When dyld_decache fails on dyld_shared_cache_arm64, dsc_extractor saves our days


#43

:joy:


#44

已经下载了最新版的 dyld-421.2.tar.gz 文件,更改dsc_iterator.cpp if 0 => if 1
然后执行成功 clang++ -o dsc_extractor dsc_extractor.cpp dsc_iterator.cpp
成功提取出二进制文件
最后 class-dump -H MobilePhoneSettings.bundle/MobilePhoneSettings -o ./header
依然提示:Warning: This file does not contain any Objective-C runtime information.
这是怎么回事?


#45

Would this work for 32bit iphone5? i.e., dyld_shared_cache_armv7s?

I tried copying dyld_shared_cache_armv7s over with iFunBox but it still segfaults when I use dyld_decache. I’ve read the github issue and the stackoverflow post by snakeninny but frankly I’m still confused as to what the right fix is…


#46

As far as I can tell you need to using something like scp to avoid ASLR afaict.

On a side note, IDA has had dyld cache support for a long time so there is no need to decache anymore


#47

Use keys on iPhoneDevWiki and extract dyld_cache directly from firmware works too


#48

I tried both scp and iFunBox and both will segfault. The one I copied over with scp actually decached a little bit longer before segfaulting though…

IDA is too expensive :frowning:


#49

Hopper supports that too


#50

Oh cool I do have that :slight_smile: thanks