jtool DCD on arm64 shared cache

Used for discussing the various tools in the book as well as encouraging members to share tools

jtool DCD on arm64 shared cache

Postby jonios » Tue May 01, 2018 10:35 pm

Hi morpheus, this is Jon from your nyc training this week :)

I tried jtool -d dyld_shared_cache_arm64:AXSpringBoardServerInstance but jtool produces mostly DCD instructions.
Code: Select all
$ jtool -d dyld_shared_cache_arm64:AXSpringBoardServerInstance
<redacted>:
   19694ccc4    DCD     0xd86a7460
   19694ccc8    DCD     0xebfdba0
   19694cccc    DCD     0x0


When I run jtool -d on the already extracted library in ~/Library/Developer/Xcode/iOS DeviceSupport/10.2 (14C92)/Symbols/System/Library/PrivateFrameworks/Accessibility.framework/Frameworks/AXSpringBoardServerInstance.framework then it produces valid instructions
Code: Select all
$ jtool -arch arm64 -d AXSpringBoardServerInstance
+[AXSBHearingAidDeviceController sharedController]:
   19694ccc4    ADRP    X8, 65367               ; ->R8 = 0x1a68a3000
   19694ccc8    LDR     X8, [X8, #1008] ; -R8 = *(R8 + 1008) = _sharedController.onceToken 0x0 ... ?..
   19694cccc    CMN     X8, #1          ; X0 = 0xffffffffffffffff -|


Have I done something wrong with jtool? Searching for DCD on this forum brings up these two posts that don't seem related to my issue:
viewtopic.php?f=3&t=16731&hilit=DCD
viewtopic.php?f=3&t=16589&p=17213&hilit=DCD#p17213

But being new here maybe I missed a previous topic.

An additional problem (that I can workaround) is with the companion file. If I give -jtooldir xyz when disassembling the library in ~/Library then jtool produces this file:
Code: Select all
AXSpringBoardServerInstance.ARM64.B4F8F281-60AF-3BB5-97EE-0235C8F4FFA8

When I disassemble the shared cache file and give -jtooldir then this file is produced
Code: Select all
AXSpringBoardServerInstance.arm64

Where jtool won't use the companion file with the UUID on it to help with symbolication for the shared cache disassembly. My workaround is to simply copy the UUID file to the .arm64 one
Code: Select all
cp AXSpringBoardServerInstance.ARM64.B4F8F281-60AF-3BB5-97EE-0235C8F4FFA8 AXSpringBoardServerInstance.arm64

And then jtool will output symbols for the shared cache.
Code: Select all
+[AXSBHearingAidDeviceController sharedController]:
   19694ccc4    DCD     0xd86a7460
   19694ccc8    DCD     0xebfdba0
   19694cccc    DCD     0x0

But of course I still get those DCD's..

BTW, two small issues with the forum signup (sorry maybe this issue should be posted elsewhere?)
1. not using https, so my password is sent in the clear (I guess you know this already)
2. captcha v1 is shutdown, so the captcha literally says 'reCAPTCHA V1 IS SHUTDOWN' but then the submission process still accepted my input (I literally typed that text in!) Maybe it just accepts any string?
jonios
 
Posts: 4
Joined: Tue May 01, 2018 10:11 pm

Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests

cron