Fetching Symbols

I'll explain below how to collect the required symbols for iPhone X on iOS version 13.4.1.

Download the firmware from https://ipsw.me/download/iPhone10,3/17E262. Unzip the ipsw.

Now we'll use jtool2 by Jonathan to decompress the kernel cache

#  /Users/ant4g0nist/tools/jtool2/jtool2 -dec kernelcache.release.iphone10b
Decompressed kernel written to /tmp/kernel
#  mv /tmp/kernel kernelcache.decompressed

Open the decompressed kernel in IDA pro or Binary Ninja or whatever you choose and wait for it to finish the analysis.

The symbols we need are:

  • _IOSleep
  • _kernel_map
  • _kernel_thread_start
  • _panic
  • _strncpy
  • _memset
  • _memmove
  • ___stack_chk_fail
  • ___stack_chk_guard
  • _ctl_register
  • ___MALLOC
  • __FREE
  • _current_proc
  • _copyin
  • _copyout