dyld cache extractor used by OCLP

[jalavoui]

Incomplete macOS 12+ dyld cache extractor. Used by OCLP to support some legacy GPUs and Wi-Fi hardware. 

 

https://github.com/moraea/dsce/tree/better-build

 

this can be used like this to extract extensions, etc

 

./dsce /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h /System/Library/Extensions

./dsce /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h /System/Library/Frameworks/OpenGL.framework/Versions/A/Resources/GLEngine.bundle/GLEngine

 

the result will ber written to the "Out" folder

 

dsce.zip

Edited November 29, 2023 by jalavoui

[jalavoui]

there's a tool to extract /System/Library/KernelCollections

 

https://github.com/vampirecat35/decompkernelcache

 

 

Edited March 31 by jalavoui

[jalavoui]

 

 

 

usage:

./decompkernelcache /System/Library/KernelCollections/SystemKernelExtensions.kc x -kexts

 

for debugging only

 

this kexts from cache need a lot of corrections for external function calls

 

to get this function call zn11MetaClass

 

 

the code bytes from kext in cache need tobe "fixed" like this (in orange)

 

 

original bytes from cache are:

 

 

 

so the __got table is imported like this

 

and need to fix it to look like this

 

and finally patch the wrong calls in code...

 

currently the exported kexts can load in ida pro and ghidra

that was the initial goal

but they can't be used for anything else

 

currently the disasm will produce this for those functions

 

this const refs also need tobe fixed

 

ida pro also looks for symbols in bootsystem.kc

Edited 12 hours ago by jalavoui

[jalavoui]

added very basic BootKernelExtensions.kc support

 

Release.zip