obscurity in iOS91 kernel

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

obscurity in iOS91 kernel

Postby backendbilly » Sat Mar 26, 2016 11:58 pm

Hey J,

It appears (to me at least) that there is a big data section in the 9.1 kernel with very little cross references (from/to strings for example). In comparison to 8.4, it is very easy to cross reference strings (especially in Kexts) to code, but not so much in iOS9.1. Do you have any idea why? Also, when loading 9.1 dump into IDA, a warning comes up saying there is no pre-linked kexts and that the format may have changed??

Billy
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: obscurity in iOS91 kernel

Postby morpheus » Sun Mar 27, 2016 1:08 pm

Apple strips more and more with every version. That IDA can't find kexts I can't tell you why - I don't use it. How is Joker handling them? I know that it did well up to and including 9.2.1 (though I never actually did 9.1)
morpheus
Site Admin
 
Posts: 530
Joined: Thu Apr 11, 2013 6:24 pm

Re: obscurity in iOS91 kernel

Postby backendbilly » Sun Mar 27, 2016 2:08 pm

Unfortunately that's what I thought too. I was hoping the dumping process was screwed up rather than the stripped symbols.
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: obscurity in iOS91 kernel

Postby morpheus » Sun Mar 27, 2016 6:01 pm

Wait for the next version of joker .. I am working on integrating jtool functionality into it so as to figure out internal function calls and symbolicate large parts. More to come soon.
morpheus
Site Admin
 
Posts: 530
Joined: Thu Apr 11, 2013 6:24 pm

Re: obscurity in iOS91 kernel

Postby backendbilly » Mon Mar 28, 2016 2:15 am

Looking forward to that J. If you can symbolicate the stripped symbols back, that would be such an amazing addition to joker
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 2 guests