CalvinBackup/SnakeAppleSecurityFiles
1
0
Fork 0
mirror of https://github.com/Karmaz95/Snake_Apple.git synced 2026-03-30 14:00:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
Karmaz95
2024-04-08 20:48:22 +02:00
parent cec30d1a6d
commit 65fe2b1eae
7 changed files with 434 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -20,7 +20,7 @@ Each article directory contains three subdirectories:
* ☑ [DYLD — Do You Like Death? (IV)](https://karol-mazurek.medium.com/dyld-do-you-like-death-iv-ede6b157752c?sk=v2%2F87ebe38d-004c-41a6-bc1f-43898494a512) - RuntimeLocks | MemoryManager | dyld_hw_tpro | Lambda Capture | withWritableMemory | PAC | arm64e_preview_abi | __ptrauth_dyld_tpro0 | WriteProtectionState | previousState | os_compiler_barrier |
* ☑ [DYLD — Do You Like Death? (V)](https://karol-mazurek.medium.com/dyld-do-you-like-death-v-c40a267573cb?sk=v2%2F4c9f16b2-59bd-406a-945d-10a1fba1001b) - Linker Standard Library | EphemeralAllocator | Dyld Private Memory | PersistentAllocator | vm_allocate | vm_protect | _kernelrpc_mach_vm_allocate_trap | _kernelrpc_mach_vm_protect_trap
* ☑ [DYLD — Do You Like Death? (VI)](https://karol-mazurek.medium.com/dyld-do-you-like-death-vi-1013a69118ff?sk=v2%2F37b3a61f-8483-4b38-977d-7f860944862b) - ProcessConfig | Process::Process | Process::Security | csr_check | CSR_ALLOW_APPLE_INTERNAL | csrctl | syscall_csr_check | AMFI | internalInstall | isRestricted | isFairPlayEncrypted | amfiFlags | amfi_check_dyld_policy_self | ___sandbox_ms | ___mac_syscall | mpo_policy_syscall_t | MAC policy | com.apple.driver.AppleMobileFileIntegrity | _policy_syscall | _check_dyld_policy_internal | macos_Dyld_policy_collect_state | logDyldPolicyData | DYLD_AMFI_FAKE | getAMFI | pruneEnvVars | com.apple.security.cs.allow-dyld-environment-variables
* ☐ [DYLD — Do You Like Death? (VII)]() - ProcessConfig::Logging::Logging
* ☐ [DYLD — Do You Like Death? (VII)](https://karol-mazurek.medium.com/dyld-do-you-like-death-vii-62c202f98610?sk=v2%2Fab26bfcf-ba56-493d-9af3-2d8790ca6208) - ProcessConfig | Process::Logging | Process::dyldCache | DYLD_PRINT_TO_STDERR | DYLD_PRINT_INTERPOSING | allowEnvVarsSharedCache | allowEnvVarsPrint | openLogFile | DYLD_PRINT_TO_FILE | BSD open syscall | DYLD_SHARED_REGION | Shared Library Cache | DYLD_SHARED_CACHE_DIR | dyldCache | CacheFinder | Ignite | ignitionPayload | ignition | open_console | log_init | sysctlbyname | __sysctl | dyld_parse_boot_arg_int | dyld_parse_boot_arg_cstr | libignition | boot_init | stage_fire | getDyldCache | loadDyldCache | mapSplitCachePrivate | reuseExistingCache | mapSplitCacheSystemWide | jettison
* ☑ [VI. AMFI](https://karol-mazurek.medium.com/snake-apple-vi-amfi-31c48fb92d33?sk=v2%2F8116bf86-e0a7-42be-ada9-5348447c01fd)

138
V. Dyld/macos/RE/ignite/_dylib_cache_fire Normal file
View File

@@ -0,0 +1,138 @@
0x10007607c <+0>: pacibsp
0x100076080 <+4>: stp x26, x25, [sp, #-0x50]!
