Dumping IOS kernel from arm64 device

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Dumping IOS kernel from arm64 device

Postby slava » Fri Aug 21, 2015 12:20 pm

This to move to proper venue question that I originally asked here: viewtopic.php?f=3&t=16588#p17207
Given already jailbroken recent device (eg iphone 6 with 8.1 jailbroken by taig), dump the kernel .
Adminstrator suggested couple of methods:
a) you can just get a kernel cache key..... How to do it on already jailbroken arm64 device? I was under impression they were not available?
b) Use task for PID 0 . I know about kdump by winocm https://gist.github.com/winocm/2202495 . I did it before and adopted program to work under arm64, but the problem was ASR- how to get address range where kernel resides on post ASR IOS?
Posts: 2
Joined: Thu Aug 20, 2015 4:09 pm

Re: Dumping IOS kernel from arm64 device

Postby morpheus » Thu Aug 27, 2015 7:02 pm

You might find this useful: http://newosxbook.com/articles/HIDeAndSeek.html?t#gkm

Otherwise, the only reliable way is to leak ASLR, yes. Once you do, you can dump the memory using task_for_pid, correct.
Site Admin
Posts: 697
Joined: Thu Apr 11, 2013 6:24 pm

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 6 guests