blacktop/symbolicator

`ipsw` symbolication signatures

ipsw symbolication signatures

What 🤔

This repo contains the ipsw symbolication signature files.

How Good 📈

Currently we are sitting at 63.85% on xnu

Getting Started 🚀

Get the signatures

git clone https://github.com/blacktop/symbolicator.git

Symbolicate a kernelcache with ipsw

ipsw kernel sym kernelcache --json --signatures /path/to/symbolicator-repo/kernel

Install IDA Plugin

plugins/ida/install.sh

Now you can apply the symbols to you kernelcache in IDA by pressing Alt+F8

The first time the IDB if loaded, the plugin will attempt to automatically load the symbols file (This is verified using an indication file with the suffix .symbols_loaded)

Plugins 🔌

Supported Plugins/Scripts

• Binary Ninja
• Ghidra
• IDA Pro
• radare2

Generate NEW signatures

You can set these ENV VARS to control the the outputed signature's metadata

• TARGET The target binary. (e.g. com.apple.driver.AppleMobileFileIntegrity)
• MAX_VERSION The maximum version of the target darwin.
• MIN_VERSION The minimum version of the target darwin.
• JSON_FILE The path to the JSON file. (e.g. /path/to/sig.json)

To generate signatures for xnu

scripts/run.sh --kernel '/path/to/KDK/kernel'

To generate signatures for a kext

scripts/run.sh --kext '/path/to/KDK/kext'

TODO

• add support for global variables/constants
• byte pattern matching
• use arg count to assist in identifying anchor caller (as arg position/register)

Credit

Idea was originally inspired by Jonathan Levin's disarm 'matchers' file.

License

MIT Copyright (c) 2024 blacktop