakage. Could you advise if it's possible to temporarily disable the built-in keyboard and camera? Thank you in advance, Pavel

Hello, I'm trying to get a list of all network devices (device audit for DLP system). CFMutableDictionaryRef matchingDictionary = IOServiceMatching(kIONetworkControllerClass); if (matchingDictionary == nullptr) { std::cerr << "IOServiceMatching() returned empty matching dictionary" << std::endl; return 1; } io_iterator_t iter; if (kern_return_t kr = IOServiceGetMatchingServices(kIOMasterPortDefault, matchingDictionary, &iter); kr != KERN_SUCCESS) { std::cerr << "IOServiceGetMatchingServices() failed" << std::endl; return 1; } io_service_t networkController; while ((networkController = IOIteratorNext(iter)) != IO_OBJECT_NULL) { std::cout << "network device: "; if (CFDataRef cfIOMACAddress = (CFDataRef) IORegistryEntryCreateCFProperty(networkController, CFSTR(kIOMACAddress), kCFAllocatorDefault, kNilOptions); cfIOMACAddress != nullptr) { std::vector<uint8_t> data(CFDataGetLength(cfIOMACAddress)); CFDataGetBytes(cfIOMACAddress, CFRangeMake(0, data.size()), data.data()); std::cout << std::hex << std::setfill('0') << std::setw(2) << (short)data[0] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[1] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[2] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[3] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[4] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[5]; CFRelease(cfIOMACAddress); } std::cout << std::endl; IOObjectRelease(networkController); } IOObjectRelease(iter); The Wi-Fi controller shows up in I/O Registry Explorer, but IOServiceGetMatchingServices() does not return any information about it. Any way to retrieve Wi-Fi controller info in daemon code? Thank you in advance!

Can i use iokit usb lib to disable build-in camera?

Hello, I need to enumerate built-in media devices (cameras, microphones, etc.). For this purpose, I am using the CoreAudio and CoreMediaIO frameworks. According to the table 'Daemon-Safe Frameworks' in Apple’s TN2083, CoreAudio is daemon-safe. However, the documentation does not mention CoreMediaIO. Can CoreMediaIO be used in a daemon? If not, are there any documented alternatives to detect built-in cameras in a daemon (e.g., via device classes in IOKit)? Thank you in advance, Pavel

Hi guys, Can I use CMIO to achieve the following feature on macOS when a USB device (Camera/Mic/Speaker) is connected: When a third-party video conferencing app is not in a meeting, ensure the app defaults to using the USB device (Camera/Mic/Speaker). When a third-party conferencing app is in a meeting, ensure the app automatically switches to the USB device (Camera/Mic/Speaker).

Hi all, In MacOS, how can I disable or enable build-in camera by program or script?

Hello, What is the best and Apple recommended way to get display name and its vendor information? The CoreGraphics framework provides ModelNumber and VendorNumber only. Looks like IOKit does not provide any documented way at all. Are there any daemon safe way to get such information? Thank you in advance, Pavel

I need to implement a solution through an API or custom driver to completely block out the built-in speakers and microphone of Mac, because I need other apps to use specified external devices as audio input and output. Is there a way to achieve this requirement? What I mean is that even in system preferences, it should not be possible to choose the built-in microphone and speakers; only my external device can be used.

We have a macOS application which interacts with our USB and PCI devices to perform SCSI and NVME commands on them. We use IOUSBHost, IOUSBLib and IOKitLib for USB interface and have created a custom driver to interact with PCI devices. Is there a way we can implement a similar functionality for iOS as well if we connect the cards and readers using OTG?

