deepinstinct / dsc_fix Goto Github PK

When running the script in IDA Pro 7.0, in the popup, the dyld_shared_cache_arm64 file is always grey, cannot be chosen.What's wrong?

System: macOS 10.12
Some error occur when open dyld_shared_cache_arm64.

/Users/XiaoMi/Desktop/dsc_fix.py: unpack requires a string argument of length 8
Traceback (most recent call last):
File "/Applications/IDA Pro 6.95/idaq64.app/Contents/MacOS/python/ida_idaapi.py", line 509, in IDAPython_ExecScript
execfile(script, g)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 760, in
main()
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 744, in main
adrfind = AddrFinder(dsc_file, cache_symbols=False)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 402, in init
self.indexer.index()
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 377, in index
self.dyldwalker.walk_segments(self._callback, verbose=verbose)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 329, in walk_segments
verbose=verbose)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 338, in walk_images
mappings = dyld_cache_mapping_info(self.cache, header.mapping_count)
File "/Users/XiaoMi/Desktop/dsc_fix.py", line 174, in dyld_cache_mapping_info
ret.append(_dyld_cache_mapping_info(dsc_file))
File "/Us

For instance, using dsc_fix on an iOS 11.3.1 64-bit dyld shared cache will result in nullsub and several empty readdressed functions.

Error You forgot to call set_processor_type()
iOS 11.3.1 dyld shared cache
System : Win10 ida7.0

No such file or directory: 'addrs.txt'
How to get this file?

I get this error when trying to use dsc_fix on MobileCoreServices (tried different version, 9.3.3, 10.0.1, 10.0.2, 10.1) directly opened as a 'single image' from the matching dyld_shared_cache_arm64 which I select in the open dialog presented by dsc_fix:

/Users/nikias/coding/dsc_fix/dsc_fix.py: 'NoneType' object is not iterable
Traceback (most recent call last):
  File "/Applications/IDA Pro 6.95/idaq64.app/Contents/MacOS/python/ida_idaapi.py", line 509, in IDAPython_ExecScript
    execfile(script, g)
  File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 760, in <module>
    main()
  File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 745, in main
    map_shared_bridges(dsc_file, adrfind)
  File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 629, in map_shared_bridges
    label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code)
  File "/Users/nikias/coding/dsc_fix/dsc_fix.py", line 645, in label_and_fix_branch_islands
    dylib_path, dsc_offset, macho_offset = res
TypeError: 'NoneType' object is not iterable

I changed the code to continue anyway like this:

diff --git a/dsc_fix.py b/dsc_fix.py
index 68443f8..e96eabf 100644
--- a/dsc_fix.py
+++ b/dsc_fix.py
@@ -642,6 +642,8 @@ def label_and_fix_branch_islands(dsc_file, adrfind, jmp_to_code):
         res = adrfind.find(addr)
         if not res:
             print "[!] coudln't find addr for addr:", addr
+            i += 1
+            continue
         dylib_path, dsc_offset, macho_offset = res
         exportname = adrfind.get_export_name_for_addr(addr)
         if _IN_IDA:

However in the end, it created the additional segements, but instead of things like B objc_msgSend_0 I see a B loc_<original_address in new segment> that is undefined code, for example something like this:

CPS #0x1F   (hex: 1F 00 00 F1)

Any idea what is wrong here? What is the file you used for your example screenshots so I can try if that works at least?