Free Trial

Advanced mobile security tools

Perform vulnerability and exploit research with powerful OS kernel, file system, and network layer tools.

On-demand access

Spin up devices in no time and integrate them with your security tooling.

  • Select from the most comprehensive list of device and OS combos available, including betas.

  • Run, research, and test production code without modifications and recompiles.

  • Integrate other security tools and your workflows through our robust APIs.

  • Perform full-stack security research of mobile devices, OS and apps on a single platform.

Create and selecting a device in Corellium's virtual hardware platform

Discovery and research

Gain visibility into the OS kernel, firmware functions, activity and subsystem I/O.

  • Seamlessly jailbreak or root any device, no need to rely on security vulnerabilities.

  • View system and kernel logs, and inspect file systems, system calls and network traffic - all in real time.

  • Easily install and run apps in our UI, run scripts and use debug tools like GDB and IDA through our pre-integrated Frida console.

  • Connect to your favorite HTTP proxy/monitor, forward ports, and enable and disable GPU acceleration.

 
Device Features CoreTrace Processes; Corellium's virtual hardware platform

Configuration and control

Set up ephemeral device states to replicate real-world environments.

  • Set battery charge level, health, connection type and status.

  • Set environment temperature, lighting, pressure and humidity.

  • Configure GPS location coordinates, altitude and time offset.

  • Modify acceleration, gyroscope, magnetic and orientation settings.

Simulate environmental sensors in Corellium's virtual hardware platform

Kernel research

Use advanced tooling purpose-built for advanced security research and kernel debugging.

  • Upload custom kernels and device trees, and enable/disable kernel patches.

  • Pass boot arguments or boot from a custom ramdisk instead of from NAND.

  • Use iBoot to start the application processor instead of booting from the kernel.

  • Modify trust caches, set Device IDs, simulate PAC instructions and more.

Device setting for kernel patches and custom kernels in Corellium's virtual hardware platform

Auditing and collaboration

Easily snapshot and clone device environments.

  • Pause and resume firmware and app operations to facilitate security research.

  • Save and restore device states to simplify reproducibility, record mobile vulnerabilities, and perform audits.

  • Accelerate cross-team research, compliance testing, and researcher training.

Device features for snapshots in Corellium's virtual hardware platform

Why Choose Corellium for Mobile Vulnerability Research

Cutting-Edge Vulnerability and Exploit Research

Corellium provides a powerful and polished user interface with built-in security tools for root access, process tracing, file system manipulation, Frida scripting, TLS-stripping network monitoring, kernel debugging, SEP/iBoot debugging, and much more. Combined with a comprehensive API and USBFlux technology, integrating with leading development, security, and forensics tools such as Xcode, Android Studio, IDA Pro, and GDB/LLDB is seamless.

 

Corellium for Mobile Vulnerability Research

Powerful built-in tools

Tools for every occasion. Powerful features for power users. Check out our tools or integrate them with your favorites.

Explore our platform & tools

Research lab flexibility

Not all security labs and researchers have the same needs – we know, we’re their kind.

On-site Corellium server and desktop appliances use the latest Arm processors

Onsite appliances

On-site Corellium server and desktop appliances use the latest Arm processors. Appliances can be air-gapped for use in high-security locations.
Cloud service hosted on AWS with Corellium

Cloud service

The Corellium cloud solution is hosted on AWS, using Amazon's Graviton Arm servers. Private AWS-based solutions are also available.

Learn more

View live and recorded webinars, browse technical articles, or check out available training to see Corellium in action.

Webinars Articles Training

“Saying that my mind is blown is an understatement. This is the future of security research.”

Corellium Ambassador Umang Raghuvanshi

Umang Raghuvanshi

Security Researcher

There are now Go builders on http://build.golang.org for android/arm, android/arm64, darwin/arm64 (iOS) running on virtual @CorelliumHQ devices. Thanks to @steeve and @zenlyapp we might soon get rid of slow and unreliable physical test devices.

twitter_eliasnaur
@eliasnaur

Go is now self hosted on iOS and Android. Meaning it doesn't need a host to compile and run programs on those platforms. What a fine job @eliasnaur and @CorelliumHQ.

twitter_steeve
@steeve

Thank you @CorelliumHQ for supporting our training session with your iOS and Android virtual devices! It will be a huge help for our students at @typhooncon 10th June // Seoul "Offensive Mobile Reversing and Exploitation". For registration go to typhooncon.com/registration/

twitter_SecuriTeam_SSD
@SecuriTeam_SSD

Just got my hands on @CorelliumHQ — saying that my mind is blown is an understatement. This is the future of iOS security research. (and my eternal fear of bootlooping my physical devices is gone!) Huge thanks to @cmwdotme and @chronic!

twitter_umanghere
@umanghere

@CorelliumHQ is easily one of the most impressive platforms I've seen. Happy to share that students attending the @BlackHatEvents @MDSecLabs Mobile Training will get to play with this first hand! blackhat.com/us-18/training... #BHUSA

twitter_domchell
@domchell

Live kernel debugging on a virtualised iOS 12.0! Having the ability to do this sort of thing with whichever iPhone/version you want is gonna greatly assist developers & researchers with future iOS kernel security research.

twitter_bellis1000
@bellis1000

So much this. Craziest thing for me was just having it show up as a run destination in Xcode (oh yeah and it has ssh and cycript). Real iOS virtualization in the cloud is /awesome/. Nice work @cmwdotme and team!

twitter_b3ll
@b3ll

Watching an online virtual iPhone 8 Plus installing a copy of iOS 11.4 in a browser is *wild*. Then proxying it to USB so you can build & run directly from Xcode? @cmwdotme's @CorelliumHQ is so freaking cool.

twitter_stroughtonsmith
@stroughtonsmith
Solutions
Mobile Vulnerability Research