<p align="center"> <a href="https://github.com/blacktop/symbolicator"><img alt="Symbolicator Logo" src="https://github.com/blacktop/symbolicator/blob/main/docs/logo.png?raw=true" height="400" /></a>  <h3><p align="center"><code>ipsw</code> symbolication signatures</p></h3>  <br>

What 🤔

This repo contains the ipsw symbolication signature files.

How Good 📈

Currently we are sitting at 63.85% on xnu

Getting Started 🚀

Get the signatures

git clone https://github.com/blacktop/symbolicator.git

Symbolicate a kernelcache with ipsw

ipsw kernel sym kernelcache --json --signatures /path/to/symbolicator-repo/kernel

Install IDA Plugin

plugins/ida/install.sh

Now you can apply the symbols to you kernelcache in IDA by pressing Alt+F8

ida-pluging

The first time the IDB if loaded, the plugin will attempt to automatically load the symbols file (This is verified using an indication file with the suffix .symbols_loaded)

Plugins 🔌

Supported Plugins/Scripts

Generate NEW signatures

You can set these ENV VARS to control the the outputed signature's metadata

TARGET The target binary. (e.g. com.apple.driver.AppleMobileFileIntegrity)
MAX_VERSION The maximum version of the target darwin.
MIN_VERSION The minimum version of the target darwin.
JSON_FILE The path to the JSON file. (e.g. /path/to/sig.json)

To generate signatures for xnu

scripts/run.sh --kernel '/path/to/KDK/kernel'

To generate signatures for a kext

scripts/run.sh --kext '/path/to/KDK/kext'

TODO

[ ] add support for global variables/constants
[ ] byte pattern matching
[ ] use arg count to assist in identifying anchor caller (as arg position/register)

Credit

Idea was originally inspired by Jonathan Levin's disarm 'matchers' file.

Symbolicator

Install / Use

README