Allow loading a single image from an iOS/macOS kernelcache #6401
Assignees
Labels
Effort: Low
Issue should take < 1 week
File Format: SharedCache
Issue with the dyld_shared_cache plugin
Impact: Medium
Issue is impactful with a bad, or no, workaround
Milestone
Comments
|
For more context, it just took me 60 minutes to analyze an entire iOS kernelcache with Binary Ninja headlessly; the same kernelcache takes only 5 minutes to analyze with IDA batch mode. I understand that because IDA is not decompiling the binary this is not a direct/fair comparison of work done, but ultimately what I'm measuring is "time until I can start querying things with the API", irrespective of what the actual analysis encompasses. Unfortunately, Binary Ninja's more minimal analysis modes do not produce the necessary cross references, or correct-enough analysis to be useful for scripting. |
xusheng6
added
File Format: SharedCache
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the feature you'd like to have?
IDA Pro allows you to load either just the kernel or just a single kernel extension from an iOS/macOS kernelcache. This is handy when you don't need the rest of the kernel for what you're looking at.
Is your feature request related to a problem?
I am unable to use Binary Ninja for some scripting tasks related to iOS/macOS kernels because the analysis time is prohibitive for it being useful. If I could limit the analysis to just a specific kernel extension, it may become fast enough that I could realistically use it.
Are any alternative solutions acceptable?
Grafting individual images out of the kernelcache with
ipswor similar tools yields malformed binaries that create other analysis problems.The text was updated successfully, but these errors were encountered: