<amw>
I thought you actually worked from the iBoot file off disk?
amw has quit [Ping timeout: 256 seconds]
Tokamak has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Mary_ has quit [Quit: Bye!]
JTL has quit [Ping timeout: 246 seconds]
JTL has joined #asahi-re
amw has joined #asahi-re
Mary_ has joined #asahi-re
amw has quit [Ping timeout: 264 seconds]
hir0 has joined #asahi-re
amw has joined #asahi-re
<amw>
marcan: Sorry I was confused - you actually objdump a kernelcache
<amw>
marcan: The script I was refering to was used as: python machodump.py kernelcache.macho
<amw>
marcan: Then it was dd if=kernelcache.macho bs=4k skip=$((0xc04)) count=16 of=init.bin
<amw>
Where the 0xc04 was computed from the macho header format.
<amw>
This was then dumped out with: aarch64-linux-gnu-objdump -D -b binary -a aarch64 -m aarch64 init.bin
<marcan>
oh that
<amw>
marcan: Is the kernelcache.macho file uploaded? or Should I make my own some how?
<marcan>
that's macOS, that is not redistributable
<marcan>
you need to extract it yourself
<amw>
Is this stuff worth documenting/capturing?
<amw>
ok - I haven't found that on my macbook air so far.
<marcan>
the macho file inside the img4 kernelcache
<marcan>
I kind of fear that if we just give people a step by step tutorial on how to extract the kernelcache, that will just result in randoms disassembling things and trying to contribute (make sure you read alx.sh/re)
<amw>
ok
<marcan>
but IRC is fine so: get https://github.com/tihmstar/img4tool, img4tool -a kernelcache -e -p kernelcache.im4p -m kernelcache.im4m; img4tool kernelcache.im4p -e -o kernelcache.macho
<amw>
ok
<amw>
I can try to get this working and document and you could trim out
<marcan>
well, if we have a page about this, we need a big disclaimer at the top telling people to go read our policy first
<amw>
Shouldn't it go in / under the RE area?
<marcan>
because unless you will never contribute to Asahi or any related open source project, you should not start throwing things in a disassembler without carefully reading that and understanding the implications
<marcan>
I mean it can go in the docs wiki, but we need to make sure people understand this
<amw>
ok - prepend the page with "What ever you discover from this is restricted as per RE page"?
<marcan>
let me just write this up real quick
<amw>
Sure, I was just trying to follow along and summarise what I learnt - no urgency
<amw>
Perhaps one day the kernelcache generated from the opensource xnu code drop would be easier to use
eric_engestrom has quit [Ping timeout: 246 seconds]
arnd has joined #asahi-re
davidrysk[m] has quit [Ping timeout: 244 seconds]
konradybcio has joined #asahi-re
bylaws has joined #asahi-re
ConeOfAttack[m] has joined #asahi-re
Jasper[m] has joined #asahi-re
brentr123[m] has joined #asahi-re
izzyisles[m] has joined #asahi-re
schoenerstedt[m] has joined #asahi-re
hwatwasthat[m] has joined #asahi-re
Jamie[m] has joined #asahi-re
TellowKrinkle[m] has joined #asahi-re
asmon[m] has joined #asahi-re
amey has joined #asahi-re
josiahmendes[m] has joined #asahi-re
mellotron1[m] has joined #asahi-re
delroth[m] has quit [Ping timeout: 240 seconds]
nufflee[m] has quit [Ping timeout: 240 seconds]
winocm has quit [Ping timeout: 265 seconds]
fl35[m] has quit [Ping timeout: 265 seconds]
