06-30-2019, 02:34 PM
Many offset finders exist for getting the offsets (locations) of specific functions and constants in the kernelcache.
However, these are very compactly and simple written in C.
Each time the kernel changes the offset finder needs to be updated.
And one needs to manually specify most offsets to find.
For convenience, I wrote a script that uses the radare2 disassembler to get the symbols, parses and format them and storing them in a c and header file so you can use them directly in projects.
To get started you'll need to install radare2.
On debian linux you can do that with the following command:
On macOS you can use brew to install it
The offset finder uses radare2 (a free and opensource disassembler) to print out all the symbols then strips the unnamed symbols and formats them into a struct so they then can be stored and used in a c and h file.
Duplicate symbols are renamed in the c file.
You can find the offset finder and many generated structures of offsets on my website for tools: http://kernelium.com
The script is not very clean, improvements are welcome.
To automate the offset finder one can use blacktop's ipsw tool from GitHub that allows you to download and decompress all kernelcaches for a given iOS version.
I hope you can find use in it
However, these are very compactly and simple written in C.
Each time the kernel changes the offset finder needs to be updated.
And one needs to manually specify most offsets to find.
For convenience, I wrote a script that uses the radare2 disassembler to get the symbols, parses and format them and storing them in a c and header file so you can use them directly in projects.
To get started you'll need to install radare2.
On debian linux you can do that with the following command:
Code:
sudo apt-get install radare2On macOS you can use brew to install it
Code:
brew install radare2The offset finder uses radare2 (a free and opensource disassembler) to print out all the symbols then strips the unnamed symbols and formats them into a struct so they then can be stored and used in a c and h file.
Duplicate symbols are renamed in the c file.
You can find the offset finder and many generated structures of offsets on my website for tools: http://kernelium.com
The script is not very clean, improvements are welcome.
To automate the offset finder one can use blacktop's ipsw tool from GitHub that allows you to download and decompress all kernelcaches for a given iOS version.
I hope you can find use in it