0x100076084 <+8>: stp x24, x23, [sp, #0x10]
0x100076088 <+12>: stp x22, x21, [sp, #0x20]
0x10007608c <+16>: stp x20, x19, [sp, #0x30]
0x100076090 <+20>: stp x29, x30, [sp, #0x40]
0x100076094 <+24>: add x29, sp, #0x40
0x100076098 <+28>: sub sp, sp, #0x440
0x10007609c <+32>: mov x20, x2
0x1000760a0 <+36>: mov x24, x1
0x1000760a4 <+40>: mov x21, x0
0x1000760a8 <+44>: adrp x8, 39
0x1000760ac <+48>: ldr x19, [x8, #0x228]
0x1000760b0 <+52>: mov x0, x2
0x1000760b4 <+56>: bl 0x100074f04 ; boot_get_dylib_root
0x1000760b8 <+60>: mov x23, x0
0x1000760bc <+64>: add x0, sp, #0x40
0x1000760c0 <+68>: mov w1, #0x400
0x1000760c4 <+72>: bl 0x10000dfa0 ; _platform_bzero
0x1000760c8 <+76>: ldr x8, [x24]
0x1000760cc <+80>: cmp x8, x19
0x1000760d0 <+84>: b.lo 0x1000760e8 ; <+108>
0x1000760d4 <+88>: tbnz w23, #0x1f, 0x1000760e8 ; <+108>
0x1000760d8 <+92>: mov w19, #0x55
0x1000760dc <+96>: adrp x25, 28
0x1000760e0 <+100>: add x25, x25, #0xfa0 ; "cryptex"
0x1000760e4 <+104>: b 0x1000760f8 ; <+124>
0x1000760e8 <+108>: ldr w23, [x20, #0x10]
0x1000760ec <+112>: mov w19, #0x13
0x1000760f0 <+116>: adrp x25, 29
0x1000760f4 <+120>: add x25, x25, #0x507 ; "system volume"
0x1000760f8 <+124>: add x22, sp, #0x40
0x1000760fc <+128>: add x0, sp, #0x40
0x100076100 <+132>: bl 0x100074348 ; ignition_get_shared_cache_directory
0x100076104 <+136>: ldrb w8, [sp, #0x41]
0x100076108 <+140>: cmp w8, #0x2f
0x10007610c <+144>: b.eq 0x100076268 ; <+492>
0x100076110 <+148>: add x22, x22, #0x1
0x100076114 <+152>: bl 0x1000110e8 ; getpid
0x100076118 <+156>: ldr x8, [x21]
0x10007611c <+160>: ldr x9, [x24]
0x100076120 <+164>: stp x23, x22, [sp, #0x20]
0x100076124 <+168>: stp x25, x9, [sp, #0x10]
0x100076128 <+172>: stp x0, x8, [sp]
0x10007612c <+176>: adrp x1, 29
0x100076130 <+180>: add x1, x1, #0x531 ; "libignition: %d: %12s: finding shared cache on %s: ignition level = %llu, search root fd = %d, subpath = %s\n"
0x100076134 <+184>: mov w0, #-0x1
0x100076138 <+188>: bl 0x100073150 ; dlog
0x10007613c <+192>: mov x0, x23
0x100076140 <+196>: mov x1, x22
0x100076144 <+200>: mov w2, #0x100000
0x100076148 <+204>: bl 0x10007dda8 ; openat
0x10007614c <+208>: mov x23, x0
0x100076150 <+212>: str w0, [sp, #0x3c]
0x100076154 <+216>: bl 0x10000eeac ; __error
0x100076158 <+220>: tbnz w23, #0x1f, 0x100076164 ; <+232>
0x10007615c <+224>: str wzr, [x0]
0x100076160 <+228>: b 0x10007616c ; <+240>
0x100076164 <+232>: ldr w8, [x0]
0x100076168 <+236>: cbz w8, 0x100076278 ; <+508>
0x10007616c <+240>: bl 0x10000eeac ; __error
0x100076170 <+244>: ldr w8, [x0]
0x100076174 <+248>: cmp w8, #0x2
0x100076178 <+252>: b.eq 0x1000761d4 ; <+344>
0x10007617c <+256>: cbnz w8, 0x100076208 ; <+396>
0x100076180 <+260>: ldr w0, [sp, #0x3c]
0x100076184 <+264>: adrp x2, 29
