Moving dump_kext to XNU class

X. NU/python/CrimsonUroboros.py

@@ -2607,9 +2607,6 @@ class SandboxProcessor:
         if args.sandbox_profile_data: # Print the sandbox profile data
             snake_instance.printSandboxProfileData()
 
-        if args.dump_kext: # Dump the kernel extension binary from the kernelcache.decompressed file
-            snake_instance.dumpKernelExtensionBinary(args.dump_kext)
-
         if args.extract_sandbox_operations: # Extract sandbox operations from the kernelcache.decompressed file
             snake_instance.printSandboxOperations()
 
@@ -2818,11 +2815,6 @@ class SnakeVIII(SnakeVII):
         else:
             print("No SandboxProfileData found for the given App Bundle.")
 
-    def dumpKernelExtensionBinary(self, kext_name):
-        ''' Dump the kernel extension binary from the kernelcache.decompressed file. 
-        For now it is only wrapper arround ipsw'''
-        os.system(f"ipsw kernel extract {self.file_path} {kext_name} --output .")
-
     def extractSandboxOperations(self):
         ''' Extract sandbox operations from the Sandbox.kext file. '''
         all_strings = self.getStringSection()
@@ -3179,6 +3171,9 @@ class XNUProcessor:
         if args.mig: # Search for MIG subsystem and prints message handlers
             snake_instance.printMIG()
 
+        if args.dump_kext: # Dump the kernel extension binary from the kernelcache.decompressed file
+            snake_instance.dumpKernelExtensionBinary(args.dump_kext)
+
 class SnakeX(SnakeIX):
     def __init__(self, binaries, file_path):
         super().__init__(binaries, file_path)
@@ -3490,6 +3485,11 @@ class SnakeX(SnakeIX):
             for message, details in messages.items():
                 print(f"- {message}: {hex(details['impl_routine'])}")
 
+    def dumpKernelExtensionBinary(self, kext_name):
+        ''' Dump the kernel extension binary from the kernelcache.decompressed file. 
+        For now it is only wrapper arround ipsw'''
+        os.system(f"ipsw kernel extract {self.file_path} {kext_name} --output .")
+
 ### --- ARGUMENT PARSER --- ###  
 class ArgumentParser:
     def __init__(self):
@@ -3644,7 +3644,6 @@ class ArgumentParser:
         sandbox_group.add_argument('--sandbox_system_profiles', action='store_true', help="Print the system profile from the sandbox container metadata in JSON format")
         sandbox_group.add_argument('--sandbox_content_protection', action='store_true', help="Print the content protection from the sandbox container metadata")
         sandbox_group.add_argument('--sandbox_profile_data', action='store_true', help="Print raw bytes ofthe sandbox profile data from the sandbox container metadata")
-        sandbox_group.add_argument('--dump_kext', help="Dump the kernel extension binary from the kernelcache.decompressed file", metavar='kext_name')
         sandbox_group.add_argument('--extract_sandbox_operations', action='store_true', help="Extract sandbox operations from the Sandbox.kext file")
         sandbox_group.add_argument('--extract_sandbox_platform_profile', action='store_true', help="Extract sandbox platform profile from the Sandbox.kext file")
 
@@ -3678,6 +3677,7 @@ class ArgumentParser:
         xnu_group.add_argument('--kext_entry', metavar='kext_name', help="Calculate the virtual memory address of the __start (entrypoint) for the given {kext_name} Kernel Extension")
         xnu_group.add_argument('--kext_exit', metavar='kext_name', help="Calculate the virtual memory address of the __stop (exitpoint) for the given {kext_name} Kernel Extension")
         xnu_group.add_argument('--mig', action='store_true', help="Search for MIG subsystem and prints message handlers")
+        xnu_group.add_argument('--dump_kext', help="Dump the kernel extension binary from the kernelcache.decompressed file", metavar='kext_name')
 
     def parseArgs(self):
         args = self.parser.parse_args()

tests/test_CrimsonUroboros.py

@@ -2385,23 +2385,6 @@ class TestSnakeVIII():
 
         assert expected_output not in uroboros_output
 
-    def test_dump_kext(self):
-        '''Test the --dump_kext flag of SnakeVIII.'''
-        args_list = ['-p', self.kernelcache_path, '--dump_kext', 'sandbox']
-        args = argumentWrapper(args_list)
-        snake_hatchery = SnakeHatchery(args, snake_class)
-        snake_hatchery.hatch()
-
-        def code_block():
-            macho_processor = MachOProcessor()
-            macho_processor.process(args)
-            sandbox_processor = SandboxProcessor()
-            sandbox_processor.process(args)
-
-        executeCodeBlock(code_block)
-        assert os.path.exists("sandbox")
-        os.remove("sandbox")
-
     def test_extract_sandbox_operations(self):
         '''Test the --extract_sandbox_operations flag of SnakeVIII.'''
         a = run_and_get_stdout(f'python3 CrimsonUroboros.py -p {self.kernelcache_path} --dump_kext sandbox')
@@ -2665,7 +2648,7 @@ class TestSnakeIX:
         uroboros_output = executeCodeBlock(code_block)
         assert 'iCloud Access: False' in uroboros_output
 
-class TestSnakeX():
+class TestSnakeX:
     '''Testing X. XNU'''
     @classmethod
     def setup_class(cls):
@@ -2840,3 +2823,20 @@ class TestSnakeX():
         assert expected_output_7 in uroboros_output
         assert expected_output_8 in uroboros_output
         assert expected_output_9 in uroboros_output
+
+    def test_dump_kext(self):
+        '''Test the --dump_kext flag of SnakeX.'''
+        args_list = ['-p', self.kernelcache_path, '--dump_kext', 'sandbox']
+        args = argumentWrapper(args_list)
+        snake_hatchery = SnakeHatchery(args, snake_class)
+        snake_hatchery.hatch()
+
+        def code_block():
+            macho_processor = MachOProcessor()
+            macho_processor.process(args)
+            xnu_processor = XNUProcessor()
+            xnu_processor.process(args)
+
+        executeCodeBlock(code_block)
+        assert os.path.exists("sandbox")
+        os.remove("sandbox")