Fully cross-platform toolkit (and library!) for MachO+Obj-C editing/analysis

Overview

Logo

MachO/ObjC Analysis + Editing toolkit.


Library Documentation

Installation

# Installing
pip3 install k2l

# Updating
pip3 install --upgrade k2l

Usage

> $ ktool
Usage: ktool [command]  [filename]

Commands:

GUI (Still in active development) ---
    ktool open [filename] - Open the ktool command line GUI and browse a file

MachO Analysis ---
    dump - Tools to reconstruct headers and TBDs from compiled MachOs
    json - Dump image metadata as json
    cs - Codesigning info
    kcache - Kernel cache specific tools
    list - Print various lists (Classlist, etc.)
    symbols - Print various tables (Symbols, imports, exports)
    info - Print misc info about the target mach-o

MachO Editing ---
    insert - Utils for inserting load commands into MachO Binaries
    edit - Utils for editing MachO Binaries
    lipo - Utilities for combining/separating slices in fat MachO files.

Misc Utilities ---
    file - Print very basic info about the MachO
    img4 - IMG4 Utilities
    

Run `ktool [command]` for info/examples on using that command

written in pure, 100% python for the sake of platform independence when operating on static binaries and libraries. this should run on any and all implementations of python3.

Tested on:

  • Windows/Windows on ARM64
  • MacOS x86/arm64
  • Linux/Linux ARM64
  • iOS (iSH, ssh)
  • Android (Termux)
  • WebAssembly
  • Brython

Credits

Chained fixup processing is currently entirely based on https://github.com/xpcmdshell/bn-chained-fixups

Special thanks to

JLevin and *OS Internals for existing

arandomdev for guidance + code

Blacktop for their amazing ipsw project: https://github.com/blacktop/ipsw

Comments
  • `dump` command fails with exception

    `dump` command fails with exception

    Hello,

    When attempting to dump headers from system frameworks, extracted by keith/dyld-shared-cache-extractor, the following exception is thrown:

    ➜  ~ dyld-shared-cache-extractor /System/Library/dyld/dyld_shared_cache_x86_64 ~/Desktop/headers/dyld/
    ➜  ~ ktool dump --headers --out ~/Desktop/headers ~/Desktop/headers/dyld/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
    Traceback (most recent call last):
      File "/usr/local/bin/ktool", line 8, in <module>
        sys.exit(main())
      File "/usr/local/lib/python3.9/site-packages/ktool/ktool_script.py", line 387, in main
        args.func(args)
      File "/usr/local/lib/python3.9/site-packages/ktool/ktool_script.py", line 915, in dump
        objc_image = ktool.load_objc_metadata(image)
      File "/usr/local/lib/python3.9/site-packages/ktool/ktool.py", line 125, in load_objc_metadata
        return ObjCImage.from_image(image)
      File "/usr/local/lib/python3.9/site-packages/ktool/objc.py", line 130, in from_image
        cat_prot_queue.go()
      File "/usr/local/lib/python3.9/site-packages/ktool/util.py", line 104, in go
        self.returns = [self.process_item(item) for item in self.items]
      File "/usr/local/lib/python3.9/site-packages/ktool/util.py", line 104, in <listcomp>
        self.returns = [self.process_item(item) for item in self.items]
      File "/usr/local/lib/python3.9/site-packages/ktool/util.py", line 94, in process_item
        return item.func(*item.args)
      File "/usr/local/lib/python3.9/site-packages/ktool/objc.py", line 910, in from_image
        loc = objc_image.get_int_at(category_ptr, 8, vm=True)
      File "/usr/local/lib/python3.9/site-packages/ktool/objc.py", line 186, in get_int_at
        return self.image.get_int_at(offset, length, vm, sectname)
      File "/usr/local/lib/python3.9/site-packages/ktool/dyld.py", line 205, in get_int_at
        offset = self.vm.get_file_address(offset, section_name)
      File "/usr/local/lib/python3.9/site-packages/ktool/macho.py", line 289, in get_file_address
        raise ValueError(f'Address {hex(vm_address)} couldn\'t be found in vm address set')
    ValueError: Address 0xfffffff8402cc730 couldn't be found in vm address set
    

    It behaves the same whether I extract the arm64 or x64 cache.

    Thanks

    opened by LeoNatan 13
  • Binaries with inserted commands do not round-trip

    Binaries with inserted commands do not round-trip

    Attempting to insert a load command into a binary produced by ktool after previously inserting a load command does not work.

    To reproduce, run the following:

    $ ktool insert --lc load --payload libFirst.dylib --out FirstOutput Target
    $ ktool insert --lc load --payload libSecond.dylib --out SecondOutput FirstOutput
    

    This results in the following error:

    Traceback (most recent call last):
      File "/opt/homebrew/bin/ktool", line 866, in <module>
        main()
      File "/opt/homebrew/bin/ktool", line 356, in main
        args.func(args)
      File "/opt/homebrew/bin/ktool", line 567, in insert
        image = process_patches(image)
      File "/opt/homebrew/bin/ktool", line 407, in process_patches
        return ktool.reload_image(image)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/ktool.py", line 55, in reload_image
        return load_image(image.slice)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/ktool.py", line 84, in load_image
        return Dyld.load(macho_slice, load_symtab=load_symtab, load_imports=load_imports, load_exports=load_exports)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 289, in load
        image = Image(macho_slice)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 138, in __init__
        self.macho_header: ImageHeader = ImageHeader.from_image(macho_slice=macho_slice)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 77, in from_image
        raise ex
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 73, in from_image
        load_cmd = Struct.create_with_bytes(LOAD_COMMAND_MAP[LOAD_COMMAND(cmd)], cmd_raw)
      File "/opt/homebrew/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/enum.py", line 384, in __call__
        return cls.__new__(cls, value)
      File "/opt/homebrew/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/enum.py", line 702, in __new__
        raise ve_exc
    ValueError: 791555631 is not a valid LOAD_COMMAND
    

    Some testing on my end reveals this doesn't seem to depend on the binaries themselves.

    bug 
    opened by jonpalmisc 3
  • Insert command only inserts to first architecture in universal binaries

    Insert command only inserts to first architecture in universal binaries

    I've attempted to insert a load command as follows:

    ktool insert --lc load --payload libExample.dylib --out TargetPatched Target
    

    This succeeds in adding the load command to the first architecture in the universal binary, however, it does not insert it to the second. The ability to either;

    • choose which architecture to add the load command for; or
    • automatically insert the load command in both architectures

    would be helpful.

    bug 
    opened by jonpalmisc 3
  • Load Command LOAD_COMMAND.LOAD_UPWARD_DYLIB doesn't have a mapped struct type

    Load Command LOAD_COMMAND.LOAD_UPWARD_DYLIB doesn't have a mapped struct type

    Hello, when attempting to dump headers for a shared library extracted from the dyld cache (using keith/dyld-shared-cache-extractor), the following error comes up:

    ➜  ~ ktool dump --headers --out ~/Desktop/test/headers /Users/lnatan/Desktop/test/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 
    ERROR - ktool.dyld:L#83:ImageHeader:from_image() - 
    ERROR - ktool.dyld:L#84:ImageHeader:from_image() - Load Command LOAD_COMMAND.LOAD_UPWARD_DYLIB doesn't have a mapped struct type
    ERROR - ktool.dyld:L#85:ImageHeader:from_image() - *Please* file an issue on the github @ https://github.com/cxnder/ktool
    ERROR - ktool.dyld:L#86:ImageHeader:from_image() - 
    ERROR - ktool.dyld:L#87:ImageHeader:from_image() - Run with the -f flag before the subcommand to try and force loading anyways
    ERROR - ktool.dyld:L#88:ImageHeader:from_image() - 
    Traceback (most recent call last):
      File "/opt/homebrew/bin/ktool", line 8, in <module>
        sys.exit(main())
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/ktool_script.py", line 376, in main
        args.func(args)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/ktool_script.py", line 898, in dump
        image = ktool.load_image(fp, args.slice_index, use_mmaped_io=MMAP_ENABLED)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/ktool.py", line 84, in load_image
        return Dyld.load(macho_slice, load_symtab=load_symtab, load_imports=load_imports, load_exports=load_exports)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 292, in load
        image = Image(macho_slice)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 139, in __init__
        self.macho_header: ImageHeader = ImageHeader.from_image(macho_slice=macho_slice)
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 89, in from_image
        raise ex
      File "/opt/homebrew/lib/python3.9/site-packages/ktool/dyld.py", line 74, in from_image
        load_cmd = Struct.create_with_bytes(LOAD_COMMAND_MAP[LOAD_COMMAND(cmd)], cmd_raw)
    KeyError: <LOAD_COMMAND.LOAD_UPWARD_DYLIB: 2147483683>
    

    Running with the -f flag doesn't help.

    Thanks

    opened by LeoNatan 2
  • chore(legacy): Adapt to package changes

    chore(legacy): Adapt to package changes

    This PR updates .legacy_setup.py in order to work with the new changes made to the library. Specific changes were documented under the commit message.

    When updating versions, make sure to update the one set in pyproject.toml as well as the one set in the legacy setup script, and everything else should be fine; Procursus doesn't use poetry unfortunately, so this is a required patch in order for that to continue building.

    opened by TheRealKeto 1
  • Incorrect superclass for classes

    Incorrect superclass for classes

    I was trying to generate header files for NearField.framework but noticed that the superclass for NFHCESession was incorrect.

    My NearField.framework binary was created by DyldExtractor with the cache from iOS 14.3.

    The superclass for NFHCESession should be NFSession but it's set to NSObject. image

    Here is the binary I used.

    opened by arandomdev 1
  • Miscellaneous changes to the project

    Miscellaneous changes to the project

    This PR provides some QOL updates to the project, cleaning up some code, removing, and re-organizing imports. Specific changes have been mentioned under the commit message.

    opened by TheRealKeto 1
  • Small changes and fixes to test workflow

    Small changes and fixes to test workflow

    This PR changes the Github workflow used to run tests; small commits (such as those as simple README changes) are now ignored by the workflow, and the workflow now runs tests for changes inside branches starting with develop/.