0x100076188 <+268>: add x2, x2, #0x5a5 ; "dylib cache path"
0x10007618c <+272>: add x19, sp, #0x40
0x100076190 <+276>: add x1, sp, #0x40
0x100076194 <+280>: bl 0x100073d08 ; realpathfd
0x100076198 <+284>: bl 0x1000110e8 ; getpid
0x10007619c <+288>: ldr x8, [x21]
0x1000761a0 <+292>: stp x8, x19, [sp, #0x8]
0x1000761a4 <+296>: str x0, [sp]
0x1000761a8 <+300>: adrp x1, 29
0x1000761ac <+304>: add x1, x1, #0x5b6 ; "libignition: %d: %12s: opened shared cache directory: %s\n"
0x1000761b0 <+308>: mov w0, #-0x1
0x1000761b4 <+312>: bl 0x100073150 ; dlog
0x1000761b8 <+316>: adrp x1, 39
0x1000761bc <+320>: add x1, x1, #0x9d0 ; _boot_root_dylib_cache
0x1000761c0 <+324>: add x2, sp, #0x3c
0x1000761c4 <+328>: mov x0, x20
0x1000761c8 <+332>: bl 0x100074df8 ; boot_set_root
0x1000761cc <+336>: mov w19, #0x0
0x1000761d0 <+340>: b 0x1000761f4 ; <+376>
0x1000761d4 <+344>: bl 0x1000110e8 ; getpid
0x1000761d8 <+348>: ldr x8, [x21]
0x1000761dc <+352>: stp x25, x22, [sp, #0x10]
0x1000761e0 <+356>: stp x0, x8, [sp]
0x1000761e4 <+360>: adrp x1, 29
0x1000761e8 <+364>: add x1, x1, #0x5f0 ; "libignition: %d: %12s: shared cache not found: root = %s, path = %s\n"
0x1000761ec <+368>: mov w0, #-0x1
0x1000761f0 <+372>: bl 0x100073150 ; dlog
0x1000761f4 <+376>: adrp x1, 29
0x1000761f8 <+380>: add x1, x1, #0x671 ; "shared cache directory"
0x1000761fc <+384>: add x0, sp, #0x3c
0x100076200 <+388>: bl 0x100073b4c ; closefd_optional
0x100076204 <+392>: b 0x100076248 ; <+460>
0x100076208 <+396>: bl 0x10000eeac ; __error
0x10007620c <+400>: ldr w19, [x0]
0x100076210 <+404>: bl 0x1000110e8 ; getpid
0x100076214 <+408>: ldr x8, [x21]
0x100076218 <+412>: stp x22, x19, [sp, #0x10]
0x10007621c <+416>: stp x0, x8, [sp]
0x100076220 <+420>: adrp x1, 29
0x100076224 <+424>: add x1, x1, #0x635 ; "libignition: %d: %12s: failed to open shared cache: %s: %d\n"
0x100076228 <+428>: mov w0, #-0x1
0x10007622c <+432>: bl 0x100073150 ; dlog
0x100076230 <+436>: adrp x1, 29
0x100076234 <+440>: add x1, x1, #0x671 ; "shared cache directory"
0x100076238 <+444>: add x0, sp, #0x3c
0x10007623c <+448>: bl 0x100073b4c ; closefd_optional
0x100076240 <+452>: cmp w19, #0x6a
0x100076244 <+456>: b.hs 0x100076294 ; <+536>
0x100076248 <+460>: mov x0, x19
0x10007624c <+464>: add sp, sp, #0x440
0x100076250 <+468>: ldp x29, x30, [sp, #0x40]
0x100076254 <+472>: ldp x20, x19, [sp, #0x30]
0x100076258 <+476>: ldp x22, x21, [sp, #0x20]
0x10007625c <+480>: ldp x24, x23, [sp, #0x10]
0x100076260 <+484>: ldp x26, x25, [sp], #0x50
0x100076264 <+488>: retab
0x100076268 <+492>: str x22, [sp]
0x10007626c <+496>: adrp x0, 29
0x100076270 <+500>: add x0, x0, #0x515 ; "bogus shared cache path: %s"
0x100076274 <+504>: bl 0x10007662c ; dyld_halt
0x100076278 <+508>: sxtw x8, w23
