Not able to dump iOS 17 headers
frankschlegel opened this issue ยท 5 comments
I'm trying to extract all runtime headers from the first iOS 17 beta (using sdk-builder). At first, there was an issue with DyldExtractor, but this got resolved.
Now, ktool is having problems dumping the headers from some of the binaries. Here is an example:
$ ktool dump --headers --fdec --out Headers CoreData
Traceback (most recent call last):
File ".venv/bin/ktool", line 8, in <module>
sys.exit(main())
^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/ktool_script.py", line 430, in main
args.func(args)
File ".venv/lib/python3.11/site-packages/ktool/ktool_script.py", line 1675, in dump
objc_image = ktool.load_objc_metadata(image)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/ktool.py", line 158, in load_objc_metadata
return ObjCImage.from_image(image)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/objc.py", line 142, in from_image
class_queue.go()
File ".venv/lib/python3.11/site-packages/ktool/util.py", line 190, in go
self.returns = [self.process_item(item) for item in self.items]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/util.py", line 190, in <listcomp>
self.returns = [self.process_item(item) for item in self.items]
^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/util.py", line 180, in process_item
return item.func(*item.args)
^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/objc.py", line 783, in from_image
methlist_head = objc_image.load_struct(objc2_class_ro_item.base_meths, objc2_meth_list)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/objc.py", line 197, in load_struct
return self.image.load_struct(addr, struct_type, vm, endian)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/image.py", line 404, in load_struct
address = self.vm.translate(address)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.11/site-packages/ktool/image.py", line 152, in translate
raise VMAddressingError(f'Address {hex(vm_address)} couldn\'t be found in vm address set')
ktool.exceptions.VMAddressingError: Address 0x1869a0881 couldn't be found in vm address set
Unfortunately, I'm not super versed in all this. ๐ But with the right pointers, I might be able to fix this issue.
Thanks! ๐
Can you upload the binary that is failing?
Almost all framework binaries are failing. Here is a small one: CoreBluetooth.zip
Thanks for looking into this!
So, this is an error with extraction, still :P A few of the pointers in class_ro for 3 of the classes are invalid (looks like they point to data that'd probably be in libobjc.dylib in the cache)
but there was also unintentionally no error handling for bad class_ro pointers, so I added that with bf1dcaa. Most of that framework works now.
Will probably take a while to get on pip but you can install it from the github for any automation.
Thanks! I'll check with DyldExtractor again, then.
Interestingly, this also happens when running ktool on framework binaries from the simulator runtime, e.g. /Library/Developer/CoreSimulator/Volumes/iOS_21A5268h/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 17.0.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreBluetooth.framework/CoreBluetooth
Those were never part of a dyld_shared_cache and should be "complete", right? Or are they still pointing to off-image classes?
This is the error reported by ktool:
> python3.11/site-packages/ktool/image.py", line 82, in translate
raise VMAddressingError(f'Address {hex(address)} ({hex(l_addr)}) not in VA Table or fallback map. (page: {hex(page_location)})')
ktool.exceptions.VMAddressingError: Address 0xcfff698e0 (0x4f33cfff698e0) not in VA Table or fallback map. (page: 0xcfff69)