A CLI for extracting libraries from Apple's dyld shared cache file

Related tags

Command-line dyld-shared-cache-extractor
Overview

dyld-shared-cache-extractor

As of macOS Big Sur, instead of shipping the system libraries with macOS, Apple ships a generated cache of all built in dynamic libraries and excludes the originals. This tool allows you to extract these libraries from the cache for reverse engineering.

Usage

Extract the default shared cache to /tmp/libraries:

dyld-shared-cache-extractor /System/Library/dyld/dyld_shared_cache_arm64e /tmp/libraries

Installation

Homebrew:

brew install keith/formulae/dyld-shared-cache-extractor

Manually, after installing rust:

cargo install --locked --path .

More details

There are a few different ways you can interact with these shared caches.

  1. Depending on what you're doing inspecting them in Hopper is the easiest option
  2. For a bit more functionality you can build the dyld_shared_cache_util target from the latest dyld source dump, but this requires some modifications

The problem with the 2 options above is that they can lag behind format changes in the shared cache. This tool loads the private dsc_extractor.bundle from Xcode, meaning it should always be able to extract the shared cache files even from beta OS versions (potentially using a beta Xcode version).

This logic is based on the function at the bottom of dyld3/shared-cache/dsc_extractor.cpp from the dyld source dump.

You might also like...
Shared k-mer content between two genomes

skc skc is a simple tool for finding shared k-mer content between two genomes. Installation Prebuilt binary curl -sSL skc.mbh.sh | sh # or with wget w

Michael Hall 16 Jun 26, 2023
A safe and idiomatic wrapper over shared memory APIs in rust with proper cleanups.

shmem-bind A safe and idiomatic wrapper over shared memory APIs in rust with proper cleanups. Quick start: check the message-passing example for bette

ArshiA Akhavan 3 Apr 6, 2024
Find and clean heavy build or cache directories.
Find and clean heavy build or cache directories.

ProjClean Find and clean heavy build or cache directories. ProjClean finds directories such as node_modules(node), target(rust), build(java) and their

null 42 Sep 25, 2022
Download pdbs from symbol servers and cache locally, parse symbol paths from env vars

symsrv This crate lets you download and cache pdb files from symbol servers, according to the rules from the _NT_SYMBOL_PATH environment variable. It

Markus Stange 6 Sep 15, 2022
Run if inputs have changed, otherwise use cache
Run if inputs have changed, otherwise use cache

Boost Why Boost? Our planet is burning, and everywhere I look I see CI pipelines repeating work that has already been done. Tools such as TurboRepo, N

Stuart Harris 6 Jul 28, 2022
Fast turbo remote cache server written in Rust

Fast turbo remote cache server written in Rust. if you are using turbo and you want to have a self hosted remote cache server this is for you.

Salama Ashoush 10 May 24, 2023
An expressive Rust library for interacting with a cache.

Amnesia An expressive Rust library for interacting with a Cache. Features Driver-Based Architecture: Easily switch between different caching strategie

Miguel Piedrafita 25 Dec 28, 2023
Single File Assets is a file storage format for images

SFA (Rust) Single File Assets is a file storage format for images. The packed images are not guaranteed to be of same format because the format while

null 1 Jan 23, 2022
A command-line tool aiming to upload the local image used in your markdown file to the GitHub repo and replace the local file path with the returned URL.
A command-line tool aiming to upload the local image used in your markdown file to the GitHub repo and replace the local file path with the returned URL.

Pup A command line tool aiming to upload the local image used in your markdown file to the GitHub repo and replace the local file path with the return

SteveLau 11 Aug 17, 2022
Comments
  • macOS Ventura VM shared cache location

    macOS Ventura VM shared cache location

    I'm not sure if this is a permanent change or just a VM detail, but I noticed in my macOS Ventura VM that the shared cache location is actually:

    /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/...

    There is also:

    /System/Volumes/Preboot/Cryptexes/OS/System/DriverKit/System/Library/dyld/

    Which seems to have a smaller subset of libraries potentially used at boot?

