Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/derekselander/homebrew-funpack

Apple runtime introspection tools
https://github.com/derekselander/homebrew-funpack

apple arm64 debugging ios macos reverse-engineering

Last synced: 3 days ago
JSON representation

Apple runtime introspection tools

Host: GitHub
URL: https://github.com/derekselander/homebrew-funpack
Owner: DerekSelander
Created: 2023-03-26T12:40:21.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2023-11-22T23:32:28.000Z (12 months ago)
Last Synced: 2023-11-23T00:26:54.052Z (12 months ago)
Topics: apple, arm64, debugging, ios, macos, reverse-engineering
Language: Ruby
Homepage:
Size: 15.6 MB
Stars: 8
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Apple Homebrew tools
homebrew tools, everything here is considered beta, tool options can change without notice, features can break, you could see "WTF Derek" in console output, etc. Most of these tools will only work for arm64 hardware. I am toying with the idea of doing x64, but tbd.

## dipc
The missing [XPoCe](http://newosxbook.com/tools/XPoCe2.html) for ARM64

## dinfo

Query process information/dump assemble for processes at runtime

[dinfo_help]::
```bash

```

## dsdump
Updated binaries from [here](https://github.com/DerekSelander/dsdump)

## mscan
A C++ LLDB plugin that can scan memory for strings or byte sequences

## Setup
In order to make the most of these tools, you need to disable SIP on your macOS machine. If you plan on introspecting Apple executables, you also need to enable experimental 3rd party ARM64e support. Not doing so will crash Apple applications. To enable experimental arm64e support do the following after disabling SIP:

```bash
sudo nvram boot-args=-arm64e_preview_abi
```

If you don't want to disable Apple executables and only introspect 3rd party developers, you can just pull out the arm64 slice via a:
```
lipo -o /tmp/dipc.arm64 -thin arm64 `which dipc`
```

## Install

```bash
brew tap derekselander/funpack
brew install derekselander/funpack/dipc
brew install derekselander/funpack/dinfo
brew install derekselander/funpack/dsdump
brew install derekselander/funpack/mscan
```

### mscan
mscan is a c++ lldb plugin designed to search for memory. Once installed find the location of mscan and put the path in your ~/.lldbinit file

```
echo "plugin load \"`which mscan`\"" >> ~/.lldbinit
```