Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BinExport is unable to export iOS 15.3.1 kernelcache due to GetOperandByteSize() detecting an invalid operand type #87

Closed
cutesmilee opened this issue Apr 10, 2022 · 6 comments
Closed

BinExport is unable to export iOS 15.3.1 kernelcache due to GetOperandByteSize() detecting an invalid operand type #87

cutesmilee opened this issue Apr 10, 2022 · 6 comments

Comments

@cutesmilee
Copy link

If I try to BinExport the iOS 15.3.1 kernelcache from the iPhone 13 ipsw (here you can find the kernelcache and the IDA database), use the BinDiff plugin or use the standalone BinDiff software (which will use BinExport to first export the database) at some point I get this error: Error exporting: security::binexport::GetOperandByteSize: Invalid operand type (10) at address FFFFFFF00922BC30

I tried to look at the code and seems like it's used to get the size of the operand used, this is the instruction at FFFFFFF00922BC30:
PRFM #0x16, loc_FFFFFFF009183B5C

This error stops BinExport and makes it impossible to diff iOS kernelcaches (it also happens with iOS 15.4 kernelcache from iPhone 13 too, so I think it happens with almost every new kernelcache).
@cutesmilee
Copy link
Author

I'm closing this issue since it looks like it's due to new IDA Database format which isn't supported by binexport yet.

@cblichmann cblichmann reopened this May 23, 2022
@cblichmann
Copy link
Member

I do think we should keep this issue. Which version of IDA are you on?

@cutesmilee
Copy link
Author

I do think we should keep this issue. Which version of IDA are you on?

this issue happens on IDA Pro 7.6, while IDA Pro 7.5 has no problem.

@cblichmann
Copy link
Member

This is fixed in the current version of the code. If you do not want/can't rebuild the BinExport binaries yourself, I have added them as a "prerelease" here: https://github.com/google/binexport/releases/tag/v12-20220522-optypes.
Note: The binaries are signed Universal2 Binaries, but they are not notarized.

On my mac, using IDA 7.7:

writing...
Writing to: "/Users/cblichmann/Desktop/kcache/kcache_15.3.1/kcache_15.3.BinExport".
C:\Users\cutesmilee\Documents\kcache_15.3.1: 2m 28.71s processing, 14.42s writing
C:\Users\cutesmilee\Documents\kcache_15.3.1: exported 119632 functions with 8012147 instructions in 2m 43.21s

@cutesmilee
Copy link
Author

This is fixed in the current version of the code. If you do not want/can't rebuild the BinExport binaries yourself, I have added them as a "prerelease" here: https://github.com/google/binexport/releases/tag/v12-20220522-optypes. Note: The binaries are signed Universal2 Binaries, but they are not notarized.

On my mac, using IDA 7.7:

writing...
Writing to: "/Users/cblichmann/Desktop/kcache/kcache_15.3.1/kcache_15.3.BinExport".
C:\Users\cutesmilee\Documents\kcache_15.3.1: 2m 28.71s processing, 14.42s writing
C:\Users\cutesmilee\Documents\kcache_15.3.1: exported 119632 functions with 8012147 instructions in 2m 43.21s

will definitely check it out, thanks!

@cblichmann
Copy link
Member

For good measure, this is my .BinExport file: https://drive.google.com/file/d/1Vx3lpPtfh8iWK8yK46Q5FZQiRcdpIRAT/view?usp=sharing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cblichmann @cutesmilee