DyldExtractor __EXTRA_OBJC_hidden entries are not fully analyzed

Describe the bug

Shown above are the entries of setUserInteractionEnabled: selector and SBUIFlashlightController class inside FlashlightModule binary, respectively.

When classes are like that, the pseudocode generates this (focus on line 17):

To Reproduce

iOS 15.5
dyld_shared_cache_arm64 of iPod9,1 (https://www.theiphonewiki.com/wiki/Firmware/iPod_touch/15.x)
Terminal command to reproduce.

Additional context Add any other context about the problem here.

Dec 04 '22 01:12 PoomSmart

I checked the class structures and they looked perfectly okay, and in Ghidra it also had the same issue with off_1F856B8F8, except it properly had objc_msgSend instead of unk_1f856B210.

The only thing I can think of is that, it doesn't like it when a class reference pointer is not bound with bind information, which this binary doesn't have.

I also tried to force Ghidra to process the __objc_classrefs section normally by changing the section name to __objc_classlist, but the issue still persists. Due to this, I believe Ghidra and likely IDA, rely on export and bind info instead of ObjC runtime info for psudocode generation.

I'm very sorry for the inconvenience.

Dec 04 '22 23:12 arandomdev

It's alright : ) take your time if thought to be possible

Dec 04 '22 23:12 PoomSmart

I was able to get DyldExtractorC to the point where it could generate bind info and test out my theory above. I have also attached the extracted binary if you want to test it out in IDA. FlashlightModule.zip

There's still a lot of ObjC stuff that needs to be implemented, but I first wanted to share this with you.

Feb 09 '23 02:02 arandomdev

@arandomdev Much appreciated. Tested on IDA. It got better pseudocode.

Feb 09 '23 13:02 PoomSmart