0x36 / ghidra_kernelcache Goto Github PK
View Code? Open in Web Editor NEWa Ghidra framework for iOS kernelcache reverse engineering
License: Apache License 2.0
ghidra_kernelcache's People
Contributors
Stargazers
Watchers
Forkers
m4rm0k xtiankisutsa ababook crackercat fengjixuchui fade-vivida jack51706 k3rnelninja dotdon jelbrek relib avineshwar c0axial youngshingjun itinerant-fox agnosticlines mrcodechef saeed9321 dandycheung ghidrapluginproject dothanthitiendiettiende bb33bb kingking888 snx90 xmamonx freedomtan qhuyduong tin-z ammaraskar ethicalsecurity-agency ox1111 navees1 emadyay cookierw shuaibiboboghidra_kernelcache's Issues
Wealthy choices as one
AttributeError: 'NoneType' object has no attribute 'getName'
kc.process_kernel_kext()
[+] Processing IOPMinformee class with vtab=0xfffffe00071eb418
Traceback (most recent call last):
File "python", line 1, in <module>
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/kext.py", line 76, in process_kernel_kext
self.process_all_classes()
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/kext.py", line 125, in process_all_classes
kernelCacheClass(self.objects[name],False,self.macOS)
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/ios_kc.py", line 391, in __init__
self.defineObjects()
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/ios_kc.py", line 443, in defineObjects
self._defineVtable()
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/ios_kc.py", line 484, in _defineVtable
funcDef = self.prepareSignature(method)
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/ios_kc.py", line 566, in prepareSignature
return self.parseCSignature(method)
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/ios_kc.py", line 647, in parseCSignature
df = self.setCustomFunctionDefinition(methName,methAddr,namespace,text)
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/ios_kc.py", line 496, in setCustomFunctionDefinition
func = fixLabel(addr)
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/helpers.py", line 284, in fixLabel
name = getSymbolAt(data).getName()
AttributeError: 'NoneType' object has no attribute 'getName'
I did the steps below on MacOS 11.6 but with binaries someone sent from 12.1.
Did this: Create a new folder in your Ghidra project, then load System/Library/Kernels/kernel.release.XXXXX into that folder and let Ghidra analyzes it.
Did this: Create a new Project Archive : Go to DataType Provider → Click on the arrow in the top right of the window → New Project Archive → Place it inside the newly created Folder → Name it to something (i.e macOS_12.1).
Ran this command
$ iometa -n -A /System/Library/Kernels/kernel.release.t8101 > kernel.txt
then ran all the commands.
iometa is compiled for x86_64 is that the issue?
It made the kernel.txt fine though.
ghidra.util.exception.ClosedException: File is closed when loading any file
I checked and the file exists in the correct path. I don't know why I'm getting this error.
>>> kc = Kext(Obj)
Traceback (most recent call last):
File "python", line 1, in <module>
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/kext.py", line 17, in __init__
kernelCache.__init__(self,objects,macOS=True)
File "/Users/thelshell/hacking/ghidra_kernelcache/utils/ios_kc.py", line 21, in __init__
namespace = self.symbolTable.getNamespace("OSMetaClassBase",None)
at db.buffers.BufferMgr.getCachedBufferNode(BufferMgr.java:885)
at db.buffers.BufferMgr.getBufferNode(BufferMgr.java:794)
at db.buffers.BufferMgr.getBuffer(BufferMgr.java:958)
at db.NodeMgr.getFixedKeyNode(NodeMgr.java:292)
at db.Table.getFieldKeyNode(Table.java:164)
at db.Table$FieldKeyIterator2.initialize(Table.java:3823)
at db.Table$FieldKeyIterator2.<init>(Table.java:3797)
at db.Table$FieldKeyIterator.<init>(Table.java:3356)
at db.Table.fieldKeyIterator(Table.java:2000)
at db.FieldIndexTable$PrimaryKeyIterator.<init>(FieldIndexTable.java:493)
at db.FieldIndexTable.keyIterator(FieldIndexTable.java:410)
at db.Table.indexIterator(Table.java:1564)
at ghidra.program.database.symbol.SymbolDatabaseAdapterV3.getSymbolsByNameAndNamespace(SymbolDatabaseAdapterV3.java:278)
at ghidra.program.database.symbol.SymbolManager.getSymbols(SymbolManager.java:983)
at ghidra.program.database.symbol.SymbolManager.getNamespace(SymbolManager.java:1081)
at jdk.internal.reflect.GeneratedMethodAccessor45.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
ghidra.framework.model.DomainObjectException: ghidra.framework.model.DomainObjectException caused by: ghidra.util.exception.ClosedException: File is closed
NameError: name 'kc' is not defined
Ghidra v9.1.2
kc.process_class("IOGraphicsAccelerator2")
Traceback (most recent call last):
File "python", line 1, in
NameError: name 'kc' is not defined
Feature request: x86_64
I can't get the lipo or iometa to work with os x x86_64 kexts.
building iometa on ubuntu fails: "cc: error: unrecognized command line option '-framework'"
hello, I tried to build iometa in an ubuntu 20.04 docker container. However when I type make, I get the following error:
cc -o iometa -Wall -O3 -flto -DVERSION=1.6.6 -DTIMESTAMP="`date +'%d. %B %Y %H:%M:%S'`" -framework CoreFoundation -framework IOKit -lc++abi -Isrc src/*.c gen/cxxsym.c
cc: error: CoreFoundation: No such file or directory
cc: error: IOKit: No such file or directory
cc: error: unrecognized command line option '-framework'
cc: error: unrecognized command line option '-framework'
make: *** [Makefile:12: iometa] Error 1
So I tried to remove the -framework flags. Now I get a very long error message: https://pastebin.com/L0pxrtZn
Can someone please describe how to build iometa on linux correctly?
Thanks, BitFriends
iOS 14b3 research kernelcache
On about 6-7 kexts one for example is IOHIDEventDummyService and IOACIPCFamily. It totally trashes all the psuedocode output with Low-level error: Size too small for fields of structure IOExternalMethodArguments.
ImportError: No module named continues
I placed the .py files in my ghidra_scripts folder in: /user/user_name/ghidra_scripts.
After doing so, I went checked KC.py in the script manager and ran it, just to get this error:
Traceback (most recent call last):
File "/Users/chr1s0x1/ghidra_scripts/KC.py", line 6, in
from utils.helpers import *
File "/Users/chr1s0x1/ghidra_scripts/utils/helpers.py", line 17, in
from generic.continues import RethrowContinuesFactory
ImportError: No module named continues
Any reason as to why this happens? Thanks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.