0x10007627c <+512>: adrp x9, 29
0x100076280 <+516>: add x9, x9, #0x59e ; "dycash"
0x100076284 <+520>: stp x9, x8, [sp]
0x100076288 <+524>: adrp x0, 28
0x10007628c <+528>: add x0, x0, #0xa31 ; "errno unset, wrong return value being checked?: %s = %lld"
0x100076290 <+532>: bl 0x10007662c ; dyld_halt
0x100076294 <+536>: str x19, [sp]
0x100076298 <+540>: adrp x0, 28
0x10007629c <+544>: add x0, x0, #0xba2 ; "error not set to valid posix code: %d"
0x1000762a0 <+548>: bl 0x10007662c ; dyld_halt

90
V. Dyld/macos/RE/ignite/_graft_fetch_fire Normal file
View File

@@ -0,0 +1,90 @@
0x100073230 <+0>: pacibsp
0x100073234 <+4>: sub sp, sp, #0x50
0x100073238 <+8>: stp x22, x21, [sp, #0x20]
0x10007323c <+12>: stp x20, x19, [sp, #0x30]
0x100073240 <+16>: stp x29, x30, [sp, #0x40]
0x100073244 <+20>: add x29, sp, #0x40
0x100073248 <+24>: mov x19, x2
0x10007324c <+28>: mov x20, x0
0x100073250 <+32>: mov w8, #-0x1
0x100073254 <+36>: str w8, [sp, #0x18]
0x100073258 <+40>: ldr w0, [x2, #0x10]
0x10007325c <+44>: adrp x8, 42
0x100073260 <+48>: ldr x1, [x8, #0x5c0]
0x100073264 <+52>: mov w2, #0x100000
0x100073268 <+56>: bl 0x10007dda8 ; openat
0x10007326c <+60>: mov x21, x0
0x100073270 <+64>: str w0, [sp, #0x1c]
0x100073274 <+68>: bl 0x10000eeac ; __error
0x100073278 <+72>: tbnz w21, #0x1f, 0x100073284 ; <+84>
0x10007327c <+76>: str wzr, [x0]
0x100073280 <+80>: b 0x10007328c ; <+92>
0x100073284 <+84>: ldr w8, [x0]
0x100073288 <+88>: cbz w8, 0x10007337c ; <+332>
0x10007328c <+92>: bl 0x10000eeac ; __error
0x100073290 <+96>: ldr w8, [x0]
0x100073294 <+100>: cmp w8, #0x2
0x100073298 <+104>: b.eq 0x1000732b8 ; <+136>
0x10007329c <+108>: cbnz w8, 0x100073304 ; <+212>
0x1000732a0 <+112>: ldr w0, [sp, #0x1c]
0x1000732a4 <+116>: adrp x1, 31
0x1000732a8 <+120>: add x1, x1, #0x2d4 ; "os cryptex canonical directory"
0x1000732ac <+124>: bl 0x100073bf4 ; dupfd
0x1000732b0 <+128>: str w0, [sp, #0x18]
0x1000732b4 <+132>: b 0x1000732d4 ; <+164>
0x1000732b8 <+136>: bl 0x1000110e8 ; getpid
0x1000732bc <+140>: ldr x8, [x20]
0x1000732c0 <+144>: stp x0, x8, [sp]
0x1000732c4 <+148>: adrp x1, 31
0x1000732c8 <+152>: add x1, x1, #0x2f3 ; "libignition: %d: %12s: no os cryptex available; continuing\n"
0x1000732cc <+156>: mov w0, #-0x1
0x1000732d0 <+160>: bl 0x100073150 ; dlog
0x1000732d4 <+164>: adrp x1, 42
0x1000732d8 <+168>: add x1, x1, #0x990 ; _boot_root_canonical_os
0x1000732dc <+172>: add x2, sp, #0x1c
0x1000732e0 <+176>: mov x0, x19
0x1000732e4 <+180>: bl 0x100074df8 ; boot_set_root
0x1000732e8 <+184>: adrp x1, 42
0x1000732ec <+188>: add x1, x1, #0x930 ; _boot_root_cryptex_os
0x1000732f0 <+192>: add x2, sp, #0x18
0x1000732f4 <+196>: mov x0, x19
0x1000732f8 <+200>: bl 0x100074df8 ; boot_set_root
0x1000732fc <+204>: mov w19, #0x0