    Since specific Python versions will be used for development (in the future), this PR makes specfying what Python version the workflow needs to setup more dynamic — requiring a secret with the Python version to be setup before merging this. This specific change can be discussed at any point.

    Specific changes made have been documented under the commit message.

    enhancement 
    opened by TheRealKeto 1
  • Migration to Python 3.10 + next commits

    Migration to Python 3.10 + next commits

    The project has been migrated to python 3.10 for the sake of using pattern matching and other wonderful features it provides.

    This branch will also temporarily contain future work on the project till it is merged.

    This will be merged to master whenever python 3.10 is closer to being ready for an official release.

    enhancement 
    opened by cxnder 1
  • Actually use __init__.py (and shorten imports)

    Actually use __init__.py (and shorten imports)

    This PR makes use of __init__.py in order make it easier to import classes from the project into and outside of the project, since this is the actual use of the file, shortening import statements.

    Currently, everything provided by the module/distribution is being imported, which isn't the best practice (because there's things that shouldn't be imported(?)), so I'd like so input on that.

    opened by TheRealKeto 1
  • Large Amount of changes

    Large Amount of changes

    Class Renames: Dyld -> MachOImageLoader ImageHeader -> MachOImageHeader

    LD64 class was removed insert_load_cmd(load_command, index=-1, suffix=None) and remove_load_command(index) added to MachOImageHeader which supports adding and removing all types of load commands now.

    ktool.dyld module renamed to ktool.loader, now contains only code relavent specifically to loading the Image class from a standard MachO Image class and a few others moved to new image.py, in which contained code is a non-platform-specific abstraction not tied to MachO.

    Fixes:

    • Rewritten load command injection should fix issues with round-tripping and producing bad patches. A ton of unit testing for this area was added to try and maintain this.
    • Fix for some issues on certain weird linux environments

    Improvements:

    • ktool no longer tries to guess the property getter/setter; it decodes it from the actual standard attr_string or generates it from the property name if none is specified. This avoids potential false positives and also clarifies when non standard ones are used. We also decode whether a property is @ dynamic but do not encode that in the header yet.
    • json output for properties now embeds attr_string, getter, and setter.
    opened by cxnder 0
  • Decoding exception when using load_image_from_dsc on < iOS 16

    Decoding exception when using load_image_from_dsc on < iOS 16

    Don't have trace on-hand atm, but using ktool as a lib I'm getting:

    utf-8 can't decode byte 0xc0 in position 2: invalid start byte

    from read_node in ktool/loader.py in the image.get_cstr_at(cursor) call.

    Let me know if you need the full trace

    opened by glen-mac 0
  • fails in gui

    fails in gui

    [email protected] Desktop % ktool open /Users/bootywarrior/Downloads/iPhone_4.7_14.6_18F72_Restore/kernelcache.release.n71.decompressed Hard fault in GUI due to uncaught exception: Traceback (most recent call last): File "/opt/homebrew/bin/ktool", line 8, in sys.exit(main()) File "/opt/homebrew/lib/python3.10/site-packages/ktool/ktool_script.py", line 409, in main args.func(args) File "/opt/homebrew/lib/python3.10/site-packages/ktool/ktool_script.py", line 489, in _open raise ex File "/opt/homebrew/lib/python3.10/site-packages/ktool/ktool_script.py", line 481, in _open screen.load_file(args.filename, MMAP_ENABLED) File "/opt/homebrew/lib/python3.10/site-packages/ktool/window.py", line 2230, in load_file raise ex File "/opt/homebrew/lib/python3.10/site-packages/ktool/window.py", line 2211, in load_file for item in KToolKernelCacheLoader.contents_for_file(fd, self.update_load_status): File "/opt/homebrew/lib/python3.10/site-packages/ktool/window.py", line 1605, in contents_for_file raise ex File "/opt/homebrew/lib/python3.10/site-packages/ktool/window.py", line 1603, in contents_for_file items.append(cls.slice_item(macho_slice, callback)) File "/opt/homebrew/lib/python3.10/site-packages/ktool/window.py", line 1966, in slice_item loaded_image = MachOImageLoader.load(macho_slice) File "/opt/homebrew/lib/python3.10/site-packages/ktool/loader.py", line 58, in load MachOImageLoader._parse_load_commands(image, load_symtab, load_imports, load_exports) File "/opt/homebrew/lib/python3.10/site-packages/ktool/loader.py", line 80, in _parse_load_commands image.vm.add_segment(segment) File "/opt/homebrew/lib/python3.10/site-packages/ktool/image.py", line 51, in add_segment self.map_pages(segment.file_address, segment.vm_address, segment.size) File "/opt/homebrew/lib/python3.10/site-packages/ktool/image.py", line 86, in map_pages raise MachOAlignmentError(f'Tried to map {hex(virtual_addr)}+{hex(size)} to {hex(physical_addr)}') ktool.exceptions.MachOAlignmentError: Tried to map 0xfffffff007890000+0x7ee58 to 0x818000

    opened by turnerrocks1 0
  • ModuleNotFoundError: No module named '_curses'

    ModuleNotFoundError: No module named '_curses'

    OS: Microsoft Windows 10 x64

    An error occurred after running Ktool.

