It’s been a rough few months for me personally, as a few of you will know. I’ve found it difficult to work on all my projects and give them the attention they need, which is a shame. One particular project that has seen issues is ipswCentral. The aim of this post is to outline my plans with ipswCentral, and what I plan to do next.
Welcome to Inside XNU! A blog-series in which I hope analyse and discuss the boot process and functionality of the XNU Kernel. I have recently taken up OS development as a hobby and learning exercise with nullpixel. We have found that reading through the source code of other kernels - Linux, XNU, etc - is very valuable despite them being far more advanced than what we’re aiming for.
As part of HTool I wanted to add in-depth analysis of iOS Kernel Caches - especially Kernel Extensions. The iOS version of XNU differs from that of macOS as the kernel is instead shipped as a cache file, rather than a simple executable binary. The kernelcache differs from the standalone kernel as instead of shipping seperate .kext Mach-O files in a seperate directory, which the Kernel then searches for and load’s, iOS kernelcache’s have all the extensions bundled into the same Mach-O file. This is similar to how all libraries are merged into the dyld_shared_cache.
I don’t intend for this to be a long post, just a quick announcement. HTool has been released! Beta 1 is available for download here with detailed usage information and download links for both macOS and iOS. Linux support is planned, but not for the next few beta’s.
As some of you may have already been aware, for the past few weeks I have been working on Libhelper. This is a small library aimed at assisting the handling and parsing of Mach-O files, Image4 files and other things related to iOS Security analysis.
I’ve recently been working a lot with parsing Mach-O files, so I’m begining to understand in a fair bit of detail how they are structured and how they work. I’ve been developing a library, called libhelper, which can parse Mach-O files. Libhelper-macho also powers Img4helper, and HTool.