schoenerstedt[m] has quit [Ping timeout: 258 seconds]
Jamie[m] has quit [Ping timeout: 258 seconds]
TellowKrinkle[m] has quit [Ping timeout: 258 seconds]
konradybcio has quit [Ping timeout: 258 seconds]
_alice has quit [Ping timeout: 246 seconds]
liur[m] has quit [Ping timeout: 244 seconds]
ts170[m] has quit [Ping timeout: 244 seconds]
DrGit[m] has quit [Ping timeout: 260 seconds]
Bastian[m] has quit [Ping timeout: 260 seconds]
wolf511[m] has quit [Ping timeout: 265 seconds]
os[m] has quit [Ping timeout: 265 seconds]
xerpi[m] has quit [Ping timeout: 240 seconds]
mofux[m] has quit [Ping timeout: 240 seconds]
ronyrus[m] has quit [Ping timeout: 246 seconds]
shawnj2[m] has quit [Ping timeout: 246 seconds]
izzyisles[m] has quit [Ping timeout: 258 seconds]
hypergenesis[m] has quit [Ping timeout: 268 seconds]
nutmanja[m] has quit [Ping timeout: 244 seconds]
iparaskev[m] has quit [Ping timeout: 244 seconds]
nhlism[m] has quit [Ping timeout: 244 seconds]
tarik02[m] has quit [Ping timeout: 244 seconds]
smist08[m] has quit [Ping timeout: 244 seconds]
jevinskie[m] has quit [Ping timeout: 244 seconds]
jamesmunns[m] has quit [Ping timeout: 260 seconds]
hwatwasthat[m] has quit [Ping timeout: 258 seconds]
brentr123[m] has quit [Ping timeout: 258 seconds]
Jasper[m] has quit [Ping timeout: 258 seconds]
asmon[m] has quit [Ping timeout: 258 seconds]
thecake21[m] has quit [Ping timeout: 265 seconds]
mellotron1[m] has quit [Ping timeout: 258 seconds]
bylaws has quit [Ping timeout: 258 seconds]
ah-[m] has quit [Ping timeout: 265 seconds]
josiahmendes[m] has quit [Ping timeout: 258 seconds]
ConeOfAttack[m] has quit [Ping timeout: 258 seconds]
eric_engestrom has joined #asahi-re
HeN has joined #asahi-re
sumoon[m] has quit [Ping timeout: 240 seconds]
jrmuizel[m] has quit [Ping timeout: 240 seconds]
DarthCloud has quit [Ping timeout: 268 seconds]
emily has quit [Ping timeout: 240 seconds]
bjornjulander[m] has quit [Ping timeout: 240 seconds]
rootspring[m] has quit [Ping timeout: 240 seconds]
bakk[m] has quit [Ping timeout: 246 seconds]
jinen[m] has quit [Ping timeout: 268 seconds]
rockinrobstar[m] has quit [Ping timeout: 268 seconds]
hipboi[m] has quit [Ping timeout: 268 seconds]
svenpeter has quit [Ping timeout: 268 seconds]
ryanhrob[m] has quit [Ping timeout: 268 seconds]
skillfulman23[m] has quit [Ping timeout: 268 seconds]
enverb[m] has quit [Ping timeout: 260 seconds]
bastilian has quit [Ping timeout: 260 seconds]
khronokernel[m] has quit [Ping timeout: 260 seconds]
flokk[m] has quit [Ping timeout: 260 seconds]
reispflanze[m] has quit [Ping timeout: 260 seconds]
redbluescreen[m] has quit [Ping timeout: 260 seconds]
fried_dede[m] has quit [Ping timeout: 260 seconds]
blazra has quit [Ping timeout: 260 seconds]
citruscitrus[m] has quit [Ping timeout: 260 seconds]
randohacker[m] has quit [Ping timeout: 260 seconds]
mcnight[m] has quit [Ping timeout: 260 seconds]
DarthCloud has joined #asahi-re
delroth[m] has joined #asahi-re
DrGit[m] has joined #asahi-re
Bastian[m] has joined #asahi-re
nufflee[m] has joined #asahi-re
ah-[m] has joined #asahi-re
wolf511[m] has joined #asahi-re
thecake21[m] has joined #asahi-re
winocm has joined #asahi-re
os[m] has joined #asahi-re
fl35[m] has joined #asahi-re
nufflee[m] has quit [Ping timeout: 240 seconds]
thecake21[m] has quit [Ping timeout: 244 seconds]