    Traceback (most recent call last):
      File "c:\python3\lib\runpy.py", line 194, in _run_module_as_main
        return _run_code(code, main_globals, None,
      File "c:\python3\lib\runpy.py", line 87, in _run_code
        exec(code, run_globals)
      File "C:\python3\scripts\ktool.exe\__main__.py", line 4, in <module>
      File "c:\python3\lib\site-packages\ktool\ktool_script.py", line 54, in <module>
        from ktool.window import KToolScreen, external_hard_fault_teardown
      File "c:\python3\lib\site-packages\ktool\window.py", line 31, in <module>
        import curses
      File "c:\python3\lib\curses\__init__.py", line 13, in <module>
        from _curses import *
    ModuleNotFoundError: No module named '_curses'
    

    image

    opened by Vxer-Lee 1
Releases(1.3.0)
  • 1.3.0(May 14, 2022)

    Class Renames: Dyld -> MachOImageLoader ImageHeader -> MachOImageHeader

    LD64 class was removed insert_load_cmd(load_command, index=-1, suffix=None) and remove_load_command(index) added to MachOImageHeader which supports adding and removing all types of load commands now.

    ktool.dyld module renamed to ktool.loader, now contains only code relevant specifically to loading the Image class from a standard MachO Image class and a few others moved to new image.py, in which contained code is a non-platform-specific abstraction not tied to MachO.

    Fixes:

    • Rewritten load command injection should fix issues with round-tripping and producing bad patches. A ton of unit testing for this area was added to try and maintain this.
    • Fix for some issues on certain weird linux environments

    Improvements:

    • ktool no longer tries to guess the property getter/setter; it decodes it from the actual standard attr_string or generates it from the property name if none is specified. This avoids potential false positives and also clarifies when non-standard ones are used. We also decode whether a property is @ dynamic but do not encode that in the header yet.
    • json output for properties now embeds attr_string, getter, and setter.
    • More unit tests
    Source code(tar.gz)
    Source code(zip)
  • 1.2.1(May 1, 2022)

    New

    • ImageHeader can now be created from arbitrarily values (ImageHeader.from_values())
    • New Constructable LoadCommand + Segment currently used in tandem with old Segment wrapper.
    • Unit tests!
    • --fdec flag for dump, which forward declares private class imports

    Fixes

    • BytesIO fixes
    • Fix lc insertion
    • Fix with mmaped IO loader
    • Program no longer crashes on unimplemented load commands
    • Better VM segment input verification
    • Properly null pad strings in structs
    • Minor fixes in help messages
    • Fix a crash with the codesign parser
    • Fix (one) missing Chained Fixup structure.
    • Fix relative method list parsing when relative addresses are negative
    • Much better error handling in objc parsing
    • Better info on bad load commands
    Source code(tar.gz)
    Source code(zip)
  • 1.2.0(Mar 30, 2022)

    • Added entitlement parsing
    • Added Codesign information to GUI.
    • Added json dumping for all mach-o/obj-c metadata
    • Fixed an issue with Slice.find() on 32 bit files
    • Further sped up struct loading substantially.
    • Fixed issues with the patcher.

    Tool

    • Added ktool cs for interacting with codesigning info
    • Added ktool json for dumping metadata as json
    • Implemented ktool -V

    Library

    Documentation has been mostly updated to reflect new additions

    Codesign Info

    • Added CodesignInfo class, accessible via image.codesign_info
      • Entitlements accessible via codesign_info.entitlements

    Serialization

    The majority of objects containing relevant/important metadata about the image now contain a .serialize() function, which returns json-formattable dictionaries containing relevant metadata.

    Struct Parser

    • Redid the method in which .raw bytes are generated, eliminating the bottleneck created by that feature
    • Added support for field "sizes" being another Struct type

    File Backing

    • Added a BackingFile class to further abstract out the direct file reads
    • Added a SlicedBackingFile class to even further abstract out slices within a file. This fixed a confusing issue with the Slice.find() search utility in 32 bit files. This also abstracts out the patching functionality in order to keep that code more sane.

    Patcher

    • Refactored the majority of the LD64 class and its patching methods to now rebuild the entire header and write it via a single slice.patch()

    Parsing of more codesign related information, along with adding more relevant data to json dumps to come.

    Source code(tar.gz)
    Source code(zip)
  • 1.1.4(Mar 15, 2022)

    Nothing too crazy, a lot of cleanup/refactoring, a few additions

    GUI

    • Structs will now be rendered with an indentation for readability
    • Scrolling now supports PGUP + PGDOWN

    Image

    .vm_realign() - Computes image alignment (after the imageheader has been loaded) and sets up (or re-sets-up) the proper VM translator for the image.

    Slice

    CPU subtype now masks out the ABI bits.

    VM Address Translation

    Added a new VM translator, based on how low-level memory paging works. It is up to 2x faster than the old manual translator.

    It falls back to the legacy method whenever images cannot be mapped to 16k/4k pages.

