Previously I have discussed the paper released by Apple and Google covering their own implementation of a Contact Tracing system, known as ExposureNotification. Their approach was both an Operating System level implementation, and an API (accessible by entitlement only). Apple released a beta version of the Framework with iOS 13.5 Beta 3, along with more documentation, sample code, and an Xcode/SDK update for actively using it within apps.
We are currently in the midst of the Coronavirus Pandemic. SARS-Cov-2, or COVID-19 as it’s more commonly known, has been with us for a while now. Contact tracing was the practice of scrambling to find those who had come into contact with the early cases, but once cases begun rapidly accelerating this was mostly abandoned.
As part of HTool I wanted to add in-depth analysis of iOS Kernel Caches - especially Kernel Extensions. The iOS version of XNU differs from that of macOS as the kernel is instead shipped as a cache file, rather than a simple executable binary. The kernelcache differs from the standalone kernel as instead of shipping seperate .kext Mach-O files in a seperate directory, which the Kernel then searches for and load’s, iOS kernelcache’s have all the extensions bundled into the same Mach-O file. This is similar to how all libraries are merged into the dyld_shared_cache.
I don’t intend for this to be a long post, just a quick announcement. HTool has been released! Beta 1 is available for download here with detailed usage information and download links for both macOS and iOS. Linux support is planned, but not for the next few beta’s.
As some of you may have already been aware, for the past few weeks I have been working on Libhelper. This is a small library aimed at assisting the handling and parsing of Mach-O files, Image4 files and other things related to iOS Security analysis.
I’ve recently been working a lot with parsing Mach-O files, so I’m begining to understand in a fair bit of detail how they are structured and how they work. I’ve been developing a library, called libhelper, which can parse Mach-O files. Libhelper-macho also powers Img4helper, and HTool.