Coder Social home page Coder Social logo

p-joker's Introduction

p-joker -- iOS/MacOS Kernelcache/Extensions analysis tool

For iOS kernelcache, this tool support 64bit kernelcache and have tested on iOS10/iOS11/iOS12/iOS13 kernelcache
For MacOS kernel extensions, it support all the extensions' mach-o file.

Usuage

for p-joker.py (support iOS kernelcache analysis only, and -e feature can support iOS 12/13 now)

Usage: python p-joker.py kernelcache -hkl [-K bundleID]

  Usage: python p-joker.py kernelcache -hkls [-Ke bundleID(or list)] [-d dir]
   -h, --help
   -k, --kext_list: list all the kext informations
   -K, --kextdump kext_bundle_identifier: dump this kext
   -d, --dir dumpdir: set the output dir
   -l, --lzss: decrypted the kernelcache
   -e, --extract: extract all meta classes and their methods for given extension bundleID  


For example:
   decrypt kernelcache, support bvx and complzss format:
  	 $ python p-joker.py kernelcache.encrypted -l

   list all the kexts info:
  	 $ python p-joker.py kernelcache.decrypted -k

   dump certain kext from kernelcache:
  	 $ python p-joker.py kernelcache.decrypted -K com.apple.iokit.IOHIDFamily
  	 $ python p-joker.py path/to/kernelcache -K all [-d dir]

   extract all meta class and their functions information for all extensions within kernelcache:
  	 $ python p-joker.py kernelcache.decrypted -e "['all']"

   extract all meta class and their functions information for certain extensions within kernelcache:
  	 $ python p-joker.py kernelcache.decrypted -e "['com.apple.iokit.IOHIDFamily']"

for p-extension.py (support macOS only)

Usage: python p-extensions.py -mpfc extension_path/extension_macho
   -h, --help
   -C, --classes: get all the metaclass for all extensions' macho file in the given extension_path
   -c, --class: get all the metaclass for one extension macho
   -m, --macho: only analyze one kernel extension macho
   -M, --machoes: analyze all kernel extensions' macho file in the given extension_path

Dependent libraries

pyiokit
pylzfse
capstone=5.0.0 (https://github.com/aquynh/capstone/tree/next)

Note: please install the capstone in their next branch, which can support PAC instructions set

Support platforms

MacOS/Windows/Linux

if you have any questions, contact me on Twitter (@Lilang_Wu)

p-joker's People

Contributors

lilang-wu avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.