trouble with jtool for MIG detection in dyld_shared_cache

Used for discussing the various tools in the book as well as encouraging members to share tools

trouble with jtool for MIG detection in dyld_shared_cache

Postby ladeshot » Mon Mar 12, 2018 7:25 pm

I am trying to use the functionality demonstrated in Output 11-29 (page 341) of *OS Internals Volume 1, but jtool is not detecting any MIG tables in the UIKit.framework.

Code: Select all
Luke-Deshotelss-iPod:/var/mobile/levin root# ./jtool --version
This is jtool v1.0 - with bug fixes for @stek29's Malformed Mach-Os (thanks) and full support for dyld shared caches branch pools, compiled on Feb  4 2018 18:07:29

Luke-Deshotelss-iPod:/var/mobile/levin root# ./jtool -d __DATA_CONST.__const /System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64:UIKit.framework | grep -i subsys
Processing shared cache - cached file : UIKit.framework from /System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64
Found but not extracting - Setting File Start to 0x74b6000 (mmapped: 11e000000)
Processing cached file from offset 74b6000  size: 2f98c000
Dumping from address 0x1a04d46f0 (Segment: __DATA_CONST.__const) to end of section
Address : 0x1a04d46f0 = Offset 0x1e4d46f0
Luke-Deshotelss-iPod:/var/mobile/levin root#


I can think of a few potential issues.
Perhaps different iOS versions are causing trouble (I am using a Yalu jailbreak on an iPod Touch 6th gen with iOS 10.1.1).
Maybe there is a dependency I am not aware of.
Maybe the MIG tables are just not there in UIKit in iOS 10.1.1.
Any suggestions would be greatly appreciated. I should note that this functionality seems to work fine on stand-alone executables. I only have trouble working with the dyld_shared_cache.
ladeshot
 
Posts: 2
Joined: Mon Mar 12, 2018 7:02 pm

Return to Tools

Who is online

Users browsing this forum: Google [Bot] and 1 guest

cron