KextLoad binary available?

Used for discussing the various tools in the book as well as encouraging members to share tools

KextLoad binary available?

Postby backendbilly » Fri Jul 10, 2015 5:33 pm

Hi Johnathan,

I'm interested in the binary version of your kextLoad where you demonstrate loading kernel extensions and getting the "service not available" in iOS. I tired to compile the source code but having issues with the include file "OSKextLib.h". I'm compiling on iOS using clang. Do you have the include file OSKextLib.h as well or did you simply extract it from the XCode OSX SDK?
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: KextLoad binary available?

Postby morpheus » Fri Jul 10, 2015 6:48 pm

That's the standard header which I'm using. Here's the TGZ to make it easier for you. I haven't tried the code since about the World War, but it should compile cleanly on both OS X and iOS, and work on the former by passing kext. Use gcc-iphone (from the samples page) to compile with your SDK.
Attachments
kextloadsrc.tgz
(25.91 KiB) Downloaded 303 times
morpheus
Site Admin
 
Posts: 530
Joined: Thu Apr 11, 2013 6:24 pm

Re: KextLoad binary available?

Postby backendbilly » Sun Jul 12, 2015 4:45 am

Thanks for the sources. Please pardon my ignorance and lack of expertise in compiling the code for iOS. I'm able to compile on OSX and generate x86-64 code no problem but not ARM code. The iPhoneOS.sdk does not include or contain "#include <libkern/OSReturn.h>". I'm using the latest xcode and iOS sdk 8.4.

Also, the gcc-iphone script seem to point to unavailable directories such as:

/Developer/Platforms/iPhoneOS.platform/DeviceSupport/Latest/Symbols/usr/include

Also, gcc is clang --> xcrun -sdk iphoneos gcc --help --> prints the clang LLVM compiler

Is it me or is the iphone-gcc outdated?

FYI, I tested the compiled kextload.arm by passing it /System/Library/Extensions/IOUSBDeviceFamily.kext/ as follows:

Code: Select all
./kextload.arm /System/Library/Extensions/IOUSBDeviceFamily.kext/
Kext user-space log filter changed from 0xff2 to 0xffffffff.
Kext library recording diagnostics for: validation authentication dependencies warnings.
Running kernel architecture is arm64.
Kext library architecture set to arm64.
Creating /System/Library/Extensions/IOUSBDeviceFamily.kext.
Opening CFBundle for /System/Library/Extensions/IOUSBDeviceFamily.kext.
/System/Library/Extensions/IOUSBDeviceFamily.kext has no Info.plist file.
Releasing CFBundle for /System/Library/Extensions/IOUSBDeviceFamily.kext
Removed /System/Library/Extensions/IOUSBDeviceFamily.kext, id __unknown__, version (missing).
Unable to create Kext
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: KextLoad binary available?

Postby morpheus » Sun Jul 12, 2015 9:45 pm

No ignorance needs be pardoned. I set up this forum exactly for clarifications and questions, so:

A) re- gcc-iphone - that's a small script that I devised so I don't have to use Xcode (UGH!) to compile. gcc/clang - same same. If you have the Xcode command line tools, the script should work with the only required change being the SDK link:

Zephyr:~ morpheus$ cat `which gcc-iphone`
# Do yourselves a favor and create a symlink to the mile long path of the SDK. Mine is:
#
# ls -l /iOSDeveloper
# lrwxr-xr-x 1 root wheel 80 Mar 30 16:15 /iOSDeveloper -> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer

SDK=iPhoneOS8.3.sdk
gcc -arch arm64 \
-framework IOKit \
-framework CoreFoundation \
-F /iOSDeveloper/SDKs/$SDK/System/Library/Frameworks \
-F /iOSDeveloper/SDKs/$SDK/System/Library/PrivateFrameworks \
-L /iOSDeveloper/SDKs/$SDK/usr/lib \
-L /iOSDeveloper/SDKs/$SDK/usr/lib/system \
-I /iOSDeveloper/SDKs/$SDK/usr/include \
$*


So i) create the symlink and ii) change SDK=...

B) In a release build of iOS, in the /System/Library/Extensions you only have plugins (user mode) and not actual kexts. The kexts are all prelinked in the (encrypted) kernel cache.. To get kextload to (almost) work on iOS - that is, reject at kernel level but still say it created the kext, you need a valid kext in that directory, and if I recall tweak the Info.plist a little. Take an x86_64 kext project and slightly modify it so as to compile it for ARM (generally requires replacing "gcc" with "gcc-iphone" in the pbxroj file. It'll be a dead end, but will run a few more stages. The OS X version, btw, should work well.
morpheus
Site Admin
 
Posts: 530
Joined: Thu Apr 11, 2013 6:24 pm

Re: KextLoad binary available?

Postby backendbilly » Mon Jul 13, 2015 1:27 pm

Thank you for sharing. I would make one small modification to gcc --> xcrun -sdk iphoneos gcc. Otherwise you'll run into errors including "unknown architecture".
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm


Return to Tools

Who is online

Users browsing this forum: Yahoo [Bot] and 1 guest