jelbrekLib icon indicating copy to clipboard operation
jelbrekLib copied to clipboard

Published 20 hours ago verified publisher icon jakeajames

Kernel Symbol finder

Open brandonplank opened this issue 5 years ago • 6 comments

[] Initializing the jelbrekLib [i] offsets selected for iOS 13.0 or above [] copying to /var/root/Documents/29.04.20:22.46.05_kernelcache [+] Initialized KernelSymbolFinder [+] Initialized patchfinder [+] kexecute: got user client: 0x240b [+] tfp0 = 0x9987 [+] kbase = 0xfffffff02104c000 [+] kslide = 0x000000001a048000 [+] trying to find _serial_putc [i] MAGIC = 0xbebafeca [!] Unrecognized file [+] _serial_putc = 0xffffffffffffffff

brandonplank avatar Apr 30 '20 04:04 brandonplank

This seems to deal with the kernelcache decompression being FAT

brandonplank avatar Apr 30 '20 04:04 brandonplank

Ok I can fix that, but is there any point in using the symbol finder anymore? It won't work for automation purposes because not all kernels have symbols. And if you don't care about automation you can always do it manually.

jakeajames avatar Apr 30 '20 15:04 jakeajames

How would you go about finding it manually?

brandonplank avatar Apr 30 '20 17:04 brandonplank

nm kernelcache | grep "SYMBOL"

or

jtool -S kernelcache | grep "SYMBOL"

jakeajames avatar Apr 30 '20 18:04 jakeajames

Ah, well for what I’m using it for is to find a symbol for any device that uses it.

brandonplank avatar Apr 30 '20 18:04 brandonplank

As I said, automation can't be done because it won't work for every device. Many devices don't have symbols at all.

jakeajames avatar Apr 30 '20 19:04 jakeajames