0x100073300 <+208>: b 0x10007332c ; <+252>
0x100073304 <+212>: bl 0x10000eeac ; __error
0x100073308 <+216>: ldr w19, [x0]
0x10007330c <+220>: bl 0x1000110e8 ; getpid
0x100073310 <+224>: ldr x8, [x20]
0x100073314 <+228>: stp x8, x19, [sp, #0x8]
0x100073318 <+232>: str x0, [sp]
0x10007331c <+236>: adrp x1, 31
0x100073320 <+240>: add x1, x1, #0x32f ; "libignition: %d: %12s: failed to open os cryptex canonical directory: %d\n"
0x100073324 <+244>: mov w0, #-0x1
0x100073328 <+248>: bl 0x100073150 ; dlog
0x10007332c <+252>: adrp x1, 31
0x100073330 <+256>: add x1, x1, #0x2d4 ; "os cryptex canonical directory"
0x100073334 <+260>: add x0, sp, #0x1c
0x100073338 <+264>: bl 0x100073b4c ; closefd_optional
0x10007333c <+268>: adrp x1, 31
0x100073340 <+272>: add x1, x1, #0x379 ; "os cryptex canonical directory [dup]"
0x100073344 <+276>: add x0, sp, #0x18
0x100073348 <+280>: bl 0x100073b4c ; closefd_optional
0x10007334c <+284>: cmp w19, #0x6a
0x100073350 <+288>: b.hs 0x10007336c ; <+316>
0x100073354 <+292>: mov x0, x19
0x100073358 <+296>: ldp x29, x30, [sp, #0x40]
0x10007335c <+300>: ldp x20, x19, [sp, #0x30]
0x100073360 <+304>: ldp x22, x21, [sp, #0x20]
0x100073364 <+308>: add sp, sp, #0x50
0x100073368 <+312>: retab
0x10007336c <+316>: str x19, [sp]
0x100073370 <+320>: adrp x0, 31
0x100073374 <+324>: add x0, x0, #0xba2 ; "error not set to valid posix code: %d"
0x100073378 <+328>: bl 0x10007662c ; dyld_halt
0x10007337c <+332>: sxtw x8, w21
0x100073380 <+336>: adrp x9, 31
0x100073384 <+340>: add x9, x9, #0x2d0 ; "cnl"
0x100073388 <+344>: stp x9, x8, [sp]
0x10007338c <+348>: adrp x0, 31
0x100073390 <+352>: add x0, x0, #0xa31 ; "errno unset, wrong return value being checked?: %s = %lld"
0x100073394 <+356>: bl 0x10007662c ; dyld_halt

156
V. Dyld/macos/RE/ignite/_graft_select_fire Normal file
View File

@@ -0,0 +1,156 @@
-> 0x100072e38 <+0>: pacibsp
0x100072e3c <+4>: stp x28, x27, [sp, #-0x50]!
0x100072e40 <+8>: stp x24, x23, [sp, #0x10]
0x100072e44 <+12>: stp x22, x21, [sp, #0x20]
0x100072e48 <+16>: stp x20, x19, [sp, #0x30]
0x100072e4c <+20>: stp x29, x30, [sp, #0x40]
0x100072e50 <+24>: add x29, sp, #0x40
0x100072e54 <+28>: sub sp, sp, #0x4b0
0x100072e58 <+32>: mov x19, x2
0x100072e5c <+36>: mov x22, x1
0x100072e60 <+40>: mov x20, x0
0x100072e64 <+44>: ldr w21, [x2, #0x10]
0x100072e68 <+48>: mov x0, x2
0x100072e6c <+52>: bl 0x100074f04 ; boot_get_dylib_root
0x100072e70 <+56>: mov x23, x0
0x100072e74 <+60>: add x24, sp, #0xb0
0x100072e78 <+64>: add x0, sp, #0xb0
0x100072e7c <+68>: mov w1, #0x400
0x100072e80 <+72>: bl 0x10000dfa0 ; _platform_bzero
0x100072e84 <+76>: movi.2d v0, #0000000000000000
0x100072e88 <+80>: stp q0, q0, [sp, #0x90]
0x100072e8c <+84>: stp q0, q0, [sp, #0x70]
0x100072e90 <+88>: stp q0, q0, [sp, #0x50]
0x100072e94 <+92>: stp q0, q0, [sp, #0x30]
0x100072e98 <+96>: str q0, [sp, #0x20]
0x100072e9c <+100>: tbnz w23, #0x1f, 0x100072edc ; <+164>
0x100072ea0 <+104>: add x0, sp, #0xb0
0x100072ea4 <+108>: bl 0x100074348 ; ignition_get_shared_cache_directory
0x100072ea8 <+112>: ldrb w8, [sp, #0xb1]
0x100072eac <+116>: cmp w8, #0x2f
0x100072eb0 <+120>: b.eq 0x100073078 ; <+576>
0x100072eb4 <+124>: add x1, x24, #0x1
0x100072eb8 <+128>: add x2, sp, #0x20
0x100072ebc <+132>: mov x0, x23
0x100072ec0 <+136>: mov w3, #0x0
0x100072ec4 <+140>: bl 0x10007a4a8 ; fstatat64
0x100072ec8 <+144>: mov x23, x0
0x100072ecc <+148>: bl 0x10000eeac ; __error
0x100072ed0 <+152>: tbnz w23, #0x1f, 0x100072efc ; <+196>
0x100072ed4 <+156>: str wzr, [x0]
0x100072ed8 <+160>: b 0x100072f04 ; <+204>
0x100072edc <+164>: bl 0x1000110e8 ; getpid
0x100072ee0 <+168>: ldr x8, [x20]
0x100072ee4 <+172>: stp x0, x8, [sp]
0x100072ee8 <+176>: adrp x1, 32
0x100072eec <+180>: add x1, x1, #0x91 ; "libignition: %d: %12s: cryptex graft point not present; not using fallback\n"
0x100072ef0 <+184>: mov w0, #-0x1
0x100072ef4 <+188>: bl 0x100073150 ; dlog
0x100072ef8 <+192>: b 0x100073044 ; <+524>
0x100072efc <+196>: ldr w8, [x0]
0x100072f00 <+200>: cbz w8, 0x10007308c ; <+596>
0x100072f04 <+204>: bl 0x10000eeac ; __error
0x100072f08 <+208>: ldr w8, [x0]
0x100072f0c <+212>: cmp w8, #0x2
0x100072f10 <+216>: b.eq 0x100072f40 ; <+264>
0x100072f14 <+220>: cbnz w8, 0x100072f4c ; <+276>
0x100072f18 <+224>: ldrh w8, [sp, #0x24]
0x100072f1c <+228>: and w8, w8, #0xf000
0x100072f20 <+232>: cmp w8, #0x4, lsl #12 ; =0x4000
0x100072f24 <+236>: b.ne 0x100072f88 ; <+336>
0x100072f28 <+240>: bl 0x1000110e8 ; getpid
0x100072f2c <+244>: ldr x8, [x20]
0x100072f30 <+248>: stp x0, x8, [sp]
0x100072f34 <+252>: adrp x1, 32
0x100072f38 <+256>: add x1, x1, #0xfe ; "libignition: %d: %12s: dylib cache directory present; not overriding\n"
0x100072f3c <+260>: b 0x100072f70 ; <+312>
0x100072f40 <+264>: adrp x23, 32
0x100072f44 <+268>: add x23, x23, #0x144 ; "no dylib cache directory"
0x100072f48 <+272>: b 0x100072f90 ; <+344>
0x100072f4c <+276>: bl 0x1000110e8 ; getpid
0x100072f50 <+280>: mov x21, x0
0x100072f54 <+284>: ldr x23, [x20]
0x100072f58 <+288>: bl 0x10000eeac ; __error
0x100072f5c <+292>: ldr w8, [x0]
0x100072f60 <+296>: stp x23, x8, [sp, #0x8]
0x100072f64 <+300>: str x21, [sp]
0x100072f68 <+304>: adrp x1, 32
0x100072f6c <+308>: add x1, x1, #0x15d ; "libignition: %d: %12s: failed to stat dylib cache directory: %d\n"
0x100072f70 <+312>: mov w21, #-0x1
0x100072f74 <+316>: mov w0, #-0x1
0x100072f78 <+320>: bl 0x100073150 ; dlog
0x100072f7c <+324>: adrp x23, 22
0x100072f80 <+328>: add x23, x23, #0x45 ; ""
0x100072f84 <+332>: b 0x100072f90 ; <+344>
0x100072f88 <+336>: adrp x23, 32
0x100072f8c <+340>: add x23, x23, #0xdd ; "dylib cache path not a directory"
0x100072f90 <+344>: ldr x16, [x22, #0x10]
0x100072f94 <+348>: cmp x16, #0x3
0x100072f98 <+352>: b.hi 0x100073000 ; <+456>
0x100072f9c <+356>: cmp x16, #0x3
0x100072fa0 <+360>: csel x16, x16, xzr, ls
0x100072fa4 <+364>: adrp x17, 1
0x100072fa8 <+368>: add x17, x17, #0xa8 ; ___lldb_unnamed_symbol3296
0x100072fac <+372>: ldrsw x16, [x17, x16, lsl #2]
0x100072fb0 <+376>: adr x17, #0x0 ; <+376>
0x100072fb4 <+380>: add x16, x17, x16
0x100072fb8 <+384>: br x16
0x100072fbc <+388>: bl 0x1000110e8 ; getpid
0x100072fc0 <+392>: ldr x8, [x20]
0x100072fc4 <+396>: stp x0, x8, [sp]
0x100072fc8 <+400>: adrp x1, 32
0x100072fcc <+404>: add x1, x1, #0x19e ; "libignition: %d: %12s: not forcing root fallback\n"
0x100072fd0 <+408>: mov w0, #-0x1
0x100072fd4 <+412>: bl 0x100073150 ; dlog
0x100072fd8 <+416>: tbz w21, #0x1f, 0x100073004 ; <+460>
0x100072fdc <+420>: b 0x100073044 ; <+524>
0x100072fe0 <+424>: ldr w21, [x19, #0x20]
0x100072fe4 <+428>: adrp x23, 32
0x100072fe8 <+432>: add x23, x23, #0x1d0 ; "boot-arg forced cryptex fallback"
0x100072fec <+436>: tbz w21, #0x1f, 0x100073004 ; <+460>
0x100072ff0 <+440>: b 0x100073044 ; <+524>
0x100072ff4 <+444>: ldr w21, [x19, #0x30]
0x100072ff8 <+448>: adrp x23, 32
0x100072ffc <+452>: add x23, x23, #0x1f1 ; "boot-arg forced livefs fallback"
0x100073000 <+456>: tbnz w21, #0x1f, 0x100073044 ; <+524>
0x100073004 <+460>: bl 0x1000110e8 ; getpid
0x100073008 <+464>: ldr x8, [x20]
0x10007300c <+468>: stp x8, x23, [sp, #0x8]
0x100073010 <+472>: str x0, [sp]
0x100073014 <+476>: adrp x1, 31
0x100073018 <+480>: add x1, x1, #0x231 ; "libignition: %d: %12s: overriding os cryptex root: %s\n"
0x10007301c <+484>: mov w0, #-0x1
0x100073020 <+488>: bl 0x100073150 ; dlog
0x100073024 <+492>: adrp x1, 31
0x100073028 <+496>: add x1, x1, #0x268 ; "fallback root"
0x10007302c <+500>: mov x0, x21
0x100073030 <+504>: bl 0x100073bf4 ; dupfd
0x100073034 <+508>: str w0, [sp, #0x1c]
0x100073038 <+512>: add x1, sp, #0x1c
0x10007303c <+516>: mov x0, x19
0x100073040 <+520>: bl 0x100074ef4 ; boot_set_dylib_root
0x100073044 <+524>: mov w0, #0x0
0x100073048 <+528>: add sp, sp, #0x4b0
0x10007304c <+532>: ldp x29, x30, [sp, #0x40]
0x100073050 <+536>: ldp x20, x19, [sp, #0x30]
0x100073054 <+540>: ldp x22, x21, [sp, #0x20]
0x100073058 <+544>: ldp x24, x23, [sp, #0x10]
0x10007305c <+548>: ldp x28, x27, [sp], #0x50
0x100073060 <+552>: retab
0x100073064 <+556>: ldr w21, [x19, #0x10]
0x100073068 <+560>: adrp x23, 31
0x10007306c <+564>: add x23, x23, #0x211 ; "boot-arg forced rootfs fallback"
0x100073070 <+568>: tbz w21, #0x1f, 0x100073004 ; <+460>
0x100073074 <+572>: b 0x100073044 ; <+524>
