https://github.com/blacktop/symbolicator

`ipsw` symbolication signatures
https://github.com/blacktop/symbolicator

apple ios ipsw kernelcache signatures symbolicate symbolication symbols

Last synced: about 9 hours ago
JSON representation

`ipsw` symbolication signatures

• Host: GitHub
• URL: https://github.com/blacktop/symbolicator
• Owner: blacktop
• License: mit
• Created: 2024-07-17T00:06:45.000Z (4 months ago)
• Default Branch: main
• Last Pushed: 2024-11-11T20:55:39.000Z (6 days ago)
• Last Synced: 2024-11-11T21:35:47.506Z (6 days ago)
• Topics: apple, ios, ipsw, kernelcache, signatures, symbolicate, symbolication, symbols
• Language: Python
• Homepage:
• Size: 11.8 MB
• Stars: 42
• Watchers: 1
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

        


  

  

  
ipsw symbolication signatures

  




## What 🤔

This repo contains the [ipsw](https://github.com/blacktop/ipsw) symbolication signature files.

## How Good 📈

Currently we are sitting at `63.85%` on **xnu**

## Getting Started 🚀

Get the signatures

```bash

git clone https://github.com/blacktop/symbolicator.git

```

Symbolicate a kernelcache with [ipsw](https://github.com/blacktop/ipsw)

```bash

ipsw kernel sym kernelcache --json --signatures /path/to/symbolicator-repo/kernel

```

Install IDA Plugin

```bash

plugins/ida/install.sh

```

Now you can apply the symbols to you kernelcache in IDA by pressing `Alt+F8`

![ida-pluging](plugins/ida/docs/ida.png)

_The first time the IDB if loaded, the plugin will attempt to automatically load the symbols file (This is verified

using an indication file with the suffix `.symbols_loaded`)_

## Plugins 🔌

Supported Plugins/Scripts

- [Binary Ninja](plugins/binja)

- [Ghidra](plugins/ghidra)

- [IDA Pro](plugins/ida)

- [radare2](https://github.com/radareorg/radare2/blob/master/scripts/ipsw-kernel-symbolicate.r2.js)

## Generate NEW signatures

You can set these ENV VARS to control the the outputed signature's metadata

- `TARGET` The target binary. (e.g. com.apple.driver.AppleMobileFileIntegrity)

- `MAX_VERSION` The maximum version of the target darwin.

- `MIN_VERSION` The minimum version of the target darwin.

- `JSON_FILE` The path to the JSON file. (e.g. /path/to/sig.json)

To generate signatures for `xnu`

```bash

scripts/run.sh --kernel '/path/to/KDK/kernel'

```

To generate signatures for a `kext`

```bash

scripts/run.sh --kext '/path/to/KDK/kext'

```

## TODO

- [ ] add support for global variables/constants

- [ ] byte pattern matching

- [ ] use arg count to assist in identifying anchor caller (as arg position/register)

## Credit

Idea was originally inspired by Jonathan Levin's [disarm](https://newosxbook.com/tools/disarm.html) 'matchers' file.

## License

MIT Copyright (c) 2024 blacktop