search

arandomdev / DyldExtractor

Extract Binaries from Apple's Dyld Shared Cache
MIT License
404 stars 40 forks source link

Unable to fully extract `libobjc.A.dylib` from iOS 17 dyld_shared_cache #58

Closed frankschlegel closed 1 year ago

frankschlegel commented 1 year ago

Describe the bug When trying to extract the frameworks from the iOS 17 beta shared cache, I noticed that dyldex fails to fully extract libobjc.A.dylib, which causes issues down the line when trying to generate runtime headers later.

It seems dyldex can't find the dependency libobjc-env.dylib inside the shared cache:

Processed: libobjc.A.dylib
----- libobjc.A.dylib -----
14:41:15:803 [ WARNING ] stub_fixer.py:181 : Unable to find dependency: b'/usr/local/lib/libobjc-env.dylib\x00'
--------------------

To Reproduce

  1. iOS version: 17 beta 3
  2. DYLD target device and identifier, i.e iPhone X 11,2: iPhone15,3
  3. Terminal command to reproduce: dyldex -e libobjc.A.dylib dyld_shared_cache_arm64e
arandomdev commented 1 year ago

Some images are linked to a frameworks outside the cache, but these usually don't affect the output. What kinds of issues are you facing when generating the runtime headers? What program are you using?

frankschlegel commented 1 year ago

I'm using ktool for generating the headers. cxnder put together a script that could do the whole process of IPSW download, extraction (using dyldex_all), and header generation via GitHub actions. This worked nicely for iOS 16, but fails for iOS 17, and I'm now trying to find out why.

I already filed an issue for ktool, but it seems the problem lies with binary extraction from the dyld_shared_cache. They fixed some error handling so that the generation runs through now, but the generated headers are still missing some essential type information. For instance, when running this for the CoreImage.framework, the essential base classes CIImage and CIFilter and their headers are completely missing.

Unfortunately, I'm very much a rookie in this territory, so I can't tell if this is an issue with extraction or with header generation. But it seems the class information is really not in the binary I extracted with dyldex -e CoreImage.framework/CoreImage dyld_shared_cache_arm64e. At least I can't find them in the symbol dump (objdump --syms CoreImage) either.

Thanks for looking into this!

arandomdev commented 1 year ago

I believe this is fixed with 808a5ad. I was incorrectly getting the image index which is used to lookup the specific method list to use. CIImage and CIFilter now have methods, and I was able to open them with ktool in GUI mode.

Please let me know if there is anything else.

frankschlegel commented 1 year ago

Yes, it works perfectly now. Thank you so much!