jtool problems with Apple Watch

Used for discussing the various tools in the book as well as encouraging members to share tools

jtool problems with Apple Watch

Postby pranjal » Wed Jan 06, 2016 11:27 pm

jtool not working
Hi there, I keep trying to use jtool to extract the dyld_shared_cache from the Apple Watch (armv7k), but I'm getting an error when using it. Here's the error:
Code: Select all
Unable to recognize this file - 49445944

And here's my usage:
Code: Select all
jtool  -v -l <path to file>

The path is definitely an unmodified cache from the payloadv2 directory of an Apple Watch OTA update, and I'm not sure why it's not recognizing the file. Any suggestions? Thanks!
pranjal
 
Posts: 4
Joined: Wed Jan 06, 2016 11:17 pm

Re: jtool problems with Apple Watch

Postby morpheus » Thu Jan 07, 2016 9:37 pm

The file you're looking at is the DYDIFF patch of the S/L/C. Therefore it's not in a format that JTool (or any other tool) can understand.

However, you might find a surprise waiting for you in ~/Library/Developer/XCode/WatchOS DeviceSupport :-)
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: jtool problems with Apple Watch

Postby pranjal » Thu Jan 07, 2016 10:02 pm

I really enjoyed seeing that. Thank you so much for your help.
I also have a question. Where do you learn this stuff? I'm only 15, and I've been making iOS apps for a long time. I'm good at Objective C, C++, C and Swift, but I just can't wrap my head around reverse engineering, and I'd love a little advice as to where I can begin.
Last edited by pranjal on Thu Jan 07, 2016 10:21 pm, edited 1 time in total.
pranjal
 
Posts: 4
Joined: Wed Jan 06, 2016 11:17 pm

Re: jtool problems with Apple Watch

Postby pranjal » Thu Jan 07, 2016 10:21 pm

Also, I can't dump any of the frameworks I found with class-dump or class-dump-z. Am I doing something wrong?
pranjal
 
Posts: 4
Joined: Wed Jan 06, 2016 11:17 pm

Re: jtool problems with Apple Watch

Postby morpheus » Fri Jan 08, 2016 7:32 pm

A) Read, read, and read. There's a bunch of articles on the main site which demonstrate REing, and MOXiI 2 - unlike its predecessor - will be all RE driven. Expect a major announcement in a few weeks on that.

B) Get past the tools and get to know how to reverse yourself. Using IDA or jtool or tool or what not is better if you can figure out where the automated tool falls short - and it will.

C) Libraries in the S/L/C undergo deep linking that removes the data some of the automated tools latch onto to get the objc const. In particular, S/L/C linking splits __DATA into __DATA_DIRTY and CONST. point the tool at the right section, because that's a great example of when it falls short :)
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: jtool problems with Apple Watch

Postby pranjal » Fri Jan 08, 2016 10:35 pm

Alright. I thought that I should just keep reading. Thanks so much for the help!
pranjal
 
Posts: 4
Joined: Wed Jan 06, 2016 11:17 pm


Return to Tools

Who is online

Users browsing this forum: Yahoo [Bot] and 2 guests