When plugging in my matched USB device I see the logs below. It seems the kernelmanagerd process is sandboxed and can't write out the reason my Dext failed to load. Is there somewhere else I can look for this info? default 11:03:22.175152-0700 kernelmanagerd Received kext load notification: me.keithg.MyUserUSBInterfaceDriver default 11:03:22.177637-0700 kernel 1 duplicate report for Sandbox: icdd(2124) allow file-read-data /Library/Image Capture/Devices error 11:03:22.177681-0700 kernel Sandbox: kernelmanagerd(545) deny(1) file-write-create /private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/com.apple.kernelmanagerd/TemporaryItems com.apple.libcoreservices error 11:03:22.177711-0700 kernelmanagerd mkdir: path=/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/com.apple.kernelmanagerd/TemporaryItems/ mode= -rwx------: [1: Operation not permitted] error 11:03:22.179361-0700 kernel Sandbox: kernelmanagerd(545) deny(1) file-write-create /private/var/db/loadedkextmt.plist.sb-5a00fc77-LNttZF com.apple.libcoreservices error 11:03:22.177755-0700 kernelmanagerd _dirhelper_relative_internal: error for path <private>: [1: Operation not permitted] com.apple.accessories default 11:03:22.177674-0700 WindowServer Sending analytics event... (eventName: com.apple.ioport.transport.USB.published) error 11:03:22.179913-0700 kernelmanagerd Failed to write extension load report plist.

I'm working on a project to allow HID input from macOS to a connected iOS device. Are we prohibited from matching to a connected iPhone with DriverKit? I see the attribute kCDCDoNotMatchThisDevice for my iPhone is YES when looking at the IO registry and my dext does not initialize

Good morning, I'm encountering reliability issues with DDC/CI communication when using USB-C connection. Initially using ddc-hi (which uses this package), I ran into several issues that I've partially resolved but still need help addressing. Environment OS: macOS Display Connection: USB-C for _ in 1 ... (numOfRetryAttemps ?? 4) + 1 { for _ in 1 ... max((numOfWriteCycles ?? 2) + 0, 1) { usleep(writeSleepTime ?? 10000) success = IOAVServiceWriteI2C(service, UInt32(ARM64_DDC_7BIT_ADDRESS), UInt32(dataAddress), &packet, UInt32(packet.count)) == 0 } if !reply.isEmpty { usleep(readSleepTime ?? 50000) if IOAVServiceReadI2C(service, UInt32(ARM64_DDC_7BIT_ADDRESS), 0, &reply, UInt32(reply.count)) == 0 { success = self.checksum(chk: 0x50, data: &reply, start: 0, end: reply.count - 2) == reply[reply.count - 1] } } if success { return success } usleep(retrySleepTime ?? 20000) } The result from IOAVServiceReadI2C is not reliable in some cases. Do we have any other API to get VCP code from monitor like Intel version done. The previous APIs weren’t working anymore on the M1 GPU, the IOFramebuffer was now an IOMobileFramebuffer and the IOI2C* functions weren’t doing anything.

I'd like to write an app to help diagnose malfunctioning home theater setups. I've seen libcec, but it doesn't seem to support Apple's HDMI ports (and maybe APIs to support it don't exist? I'm not sure.) Thanks in advance. Sorry if I've applied the wrong tags to this post.

