Skip to content

`ipsw` symbolication signatures

License

Notifications You must be signed in to change notification settings

blacktop/symbolicator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

30a8904 Β· Feb 25, 2025

History

94 Commits
Jul 21, 2024
Jul 20, 2024
Aug 16, 2024
Feb 25, 2025
Aug 21, 2024
Feb 25, 2025
Aug 21, 2024
Jul 17, 2024
Aug 16, 2024
Aug 21, 2024
Aug 7, 2024
Jul 19, 2024

Repository files navigation

Symbolicator Logo

ipsw symbolication signatures


What πŸ€”

This repo contains the ipsw symbolication signature files.

How Good πŸ“ˆ

Currently we are sitting at 63.85% on xnu

Getting Started πŸš€

Get the signatures

git clone https://github.com/blacktop/symbolicator.git

Symbolicate a kernelcache with ipsw

ipsw kernel sym kernelcache --json --signatures /path/to/symbolicator-repo/kernel

Install IDA Plugin

plugins/ida/install.sh

Now you can apply the symbols to you kernelcache in IDA by pressing Alt+F8

ida-pluging

The first time the IDB if loaded, the plugin will attempt to automatically load the symbols file (This is verified using an indication file with the suffix .symbols_loaded)

Plugins πŸ”Œ

Supported Plugins/Scripts

Generate NEW signatures

You can set these ENV VARS to control the the outputed signature's metadata

  • TARGET The target binary. (e.g. com.apple.driver.AppleMobileFileIntegrity)
  • MAX_VERSION The maximum version of the target darwin.
  • MIN_VERSION The minimum version of the target darwin.
  • JSON_FILE The path to the JSON file. (e.g. /path/to/sig.json)

To generate signatures for xnu

scripts/run.sh --kernel '/path/to/KDK/kernel'

To generate signatures for a kext

scripts/run.sh --kext '/path/to/KDK/kext'

TODO

  • add support for global variables/constants
  • byte pattern matching
  • use arg count to assist in identifying anchor caller (as arg position/register)

Credit

Idea was originally inspired by Jonathan Levin's disarm 'matchers' file.

License

MIT Copyright (c) 2024 blacktop