WeiN76LQh
commented
1 day ago Might be related to https://github.com/Vector35/binaryninja-api/pull/6172
Open frankmarco2000 opened 1 day ago
WeiN76LQh
commented
1 day ago Might be related to https://github.com/Vector35/binaryninja-api/pull/6172
bdash
commented
18 hours ago I think the v3 slide info has the same bug I noticed in the v5 slide info and mentioned in https://github.com/Vector35/binaryninja-api/pull/6172#issuecomment-2492639808. The page_start[i] value needs to be divided by 8 before being used as an offset into the page.
bdash
commented
18 hours ago The v2 slide info handling also appears to be incomplete. It doesn't deal with rebase locations being split across multiple linked lists (DYLD_CACHE_SLIDE_PAGE_ATTR_EXTRA). I'm not sure which slide info format is used by iOS 14.4.2.
Version and Platform (required):
Bug Description: IPSW: iPhone 8+ iOS 14.4.2 Version: 18D70 Link: https://updates.cdn-apple.com/2021WinterFCS/fullrestores/071-22616/63E5DC4B-1767-4697-9CD3-97DD4A0E033A/iPhone_5.5_P3_14.4.2_18D70_Restore.ipsw
Steps To Reproduce: Please provide all steps required to reproduce the behavior:
Expected Behavior: Please provide a clear and concise description of what you expected to happen. I expect the symbols to be fully resolved as the attached screenshot from IDA Pro shows:
Opened dyld cache file and selected the MessageProtection framework. When the analysis was complete, I started browsing the symbols. When looking at the class NGMFullDeviceIdentity, in the symbol viewer, the method names are corrupted.
Screenshots/Video [Recording:](
)
Screen shot showing corrupted method names is attached.
Binary: Due to the size of the file it is not reasonable to attach to ticket. Download link is provided above. Additional Information: Please add any other context about the problem here.