Jump to content

decompkernelcache V1.8 for Win+Mac - apps to decompress kernel cache of Yosemite and older (LZVN+LZSS) and updated kext_tools for Mavericks

decompress LZVN kernelcache Yosemite 10.10 compression decomplzvn AnV Software Appple Chameleon

  • Please log in to reply
68 replies to this topic

#61
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,884 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

I'v found a simply method do reduce the linked kexts to only one from the kernelcache decompressed with your tool. can be intrestering?
Sorry but now I'm away from Home..

Segments and sections and sizes and count adjusted?

Cool!



#62
Micky1979

Micky1979

    I realized that I am lucky

  • Retired
  • 4,865 posts
  • Gender:Male
  • Location:a 100m dal Tevere, vicino a Peppe
please wait I'll send you a PM in 5/10 minutes

#63
Download-Fritz

Download-Fritz

    ygolohcysp desreveR

  • Developers
  • 909 posts
  • Gender:Not Telling

Hey Andy and thanks for your (h)andy tool (ba dumm tsss).

 

Anyway, I just used it to decompress the prelinkedkernel (which is equal to kernelcache) on El Capitan Public Beta 1 (= Developer Beta 3) and at first sight it works great. Though I did a comparison between the original uncompressed kernel and the kernel decompressed by your tool and I noticed 21 changes varying between changing single and inserting/deleting multiple bytes. The kernel have exactly the same length and all strings are intact. I rebuild the cache twice to make sure it's not an older kernel version cached.

 

Two options: Either the decompression code needs an update to El Cap, or Apple manipulates the kernel before caching... Any ideas?



#64
Slice

Slice

    InsanelyMac V.I.P.

  • Local Moderators
  • 6,804 posts
  • Gender:Male
  • Location:Moscow

These changes does not come from Clover's kernel patching?



#65
Download-Fritz

Download-Fritz

    ygolohcysp desreveR

  • Developers
  • 909 posts
  • Gender:Not Telling

I used both files from the HDD, for the prelinkedkernel I removed the header and everything behind the length of the normal kernel.



#66
Pike R. Alpha

Pike R. Alpha

    InsanelyMac Legend

  • Developers
  • 525 posts
  • Gender:Male
FYI: I ran LZVN on the prelinkedkernel and compared it. Here's the result:

cmp -l prelinkedkernel_15A244d_unpacked /S*/L*/Kernels/kernel

3123 306 264
3130  40   0
3131  44   0
3132   2   0
3138 140   0
3139 243 214
3146  40   0
3147  44   0
3148   2   0
3203 306 264
3210  40   0
3211  44   0
3212   2   0
3218 140   0
3219 243 214
3506 120  60
3507 352 264
3508   2   0
3514 200   0
3515  53   0
3522 200   0
3523 307 214
3524   2   0
3529 315   0
3530 166   0
3531  53   0
3586 120  60
3587 352 264
3588   2   0
3593 315   0
3594 166   0
3595  53   0
3602 200   0
3603 307 214
3604   2   0l
Nothing fancy going on. Only the _PRELINKED_TEXT and _PRELINKED_INFO load commands changed. Of course.

#67
Download-Fritz

Download-Fritz

    ygolohcysp desreveR

  • Developers
  • 909 posts
  • Gender:Not Telling

Oh yeah, of course. Got a little confused by Hex Workshop displaying a chunk that was barely altered entirely as 'replaced'. Thanks for clearing up.



#68
THe KiNG

THe KiNG

    InsanelyMac Legend

  • Retired Developers
  • 1,049 posts
  • Gender:Male

Oh yeah, of course. Got a little confused by Hex Workshop displaying a chunk that was barely altered entirely as 'replaced'. Thanks for clearing up.

Yeah HexWorkshop even is the best windows hex editor(IMHO) sucks on compare function, use UltraCompare or other tool for windows...



#69
cecekpawon

cecekpawon

    InsanelyMac Legend

  • Developers
  • 963 posts
  • Gender:Male

Hello, sorry to bump this old thread. Months ago Apple has release LZFSE compressor including LZVN into public. Is there any major differences with yours? It would be awesome if someone can port it to work with EDK2, because I cannt make it run to decode simple AppleLogoPacked :) With this approach (EmbeddedOSFirmware, some people told its an part of watchOS applied to new touchbar) they can easily decompress bundled kernelcache / dmg with LZFSE, but not with macos kernelcache / LZVN:

Spoiler






Also tagged with one or more of these keywords: decompress, LZVN, kernelcache, Yosemite, 10.10, compression, decomplzvn, AnV Software, Appple, Chameleon


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2017 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy