Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do you find kernel offsets from a stripped kernel?
Hey, so i'm trying to find offsets for iOS 13.2.3 iPhone 10,3 but there seem to be no symbols. 

I used jtool2 --analyze /Users/brandonplank/Desktop/kernelcache 
and I didnt get anything useful.....

Here is the output
This is a BVX kernelcache - I support that now
Analyzing kernelcache..
This is a new-style A11 kernelcache (Darwin Kernel Version 19.0.0: Wed Oct 9 22:42:11 PDT 2019; root:xnu-6153.42.1~1/RELEASE_ARM64_T8015)
-- Processing __TEXT_EXEC.__text..
Disassembling 21686860 bytes from address 0xfffffff007b88000 (offset 0xb84000):
__ZN11OSMetaClassC2EPKcPKS_j is 0xfffffff0080ae7c8 (OSMetaClass)
Analyzing __DATA.__data..
Got _localnode_id @0xfffffff009044620
Analyzing __DATA.__sysctl_set..
Analyzing fuctions...
FOUND ops at 0xfffffff007bc1fb0!
Analyzing __DATA_CONST.. (1st pass)
-- Note: The is_iokit MIG subsytem contains more messages (90) than I expected (88)
LAST ARG0 : fffffff007793870 , fffffff0074cf620, 9a4a
last Arg2 is not 0?
processing flows...
Analyzing __DATA_CONST.. (2nd pass)
GOT PTHREAD SHIMS! (0xfffffff00790a140)
Getting zone map data
opened companion file ./kernelcache.ARM64.DDF47349-048B-3A39-B02D-2785D47CAC36
Dumping symbol cache to file
Symbolicated 4877 symbols and 83706 functions

But when i tried to find the offsets like _rootvnode, nothing showed up.
[Image: Screen-Shot-2020-02-02-at-4-24-34-PM.png]
idk how to fix this..

Possibly Related Threads…
Thread Author Replies Views Last Post
  Kernel offset finder userlandkernel 1 2,841 06-30-2019, 02:36 PM
Last Post: GeoSn0w

Forum Jump:

Users browsing this thread: 1 Guest(s)

About Us
    Welcome to the Jailbreak Central Forum! Here you can get the latest iOS Jailbreak News from iDevice Central, ask your jailbreak questions and request help, and find the best iOS modding tools for downgrade, CFW iCloud Bypass, Jailbreak and so on. :-)