I have a command line utility I wrote that has been working great up until Sequoia that reads the macro keys from a Logitech G600 gaming mouse and turns it in to custom commands. it was using the following code, checking if usage was 0x80: IOHIDManagerRegisterInputValueCallback( g600HIDManager, { _, returnResult, callbackSender, valueRef in let elem = IOHIDValueGetElement(valueRef) let usage = IOHIDElementGetUsage(elem) let pressed = IOHIDValueGetIntegerValue(valueRef) Now i'm having issues with opening the HID manager: IOHIDManagerOpen(g600HIDManager, IOOptionBits.zero) After changing the system security from permissive to restrictive, It's giving the error code 0xE00002E2, or no permission. I can't easily add the sandbox entitlements as this is just a simple CLI application, not a bundled app, and even after setting back to csrutil disable, i'm still getting this error. So now i'm trying to turn it in to a bundled app and use CoreHID instead. Unfortunately I'm not getting any notifications that aren't the mouse itself. From the above code that was working before, i was looking for usage values of 0x80. I'm guessing that directly corresponds to the usage 0x80 in the HID descriptor. I am receiving notifications via await deviceClient!.monitorNotifications(reportIDsToMonitor: [] , elementsToMonitor: [] ) which should pick up everything for the device. I know the usage i'm looking for is referenced in the device client because it's in the deviceClient.elements collection. So is there something in CoreHID that specifically blocks Vendor specified Usage pages from being picked up by notifications? I've also tried just requesting the elements using let elemToMon = await deviceClient?.elements.filter({ ele in return ele.usage.page == 0xFF80 && ele.usage.usage == 0x80 }) let request = HIDDeviceClient.RequestElementUpdate(elements: elemToMon!) let results = await deviceClient!.updateElements([request]) but that call errors (still trying to figure out exactly how it errors). Any help would be appreciated, either in figuring out why i'm not getting the HID reports in question using CoreHID, or even what has changed that is causing me to not be able to use IOKit.hid anymore. Thanks in advance! For reference, here's the decoded HID descriptor: 0x05, 0x01, // Usage Page (Generic Desktop Ctrls) 0x09, 0x06, // Usage (Keyboard) 0xA1, 0x01, // Collection (Application) 0x85, 0x01, // Report ID (1) 0x05, 0x07, // Usage Page (Kbrd/Keypad) 0x19, 0xE0, // Usage Minimum (0xE0) 0x29, 0xE7, // Usage Maximum (0xE7) 0x15, 0x00, // Logical Minimum (0) 0x25, 0x01, // Logical Maximum (1) 0x75, 0x01, // Report Size (1) 0x95, 0x08, // Report Count (8) 0x81, 0x02, // Input (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position) 0x75, 0x08, // Report Size (8) 0x95, 0x05, // Report Count (5) 0x15, 0x00, // Logical Minimum (0) 0x26, 0xA4, 0x00, // Logical Maximum (164) 0x19, 0x00, // Usage Minimum (0x00) 0x2A, 0xA4, 0x00, // Usage Maximum (0xA4) 0x81, 0x00, // Input (Data,Array,Abs,No Wrap,Linear,Preferred State,No Null Position) 0xC0, // End Collection 0x06, 0x80, 0xFF, // Usage Page (Vendor Defined 0xFF80) 0x09, 0x80, // Usage (0x80) 0xA1, 0x01, // Collection (Application) 0x85, 0x80, // Report ID (-128) 0x09, 0x80, // Usage (0x80) 0x75, 0x08, // Report Size (8) 0x95, 0x05, // Report Count (5) 0x81, 0x02, // Input (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position) 0x85, 0xF6, // Report ID (-10) 0x09, 0xF6, // Usage (0xF6) 0x75, 0x08, // Report Size (8) 0x95, 0x07, // Report Count (7) 0x81, 0x02, // Input (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position) 0x85, 0xF0, // Report ID (-16) 0x09, 0xF0, // Usage (0xF0) 0x95, 0x03, // Report Count (3) 0xB1, 0x02, // Feature (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position,Non-volatile) 0x85, 0xF1, // Report ID (-15) 0x09, 0xF1, // Usage (0xF1) 0x95, 0x07, // Report Count (7) 0xB1, 0x02, // Feature (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position,Non-volatile) 0x85, 0xF2, // Report ID (-14) 0x09, 0xF2, // Usage (0xF2) 0x95, 0x04, // Report Count (4) 0xB1, 0x02, // Feature (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position,Non-volatile) 0x85, 0xF3, // Report ID (-13) 0x09, 0xF3, // Usage (0xF3) 0x95, 0x99, // Report Count (-103) 0xB1, 0x02, // Feature (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position,Non-volatile) 0x85, 0xF4, // Report ID (-12) 0x09, 0xF4, // Usage (0xF4) 0x95, 0x99, // Report Count (-103) 0xB1, 0x02, // Feature (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position,Non-volatile) 0x85, 0xF5, // Report ID (-11) 0x09, 0xF5, // Usage (0xF5) 0x95, 0x99, // Report Count (-103) 0xB1, 0x02, // Feature (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position,Non-volatile) 0x85, 0xF6, // Report ID (-10) 0x09, 0xF6, // Usage (0xF6) 0x95, 0x07, // Report Count (7) 0xB1, 0x02, // Feature (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position,Non-volatile) 0x85, 0xF7, // Report ID (-9) 0x09, 0xF7, // Usage (0xF7) 0x75, 0x08, // Report Size (8) 0x95, 0x1F, // Report Count (31) 0x81, 0x02, // Input (Data,Var,Abs,No Wrap,Linear,Preferred State,No Null Position) 0xC0, // End Collection