wolf511[m] has quit [Ping timeout: 240 seconds]
fl35[m] has quit [Ping timeout: 246 seconds]
os[m] has quit [Ping timeout: 244 seconds]
winocm has quit [Ping timeout: 260 seconds]
delroth[m] has quit [Ping timeout: 265 seconds]
Bastian[m] has quit [Ping timeout: 258 seconds]
DrGit[m] has quit [Ping timeout: 258 seconds]
ah-[m] has quit [Ping timeout: 268 seconds]
Jan[m]1 has joined #asahi-re
frode_0xa has quit [Quit: leaving]
frode_0xa has joined #asahi-re
jrmuizel[m] has joined #asahi-re
bjornjulander[m] has joined #asahi-re
_alice has joined #asahi-re
fl35[m] has joined #asahi-re
TellowKrinkle[m] has joined #asahi-re
josiahmendes[m] has joined #asahi-re
asmon[m] has joined #asahi-re
jamesmunns[m] has joined #asahi-re
emily has joined #asahi-re
davidrysk[m] has joined #asahi-re
ryanhrob[m] has joined #asahi-re
thecake21[m] has joined #asahi-re
blazra has joined #asahi-re
enverb[m] has joined #asahi-re
svenpeter has joined #asahi-re
randohacker[m] has joined #asahi-re
mcnight[m] has joined #asahi-re
ts170[m] has joined #asahi-re
shawnj2[m] has joined #asahi-re
tarik02[m] has joined #asahi-re
flokk[m] has joined #asahi-re
bylaws has joined #asahi-re
reispflanze[m] has joined #asahi-re
Jamie[m] has joined #asahi-re
smist08[m] has joined #asahi-re
rockinrobstar[m] has joined #asahi-re
Bastian[m]1 has joined #asahi-re
ConeOfAttack[m] has joined #asahi-re
ronyrus[m] has joined #asahi-re
nufflee[m] has joined #asahi-re
mofux[m] has joined #asahi-re
mellotron1[m] has joined #asahi-re
DrGit[m] has joined #asahi-re
citruscitrus[m] has joined #asahi-re
iparaskev[m] has joined #asahi-re
nhlism[m] has joined #asahi-re
liur[m] has joined #asahi-re
os[m] has joined #asahi-re
izzyisles[m] has joined #asahi-re
jinen[m] has joined #asahi-re
skillfulman23[m] has joined #asahi-re
hipboi[m] has joined #asahi-re
sumoon[m] has joined #asahi-re
delroth[m] has joined #asahi-re
Jasper[m] has joined #asahi-re
bakk[m] has joined #asahi-re
khronokernel[m] has joined #asahi-re
ah-[m] has joined #asahi-re
konradybcio has joined #asahi-re
nutmanja[m] has joined #asahi-re
jevinskie[m] has joined #asahi-re
winocm has joined #asahi-re
fried_dede[m] has joined #asahi-re
brentr123[m] has joined #asahi-re
xerpi[m] has joined #asahi-re
redbluescreen[m] has joined #asahi-re
hwatwasthat[m] has joined #asahi-re
wolf511[m] has joined #asahi-re
rootspring[m] has joined #asahi-re
bastilian has joined #asahi-re
hypergenesis[m] has joined #asahi-re
hir0 has quit [Ping timeout: 246 seconds]
hir0 has joined #asahi-re
hir0 has quit [Quit: Lost terminal]
amey_an has joined #asahi-re
amey has quit [Read error: Connection reset by peer]
Bastian[m]1 is now known as Bastian[m]
Tokamak has joined #asahi-re
<davidrysk[m]>
marcan, amw: you don't need to extract the kernelcache, you can just go at /System/Library/Kernels/kernel.release.t8101
<davidrysk[m]>
also note that Apple has significantly increased the level of link-time optimization and inlining that they do on the Apple Silicon kernels. You will not find many symbols in them.
<davidrysk[m]>
kexts you can just get from /S/L/E
<roxfan>
so they use aux kc like on intel?
<Shiz>
there's also another mach-o dumper in my img4 repo, i was thinking of expanding it to pseudo-extract drivers
<roxfan>
main kernel is probably self-contained so can be analyzed separately