Dumping IOS kernel from arm64 device

Postby slava » Fri Aug 21, 2015 12:20 pm

This to move to proper venue question that I originally asked here: viewtopic.php?f=3&t=16588#p17207
Given already jailbroken recent device (eg iphone 6 with 8.1 jailbroken by taig), dump the kernel .
Adminstrator suggested couple of methods:
a) you can just get a kernel cache key..... How to do it on already jailbroken arm64 device? I was under impression they were not available?
b) Use task for PID 0 . I know about kdump by winocm https://gist.github.com/winocm/2202495 . I did it before and adopted program to work under arm64, but the problem was ASR- how to get address range where kernel resides on post ASR IOS?
Re: Dumping IOS kernel from arm64 device

Postby morpheus » Thu Aug 27, 2015 7:02 pm

You might find this useful: http://newosxbook.com/articles/HIDeAndSeek.html?t#gkm

Otherwise, the only reliable way is to leak ASLR, yes. Once you do, you can dump the memory using task_for_pid, correct.
