deepinstinct / dsc_fix Goto Github PK
View Code? Open in Web Editor NEWAids in reverse engineering libraries from dyld_shared_cache in IDA
License: GNU General Public License v3.0
Aids in reverse engineering libraries from dyld_shared_cache in IDA
License: GNU General Public License v3.0
Error You forgot to call set_processor_type()
iOS 11.3.1 dyld shared cache
System : Win10 ida7.0
No such file or directory: 'addrs.txt'
How to get this file?
For instance, using dsc_fix on an iOS 11.3.1 64-bit dyld shared cache will result in nullsub
and several empty readdressed functions.
I get this error when trying to use dsc_fix on MobileCoreServices (tried different version, 9.3.3, 10.0.1, 10.0.2, 10.1) directly opened as a 'single image' from the matching dyld_shared_cache_arm64 which I select in the open dialog presented by dsc_fix:
/Users/nikias/coding/dsc_fix/dsc_fix.py: 'NoneType' object is not iterable
Traceback (most recent call last):
File "/Applications/IDA Pro 6.95/idaq64.app/Contents/MacOS/python/ida_idaapi.py", line 509, in IDAPython_ExecScript
execfile(script, g)
File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 760, in <module>
main()
File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 745, in main
map_shared_bridges(dsc_file, adrfind)
File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 629, in map_shared_bridges
label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code)
File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 645, in label_and_fix_branch_islands
dylib_path, dsc_offset, macho_offset = res
TypeError: 'NoneType' object is not iterable
I changed the code to continue anyway like this:
diff --git a/dsc_fix.py b/dsc_fix.py
index 68443f8..e96eabf 100644
--- a/dsc_fix.py
+++ b/dsc_fix.py
@@ -642,6 +642,8 @@ def label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code):
res = adrfind.find(addr)
if not res:
print "[!] coudln't find addr for addr:", addr
+ i += 1
+ continue
dylib_path, dsc_offset, macho_offset = res
exportname = adrfind.get_export_name_for_addr(addr)
if _IN_IDA:
However in the end, it created the additional segements, but instead of things like B objc_msgSend_0
I see a B loc_<original_address in new segment>
that is undefined code, for example something like this:
CPS #0x1F (hex: 1F 00 00 F1)
Any idea what is wrong here? What is the file you used for your example screenshots so I can try if that works at least?
System: macOS 10.12
Some error occur when open dyld_shared_cache_arm64.
/Users/XiaoMi/Desktop/dsc_fix.py: unpack requires a string argument of length 8
Traceback (most recent call last):
File "/Applications/IDA Pro 6.95/idaq64.app/Contents/MacOS/python/ida_idaapi.py", line 509, in IDAPython_ExecScript
execfile(script, g)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 760, in
main()
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 744, in main
adrfind = AddrFinder(dsc_file, cache_symbols=False)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 402, in init
self.indexer.index()
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 377, in index
self.dyldwalker.walk_segments(self._callback, verbose=verbose)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 329, in walk_segments
verbose=verbose)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 338, in walk_images
mappings = dyld_cache_mapping_info(self.cache, header.mapping_count)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 174, in dyld_cache_mapping_info
ret.append(_dyld_cache_mapping_info(dsc_file))
File "/Us
When running the script in IDA Pro 7.0, in the popup, the dyld_shared_cache_arm64 file is always grey, cannot be chosen.What's wrong?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.