0x100073078 <+576>: add x8, sp, #0xb0
0x10007307c <+580>: str x8, [sp]
0x100073080 <+584>: adrp x0, 32
0x100073084 <+588>: add x0, x0, #0x515 ; "bogus shared cache path: %s"
0x100073088 <+592>: bl 0x10007662c ; dyld_halt
0x10007308c <+596>: sxtw x8, w23
0x100073090 <+600>: adrp x9, 31
0x100073094 <+604>: add x9, x9, #0xa6b ; "ret"
0x100073098 <+608>: stp x9, x8, [sp]
0x10007309c <+612>: adrp x0, 31
0x1000730a0 <+616>: add x0, x0, #0xa31 ; "errno unset, wrong return value being checked?: %s = %lld"
0x1000730a4 <+620>: bl 0x10007662c ; dyld_halt

26
V. Dyld/macos/RE/ignite/_hello_fire Normal file
View File

@@ -0,0 +1,26 @@
0x100071984 <+0>: pacibsp
0x100071988 <+4>: sub sp, sp, #0x50
0x10007198c <+8>: stp x22, x21, [sp, #0x20]
0x100071990 <+12>: stp x20, x19, [sp, #0x30]
0x100071994 <+16>: stp x29, x30, [sp, #0x40]
0x100071998 <+20>: add x29, sp, #0x40
0x10007199c <+24>: mov x19, x0
0x1000719a0 <+28>: bl 0x100075b7c ; configuration
0x1000719a4 <+32>: mov x20, x0
0x1000719a8 <+36>: bl 0x1000110e8 ; getpid
0x1000719ac <+40>: mov x21, x0
0x1000719b0 <+44>: ldr x19, [x19]
0x1000719b4 <+48>: ldr x20, [x20, #0x8]
0x1000719b8 <+52>: bl 0x1000110e8 ; getpid
0x1000719bc <+56>: stp x20, x0, [sp, #0x10]
0x1000719c0 <+60>: stp x21, x19, [sp]
0x1000719c4 <+64>: adrp x1, 32
0x1000719c8 <+68>: add x1, x1, #0x32f ; "libignition: %d: %12s: hello from %s.%d\n"
0x1000719cc <+72>: mov w0, #-0x1
0x1000719d0 <+76>: bl 0x100073150 ; dlog
0x1000719d4 <+80>: mov w0, #0x0
0x1000719d8 <+84>: ldp x29, x30, [sp, #0x40]
0x1000719dc <+88>: ldp x20, x19, [sp, #0x30]
0x1000719e0 <+92>: ldp x22, x21, [sp, #0x20]
0x1000719e4 <+96>: add sp, sp, #0x50
0x1000719e8 <+100>: retab

2
V. Dyld/macos/RE/ignite/_stage_goodbye Normal file
View File

@@ -0,0 +1,2 @@
0x100071b60 <+0>: mov w0, #0x0
0x100071b64 <+4>: ret

21
V. Dyld/macos/RE/ignite/ignition_get_shared_cache_directory Normal file
View File

@@ -0,0 +1,21 @@
0x100074348 <+0>: pacibsp
0x10007434c <+4>: stp x20, x19, [sp, #-0x20]!
0x100074350 <+8>: stp x29, x30, [sp, #0x10]
0x100074354 <+12>: add x29, sp, #0x10
0x100074358 <+16>: mov x19, x0
0x10007435c <+20>: bl 0x100075b7c ; configuration
0x100074360 <+24>: ldr x8, [x0]
0x100074364 <+28>: ldr w8, [x8, #0x24]
0x100074368 <+32>: adrp x9, 19
0x10007436c <+36>: add x9, x9, #0xd84 ; "/System/Library/dyld/"
0x100074370 <+40>: adrp x10, 19
0x100074374 <+44>: add x10, x10, #0xd5d ; "/System/DriverKit/System/Library/dyld/"
0x100074378 <+48>: cmp w8, #0xa
0x10007437c <+52>: csel x1, x10, x9, eq
0x100074380 <+56>: mov x0, x19
0x100074384 <+60>: mov w2, #0x400
0x100074388 <+64>: bl 0x10000e760 ; strlcpy
0x10007438c <+68>: mov x0, x19
0x100074390 <+72>: ldp x29, x30, [sp, #0x10]
0x100074394 <+76>: ldp x20, x19, [sp], #0x20
0x100074398 <+80>: retab