-
-
Notifications
You must be signed in to change notification settings - Fork 14
/
_jtool2
154 lines (141 loc) · 7.33 KB
/
_jtool2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#compdef jtool2
# -----------------------------------------------------------------------------
# Copyright (c) 2018-2020, Jonathan Levin (@Morpheus______ / http://newosxbook.com)
# All rights reserved.
# -----------------------------------------------------------------------------
#
# jtool2
# http://newosxbook.com/tools/jtool2.tgz
#
# version: 2.1-The Resurgence compiled on Dec 21 2020 21:09:02
#
# -----------------------------------------------------------------------------
#
# $ jtool2 --help | col -x | sed -E 's/(0;0m|0;35m|0;36m|1;1m0;4m|1;1m7;7m)//g'
#
# -----------------------------------------------------------------------------
#
# OTool Compatible Options:
# -h Dump Mach-O (or DYLD Shared Cache) header
# -l List sections/commands in binary
# -L print shared libraries used
#
# JTool (classic) Options:
# -S List Symbols (like NM)
# -v[v] Toggle verbosity (vv = very verbose)
# -e extract fat slice, Mach-O segment/section, dyld shared cache dylib or (NEW) kernelcache kext
# -q Quick operation - do not process any symbols in the Mach-O
# -F find all occurrences of _string_ in binary
# -a Find offset/segment corresponding to virtual address _addr_
# -o Find address corresponding to offset _offset_
# -d Dump (smart dump, will disassemble text and dump data by autodetecting)
#
# Code Signing Options:
# --sig Show code signature in binary (if any)
# --stripsig Remove existing code signature (useful for MacOS unrestricting)
# --ent Show entitlements in binary (if any)
# -+ent=...[,...] Inject entitlements into binary (implies resigning inplace)
# -+platformize Platformize binary (injects platform-application, also implies resigning inplace)
#
# Joker Compatible Options (applicable on kernel caches only):
# -k List kexts
# -K Kextract™ a kernel extension by its bundle ID
# -dec Decompress a kernelcache to /tmp/kernel (no longer necessary since JTool can now operate on compressed caches)
#
# dyldinfo Compatible Options:
# --bind print addresses dyld will set based on symbolic lookups
# --lazy_bind print addresses dyld will lazily set on first use
# --opcodes print opcodes used to generate the rebase and binding information
# --function_starts print table of function start addresses
#
# Newer (JTool 2) Options:
# --analyze Analyze file and create a companion file
# --symbolicate Symbolicate an .ips panic file
# --machoize [text=0x...-0x...] [strings=0x....-0x...] [data=0x....-0x....] _filename_
# --tbd Create a .tbd file (for *OS private frameworks only - you'll need the dyld shared cache for this)
# --objc Like old -d objc and/or classdumpZ - Mike, this is for you :-)
# -D Decompile 7;7m(totally experimental - would love your feedback if you're reading this)
# -G Gadget search (specify gadgets as comma delimited mnemonics)
# -W Write [address] [value] - [value] is a string or 0x....
#
# Environment Variables:
# ARCH Select architecture slice. Set to arm64, arm64e, arm64_32, armv7, armv7k, x86_64 or (not for long) i386
# JCOLOR ANSI Colors. Note you'll need 'less -R' if piping output
# JTOOLDIR path to search for companion jtool files (default: $PWD).
# Use this to force create a file, if one does not exist
# NOPSUP Suppress NOPs in disassembly
# JENTS Default entitlements (comma separated) for --sign
# JHASH Choice of Hash algorithm for signing (SHA1,SHA256 (default), SHA256T, SHA384)
# JSHUDDUP Suppress stderr (risky, but useful)
# JDEBUG Enhanced debug output. May be very verbose
# JDEBUGCS Debug output specifically for code signing operations. Useful to watch these step-by-step
# WITHSIGBLOB Code signing: Also create an empty CMS blob (no longer a default due to CoreTrust)
#
# ARCH=x86_64 JSHUDDUP=1 JDEBUG=1 JDEBUGCS=1
# -----------------------------------------------------------------------------
function _jtool2() {
local context curcontext=$curcontext state line ret=1
declare -A opt_args
local -a otool_compatible_options
otool_compatible_options=(
'-h:Dump Mach-O \(or DYLD Shared Cache\) header'
'-l:List sections/commands in binary'
'-L:print shared libraries used'
)
local -a jtool_classic_options
jtool_classic_options=(
'-S:List Symbols \(like NM\)'
'-v:Toggle verbosity'
'-vv:Toggle very verbose'
'-e:extract fat slice, Mach-O segment/section, dyld shared cache dylib or (NEW) kernelcache kext'
'-q:Quick operation - do not process any symbols in the Mach-O'
'-F:find all occurrences of _string_ in binary'
'-a:Find offset/segment corresponding to virtual address _addr_'
'-o:Find address corresponding to offset _offset_'
'-d:Dump \(smart dump, will disassemble text and dump data by autodetecting\)'
)
local -a code_signing_options
code_signing_options=(
'--sig:Show code signature in binary \(if any\)'
'--stripsig:Remove existing code signature \(useful for MacOS unrestricting\)'
'--ent:Show entitlements in binary \(if any\)'
'--platformize:Platformize binary \(injects platform-application, also implies resigning inplace\)'
)
local -a joker_compatible_options
joker_compatible_options=(
'-k:List kexts'
'-K:Kextract™ a kernel extension by its bundle ID'
'-dec:Decompress a kernelcache to /tmp/kernel \(no longer necessary since JTool can now operate on compressed caches\)'
)
local -a dyldinfo_compatible_options
dyldinfo_compatible_options=(
'--bind:print addresses dyld will set based on symbolic lookups'
'--lazy_bind:print addresses dyld will lazily set on first use'
'--opcodes:print opcodes used to generate the rebase and binding information'
'--function_starts:print table of function start addresses'
)
local -a newer_jtool2_options
newer_jtool2_options=(
'--analyze:Analyze file and create a companion file'
'--symbolicate:Symbolicate an .ips panic file'
'--machoize[\[text=0x...-0x...\] \[strings=0x....-0x...\] \[data=0x....-0x....\] _filename_'
"--tbd:Create a .tbd file \(for *OS private frameworks only - you'll need the dyld shared cache for this\)"
'--objc:Like old -d objc and/or classdumpZ - Mike, this is for you :-)'
"-D:Decompile:totally experimental \- would love your feedback if you're reading this"
'-G:Gadget search \(specify gadgets as comma delimited mnemonics\)'
'-W:Write [address] [value] - [value] is a string or 0x....'
)
_describe -t otool_compatible_options 'OTool Compatible Options' otool_compatible_options
_describe -t jtool_classic_options 'JTool (classic) Options' jtool_classic_options
_describe -t code_signing_options 'Code Signing Options' code_signing_options
_describe -t joker_compatible_options 'Joker Compatible Options (applicable on kernel caches only)' joker_compatible_options
_describe -t dyldinfo_compatible_options 'dyldinfo Compatible Options' dyldinfo_compatible_options
_describe -t newer_jtool2_options 'Newer (JTool 2) Options' newer_jtool2_options
_arguments -C \
'--help[Show help]' \
'*:_filename_:_files' \
&& ret=0
return ret
}
_jtool2 "$*"
# vim:ft=zsh:et:sts=2:sw=2