    • Refactor: -> get_file_address() -> translate()
    • New Attribute: .detag_kern_64 - Set this to automatically detag 64 bit kernel pointers being translated
    • New Attribute: .detag_64 - Set this to detag 64 bit pointers (remove chained fixup data)

    ObjC

    A lot more fallback/safe failure stuff. You can now load a binary extracted using the default dyld_extractor.bundle (although objc data will still not be processable, as the offsets are entirely junk and likely irreperable without access to the entire cache).

    Structs

    .render_indented() - Return a string similar to str(struct_instance) but with linebreaks and indentation.

    Internal:

    Struct sizes now actually contain two values; the high 2 bytes represent the type of the field, and the low 2 bytes represent the size of the data in that field.

    loading a field as bytes uses the size type_bytes | <size>. loading a field as a string is done with char_t[size]. Unsigned ints now internally use the 0x10000 mask instead of being represented by -<size>

    kcache parsing:

    • Added version string parsing image
    Source code(tar.gz)
    Source code(zip)
  • 1.1.3(Mar 6, 2022)

    watchOS kcache extraction + minor bug fixes

    TUI

    • Add support for --no-mmap flag (needed on windows) in open command
    • Only detag kext addresses on 64 bit kcaches

    ktool.macho

    MachOFile -

    • Fix an issue where 32 bit little endian files wouldn't be recognized.

    ktool.kcache -

    • Add support for armv7k kernelcaches
    Source code(tar.gz)
    Source code(zip)
  • 1.1.1(Mar 5, 2022)

    This release builds on the baseline kernelcache processing shipped with 1.1.0

    • Added a modified version of the python stdlib plistlib that actually works in ktool.kplistlib
    • Added the kcache stuff to the help strings.

    GUI

    • Temporarily dropped the non-implemented title menus
    • Added a new one named "Help", and moved the old default info text to that

    GUI Kernel Cache Loader

    • Added a full Loader specifically for KernelCaches
    • Info specific to Kernel Caches
    • Creates a View listing kexts and allow browsing their attributes and prelink info

    ktool.kcache

    KernelCache

    Added Attributes:

    • .prelink_info -> prelink info dict for the Mach Kernel psuedoextension
    • .version -> Release Version (semantic) of the kernel

    Kext

    Added Attributes: Note: Do not rely on any of these not being empty

    • .prelink_info -> Dict[str, Any] with info for this kext pulled straight from the plist in __PRELINK_INFO:__info.
    • .development_region
    • .executable_name
    • .id -> will always be the same as .name
    • .bundle_name -> Plaintext readable proper name of the bundle (like, "Libkern Extension")
    • .package_type -> Always KEXT
    • .info_string -> Informative (maybe) string describing the kext
    • .version_str -> (Probably) the same as .version
    Source code(tar.gz)
    Source code(zip)
  • 1.1.0(Mar 5, 2022)

    This release mainly adds merged-type kernelcache parsing.

    kmacho module

    • Added support for LC_THREAD, LC_UNIXTHREAD, and LC_MAIN
    • Added mapping for LC_LOAD_UPWARD_DYLIB

    ktool module

    New! ktool.kcache

    KernelCache class: .mach_kernel: Image -> Image representing the Mach Kernel itself .kexts: List[Kext] -> List of Kext objects embedded in this kernel

    Kext class: .name -> kext name .version: str -> kext version .mach_header -> Mach-O Header of the Kext .image -> Image representing this Kext

    _VirtualMemoryMap
    • Added support (and detagging) for 64 bit kernel address space.
    Image
    • added .entry_point attribute, which points to the address (in VM Space) of the program's entry point, if an LC_THREAD, LC_UNIXTHREAD, or LC_MAIN was in the header
    • added .thread_state attribute, which holds the entry thread state if an LC_THREAD/LC_UNIXTHREAD was defined
    GUI
    • Fix: Window wont crash when a view is empty
    Source code(tar.gz)
    Source code(zip)
  • 1.0.0(Mar 1, 2022)

    :tada: :tada: :tada: :tada:

    This release includes the changelog from 1.0.0rc0

    Changes

    • Terminal Output is now highlighted
    • Table rendering in terminal output now has ansi support
    • Added --class flag to dump
    • Chained Fixup Support! iOS 15 binaries, etc can now have their imports processed. It's rudimentary, but damnit, it works :)
    • Fixed ENCRYPTION_INFO_COMMAND handling
    • Function Starts table processing
    • Remove unneeded packaging dependency in favor of just hackily using setuptools's vendored version. This is a hack, but reportedly, procursus (an iOS bootstrap) cant handle building one of packaging's build dependencies, so this makes that work.
    • heavily improved non-mmap implementation

    Swift

    Extremely Rudimentary swift processing. It's just the groundwork, and shouldn't really be counted as a feature yet, but binaries with swift wont break it anymore, and it can read some basic info about swift types (and list swift types)

    Structs

    • Rewrite it again to handle signed int field processing automatically
    • Rewrite it again again so my IDE properly recognizes the fields exist, without slowing down processing too much

    Internal Stuff

    • Migrated the entire project to poetry and refactored some of the project layout.
    Source code(tar.gz)
    Source code(zip)
  • 1.0.0rc0(Feb 24, 2022)

    :tada: :tada: :tada: :tada:

    Changes

    • Chained Fixup Support! iOS 15 binaries, etc can now have their imports processed. It's rudimentary, but damnit, it works :)
    • Fixed ENCRYPTION_INFO_COMMAND handling
    • Function Starts table processing
    • Remove unneeded packaging dependency in favor of just hackily using setuptools's vendored version. This is a hack, but reportedly, procursus (an iOS bootstrap) cant handle building one of packaging's build dependencies, so this makes that work.
    • heavily improved non-mmap implementation

    Swift

    Extremely Rudimentary swift processing. It's just the groundwork, and shouldn't really be counted as a feature yet, but binaries with swift wont break it anymore, and it can read some basic info about swift types (and list swift types)

    Structs

    • Rewrite it again to handle signed int field processing automatically
    • Rewrite it again again so my IDE properly recognizes the fields exist, without slowing down processing too much
    Source code(tar.gz)
    Source code(zip)
  • 0.20.1(Jan 26, 2022)

    Tool

    • Initial file load in the GUI is now near-instant thanks to a refactor in how headers are loaded.
    • non-mmaped processing now operates at a reasonable speed.

    Library

    • rewrite bio (non-mmap) backend stuff to use a bytearray buffer loaded at init instead of repeated seek()->read() calls.
    • non-mmap now automatically kicks in if mmap fails
    • GUI now supports a target-function-based lazy loading string buffer, which is used for header lazy-loading
    Source code(tar.gz)
    Source code(zip)
  • 0.20.0(Jan 19, 2022)

    Tool

    • open now has --hard-fail flag, which will cause open to fail (and print a backtrace) if it hits any exceptions loading content
    • GUI: objc header generation now functions on platforms without semaphore implementations

    Library

    Symbol

    • Class now conforms to Constructable class.
      • .from_image() when loading from an nlist(32/64) struct
      • .from_values when loading from values we've already decoded elsewhere
    • .addr -> .address
    • .ext -> .external
    • .types - new array of strings containing different types, if they're specified in an nlist64 entry (from a symtab)

    Table Refactor

    Essentially, table rendering in the GUI is now instant, with zero load time/freezing and no lag while scrolling large tables. This includes Hex Dumps

    Class

    • Added .dividers: bool attribute; when set to True, a real "table" with outlined cells/columns will be drawn.
    • Refactored entire class to lazily process, render, and cache the dumps as the buffer is scrolled instead of every time it gets loaded. This makes everything with tables nearly instance

    Hex Dump Tables

    • HexDumpTables now override the fetch() method of Table, and lazily load/replace the .rows() attribute through only decoding the bytes we need at the time; and disables the cache, instead of loading all of the bytes into the decoding function at once.

    Table Rendering Logic

    • ScrollingDisplayBuffer().process_lines() no longer handles rendering tables; instead we fetch() the needed content in rendered_lines_from() every time an update is requested
    • Pinning is no longer properly implemented
    Source code(tar.gz)
    Source code(zip)
  • 0.19.4(Jan 14, 2022)

    Library

    • Added support for loading/parsing/dumping 32-bit binaries. (tested on armv7, should work on x86 (32) as well)
    • General Code Cleanup
    Source code(tar.gz)
    Source code(zip)
  • 0.19.3(Jan 6, 2022)

    Mainly bugfixes, and a refactor that can potentially cut objc loading speed in half.

    Tool

    • GUI: Better multithreading for the objc header syntax highlighting in the objc loader.

    Library

    • Fix a lot of potential recursion/class-loading errors in objc
    • FIx method/property sorting in public API
    • Implement a Queueing system for loading Classes/Protocols/Categories
    • Implement a Cache for loaded Classes/Protocols/Categories
    • Update Repo Address
    Source code(tar.gz)
    Source code(zip)
  • 0.19.0(Jan 3, 2022)

    This release includes a few bugfixes, along with a massive internal refactor that shouldn't affect any of the API or process.

    Tool

    • GUI
      • Fix Exit button
      • Fix crash regression when image has no UUID
    • add --membench global arg (benchmarks memory allocations across program)
    • Add --use-stab-for-sel dump arg, which will force using the symtab to get selectors for methods, instead of using the actual selector strings.

    Library

    Bugfixes
    • Fix a crash when unrecognized load commands are read
    • Fix a crash when symtab is entirely empty (poorly extracted dyld binaries)
    • Fix a crash when class/protocol pointers are bad (poorly extracted dyld binaries)
    Refactors
    • Constructable Abstract Base Class - Renamed from_bytes to from_image
    • Image - Remove deprecated .linked attribute (replaced with .linked_images)
    • Image - Add .import_table: Dict[int, Symbol], which is a lookup table for imported symbols
    • Image - Add .export_table: Dict[int, Symbol], which is a lookup table for exported symbols
    • _VirtualMemoryMap - Add .vm_check(vm_address) -> bool
    • .objc - Implement Constructable API in ObjCImage, Class, Protocol, Category, Method, Property, and Ivar. This will allow api-compatible loading and header dumping of values obtained at runtime, not from an image.
    Source code(tar.gz)
    Source code(zip)
  • 0.18.0(Dec 16, 2021)