    Just filing this in case others are looking for this info

    opened by keith 5
  • Update paths for Ventura

    Update paths for Ventura

    This just puts the Ventura paths front and center and adds a note about the old paths below.

    Fixes https://github.com/keith/dyld-shared-cache-extractor/issues/4

    opened by keith 0
  • Invalid cache magic in file at dyld_shared_cache_arm64

    Invalid cache magic in file at dyld_shared_cache_arm64

    I got this log when run dyld-shared-cache-extractor /Users/andaji/Mine/XiaoMaGe/iOSFramesMachO/dyld_shared_cache_arm64 /Users/andaji/Mine/XiaoMaGe/iOSFramesMachO/aaa

    My Mac version is 12.3.1 with Apple M1 chip and my XCode version is 13.4.1. The dyld_shared_cache_arm64 is load from a iPhone 7 and it iOS version is 12.0.1

    opened by jiwenyi163 1
  • How to get actual objc headers from the dump this tool produces?

    How to get actual objc headers from the dump this tool produces?

    This may be a noob question but I'm lost on how to parse the dump into a human-readable format, specifically into objc header files. As the README suggested, I ran dyld-shared-cache-extractor /System/Library/dyld/dyld_shared_cache_arm64e /tmp/libraries and it works great - gives me an output for all the frameworks I was expecting.

    However when opening the file inside the framework, it appears to be encrypted or obfuscated in some way - the actual headers aren't readable. Is there some method I can use to read them? TIA!

    image

    opened by tneotia 1
Releases(0.2.0)
Owner
Keith Smiley
iOS @Lyft
Keith Smiley
GitHub
Shared Rust libraries for Hyperledger Indy.

indy-shared-rs Shared Rust libraries for Hyperledger Indy. indy-credx: Indy verifiable credential issuance and presentation (aka Anoncreds) indy-data-

Hyperledger 18 Dec 29, 2022
fclicache - File-based Simple CLI Cache

fclicache is a command-line utility that caches the output of resource-intensive commands, enabling faster retrieval of results when the same commands are executed repeatedly within a specified Time-to-Live (TTL) period.

mr-csce 3 Feb 10, 2024
Sets of libraries and tools to write applications and libraries mixing OCaml and Rust

Sets of libraries and tools to write applications and libraries mixing OCaml and Rust. These libraries will help keeping your types and data structures synchronized, and enable seamless exchange between OCaml and Rust

Meta 36 Jan 28, 2023
Valq - macros for querying and extracting value from structured data by JavaScript-like syntax

valq   valq provides a macro for querying and extracting value from structured data in very concise manner, like the JavaScript syntax. Look & Feel: u

Takumi Fujiwara 24 Dec 21, 2022
Code-shape is a tool for extracting definitions from source code files

Code-shape Code-shape is a tool that uses Tree-sitter to extract a shape of code definitions from a source code file. The tool uses the same language

Andrew Hlynskyi 3 Apr 21, 2023
Estratto is a powerful and user-friendly Rust library designed for extracting rich audio features from digital audio signals.

estratto 〜 An Audio Feature Extraction Library estratto is a powerful and user-friendly Rust library designed for extracting rich audio features from

Amber J Blue 5 Aug 25, 2023
A simple tool for extracting files from iOS backup archive.

iBackupExtractor A simple tool for extracting files from iOS backup archive. iOS backup files are not stored with their original directory layouts. Re

Cyandev 132 Oct 10, 2023
This repo contains crates that are used to create the micro services and keep shared code in a common place.

MyEmma Helper Crates This repo contains crates that can are reused over different services. These crate are used in projects at MyEmma. But these crat

MyEmma 1 Jan 14, 2022
A simple made in Rust crack, automatic for Winrar, activated from shared virtual memory, for studies.

Simple Winrar Crack in Rust What does it do ? A simple project that allows you to modify the license check used by WinRaR, "RegKey" from virtual memor

João Vitor 7 Jan 2, 2023
Shared execution environment for constructing 3D virtual spaces from the inside.

Hearth Hearth is a shared, always-on execution environment for constructing 3D virtual spaces from the inside. Come join our Discord server! The Histo

null 6 Jan 31, 2023