    Tool

    • Should run a lot faster due to internal Library changes. Benchmarks have shown anywhere from 30-60% reductions in runtime.
    • GUI
      • Moved Imports and Exports out of "Binding" group and merge the imports tables

    Library

    • Massive Speedups
      • Refactor almost all of the internals in the Struct class to speed things up
      • Added some caches for some other huge speedups
        • Loaded struct cache
        • Loaded CString cache
        • Typeresolver cache
      • Finished implementing MethodList, implemented to avoid duplicate code blocks in objc.py
      • Stopped using structs in MethodList parsing to make things a bit faster
    • Expansive Refactor in the Image class.
      • .linked -> .linked_images
      • Binding tables merged, moved to new .imports: List[Symbol]
      • Exports moved to new .exports: List[Symbol], Export Trie object moved to .export_trie
    • Added .attr to Symbol class, to be used with import symbols
    • New LD64 class; holds methods for editing linking information, etc.
      • Moved load command editing functions to this class
    Source code(tar.gz)
    Source code(zip)
  • 0.17.3(Dec 13, 2021)

    Library

    • Implemented the code and fixed some issues to allow loading (and patching) BytesIO objects (raw bytes in memory that dont exist on disk).

    Example usage of this can be seen here: https://gist.github.com/KritantaDev/b577dafe844d26350b051b482bb71268#file-script-py-L20

    Source code(tar.gz)
    Source code(zip)
  • 0.17.2(Dec 13, 2021)

    Library

    • Add macho_combine(slices: List[Slice]) -> BytesIO to public API
    • Add ignore.OBJC_ERRORS to util class (used in ObjC header gen). Default is True, setting it to False will crash the program when an error is encountered loading any objc metadata.

    Tool

    • Setting --hard-fail on the CLI dump command will toggle the above ignore.OBJC_ERRORS to True, crashing the program whenever an error is encountered loading OBJC metadata.
    Source code(tar.gz)
    Source code(zip)
  • 0.17.1(Dec 9, 2021)

    Library

    • Image class now has attributes .base_name and .install_name, designed to replace the ambiguous .name attribute, which is now deprecated. .install_name will be the Install name of the image, or "" if one isn't specified. .base_name will be the base name (not including path) of the install name, or basename of the filename if one isn't included. the .name attribute is now deprecated and shouldn't be used.
      • This should fix any issues with header gen, GUI related things, etc, regarding non-library images.

    Tool

    • info command now shows full Install name instead of a basename of the install name on Libraries.
    • GUI should now always restore terminal even when exceptions break out of the window.py file.
    • Fixed a minor range issue in GUI flavor text, updated the "welcome" GUI text.
    • GUI now uses cleaner basenames of Install names or Image paths when displaying them.
    • The debug menu in the GUI (click ktool in the top left corner), which shows the output of log, now highlights errors and warnings.
    Source code(tar.gz)
    Source code(zip)
  • 0.17.0(Dec 5, 2021)

    CLI Tool changes

    • Missing flags error message will now show the original flag text (--headers instead of do_headers)
    • Always attempt to tear down curses GUI after it closes (not just after caught exceptions)
    • Implement the new public library API in the CLI tool
    • Update some docstrings
    • Add --no-mmap global flag, which loads a binary without using the mmap module (this is beyond horribly slow at the moment).

    Library changes

    • Add a new public API
    • highly limit the classes imported via the init script in the ktool module (to a few classes, and the new public api
    • Make log error output redirectable, and by default pipe it to stderr
    • move the Table class to .util, since it can be used for both .window and CLI output
    • Add the base structure for fixup processing (not yet implemented, but the pieces are there now.)
    • A ton of project cleanup
    Source code(tar.gz)
    Source code(zip)
  • 0.16.3(Dec 1, 2021)

    • A ton of project cleanup, internal refactoring, etc.
    • Clarified some help strings, README, etc.
    • Fixed the 'edit' command
    • Fixed the fat MachO Generator
    • Implemented some new tests (which highlighted the two above issues)
    Source code(tar.gz)
    Source code(zip)
  • 0.16.2(Nov 28, 2021)

    • Cleaned up some ObjC method list code (this should not affect output)
    • partially implemented support for the 0xD0 binding opcode (although binding info isn't quite right, it doesn't crash now.)
    Source code(tar.gz)
    Source code(zip)
  • 0.16.1(Nov 28, 2021)

    This release implements ObjC Method List "alternative" encoding styles for Categories and Protocols. (direct selectors and relative offsets).

    Categories and Protocols encoded with these enabled (DyldExtractor output) should now load correctly.

    Source code(tar.gz)
    Source code(zip)
  • 0.16.0(Nov 28, 2021)

    I've forgotten to do github releases for a few months or however long. Starting again now.

    Changes with this version:

    • Refactored all variable/classnames using 'Library' to 'Image'. This is more accurate to what MachO Objects are called; ( they're really just called images, "Library" was a leftover from a previous project that only targeted libraries and this should've been refactored long ago. )

    Regarding the changes between the previous release and this one, checking the 100+ commits since then is likely your best bet.

    Source code(tar.gz)
    Source code(zip)
  • 0.7.0(Aug 15, 2021)

  • 0.5.0(Aug 12, 2021)

  • 0.3.4(Aug 8, 2021)

  • 0.3.3(Aug 7, 2021)

  • 0.2.5(Aug 3, 2021)

  • 0.2.3(Aug 3, 2021)

Owner
cynder
macOS/iOS development @ reverse engineering chick. // maintainer of the iPhone Dev Wiki (https://iphonedev.wiki)
cynder
An extensive password manager built using Python, multiple implementations. Something to meet everyone's taste.

An awesome open-sourced password manager! Explore the docs » View Demo · Report Bug · Request Feature 🐍 Python Password Manager 🔐 An extensive passw

Sam R 7 Sep 28, 2021
Uma versão em Python/Ursina do aplicativo Real Drum (android).

Real Drum Descrição Esta é uma versão alternativa feita em Python com a engine Ursina do aplicatio Real Drum (presente no Google Play Store). Como exe

hayukimori 5 Aug 20, 2022
Implemented Exploratory Data Analysis (EDA) using Python.Built a dashboard in Tableau and found that 45.87% of People suffer from heart disease.

Heart_Disease_Diagnostic_Analysis Objective 🎯 The aim of this project is to use the given data and perform ETL and data analysis to infer key metrics

Sultan Shaikh 4 Jan 28, 2022
Amitkumar Mishra 2 Jan 14, 2022
Скрипт позволяет заводить задачи в Панель мониторинга YouTrack на основе парсинга сайта safe-surf.ru

Скрипт позволяет заводить задачи в Панель мониторинга YouTrack на основе парсинга сайта safe-surf.ru

Bad_karma 3 Feb 12, 2022
Utility to play with ADCS, allows to request tickets and collect information about related objects

certi Utility to play with ADCS, allows to request tickets and collect information about related objects. Basically, it's the impacket copy of Certify

Eloy 185 Dec 29, 2022
Morth - Stack Based Programming Language

Morth WARNING! THIS LANGUAGE IS A WORKING PROGRESS. THIS IS JUST A HOBBY PROJECT

Dominik Danner 2 Mar 05, 2022
personal dotfiles for rolling release linux distros

dotfiles Screenshots: Directions: Deploy my dotfiles with yadm Packages from arch listed in .installed-packages Information on osu! see ~/Games/osu!/.

-pacer- 0 Sep 18, 2022
Python solution of advent-of-code 2021

Advent of code 2021 Python solutions of Advent of Code 2021 written by Eric Bouteillon Requirements The solutions were developed and tested using Pyth

Eric Bouteillon 3 Oct 25, 2022
A reproduction repo for a Scheduling bug in AirFlow 2.2.3

A reproduction repo for a Scheduling bug in AirFlow 2.2.3

Ilya Strelnikov 1 Feb 09, 2022
This Curve Editor, written by Jehee Lee in 2015

Splines Abstract This Curve Editor, written by Jehee Lee in 2015, is a freeware. You can use, modify, redistribute the code without restriction. This

Movement Research Lab 8 Mar 11, 2022
Url-check-migration-python - A python script using Apica API's to migrate URL checks between environments

url-check-migration-python A python script using Apica API's to migrate URL chec

Angelo Aquino 1 Feb 16, 2022
Master Duel Card Translator Project

Master Duel Card Translator Project A tool for translating card effects in Yu-Gi-Oh! Master Duel. Quick Start (for Chinese version only) Download the

67 Dec 23, 2022
Ballistic calculator for Airsoft

Ballistic-calculator-for-Airsoft 用于Airsoft的弹道计算器 This is a ballistic calculator for airsoft gun. To calculate your airsoft gun's ballistic, you should

3 Jan 20, 2022
Traductor de webs desde consola usando el servicio de Google Traductor.

proxiGG Traductor de webs desde consola usando el servicio de Google Traductor. Se adjunta el código fuente para Python3 y un binario compilado en C p

@as_informatico 2 Oct 20, 2021
A Python program for calculating the 95%CI for GNSS-derived site velocities

GNSS_Vel_95%CI A Python program for calculating the 95%CI for GNSS-derived site velocities Function_GNSS_95CI.py is a Python function for calculating

<a href=[email protected]"> 4 Dec 16, 2022
Box CRUD API With Python

Box CRUD API: Consider a store which has an inventory of boxes which are all cuboid(which have length breadth and height). Each Cuboid has been added

Akhil Bhalerao 3 Feb 17, 2022
Home Assistant integration for spanish electrical data providers (e.g., datadis)

homeassistant-edata Esta integración para Home Assistant te permite seguir de un vistazo tus consumos y máximas potencias alcanzadas. Para ello, se ap

VMG 163 Jan 05, 2023
This library is an abstraction for Splunk-related development, maintenance, or migration operations

This library is an abstraction for Splunk-related development, maintenance, or migration operations. It provides a single CLI or SDK to conveniently perform various operations such as managing a loca

NEXTPART 6 Dec 21, 2022
Fully coded Apps by Codex.

OpenAI-Codex-Code-Generation Fully coded Apps by Codex. How I use Codex in VSCode to generate multiple completions with autosorting by highest "mean p

nanowell 47 Jan 01, 2023