The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "Kernelcache"

From The iPhone Wiki
Jump to: navigation, search
(dump of kernel cache)
(new kernelcache format)
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
The kernelcache is basically the [[kernel]] itself as well as all of its extensions (AppleImage3NORAccess, IOAESAccelerator, IOPKEAccelerator, etc.) into one file, then packed/encrypted in an [[IMG3 File Format|IMG3]] (iOS 2.0 and above) or [[S5L File Formats#8900|8900]] (iOS 1.0 through 1.1.4) container.
 +
The kernelcache is basically the [[kernel]] itself as well as all of its extensions (AppleImage3NORAccess, IOAESAccelerator, IOPKEAccelerator, etc.) into one file, then packed/encrypted in an [[IMG3 File Format|IMG3]] (iPhone OS 2.0 and above) or [[S5L File Formats#8900|8900]] (iPhone OS 1.0 through 1.1.4) container.
   
 
[[Category:Filesystem]]
  
[[Category:Filesystem]]
   
The joker tool, from http://newosxbook.com/ can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1.3b2 kernelcache (iPod 4,1) is as follows:
 +
The joker tool, from http://newosxbook.com/ can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1.3 kernelcache ([[N90AP|iPhone 4 (iPhone3,1)]]) using this tool, showing 153 kexts, is as follows:
   
 
<pre>
  
<pre>
  +
KextCache begins at : 0x80396000 (File Offset: 3493888)
Kext: MAC Framework Pseudoextension @0x8039600(com.apple.kpi.dsep)
  
Kext: Private Pseudoextension @0x8039700(com.apple.kpi.private)
 +
Kext: Libkern Pseudoextension @0x80396000 (File: 0xffffffff) (com.apple.kpi.libkern)
Kext: I/O Kit Pseudoextension @0x8039c00(com.apple.kpi.iokit)
 +
Kext: Mach Kernel Pseudoextension @0x8039e000 (File: 0x35d000) (com.apple.kpi.mach)
Kext: Libkern Pseudoextension @0x803b300(com.apple.kpi.libkern)
 +
Kext: Unsupported Pseudoextension @0x8039f000 (File: 0x35e000) (com.apple.kpi.unsupported)
Kext: BSD Kernel Pseudoextension @0x803bb00(com.apple.kpi.bsd)
 +
Kext: I/O Kit Pseudoextension @0x803a1000 (File: 0x360000) (com.apple.kpi.iokit)
  +
Kext: Private Pseudoextension @0x803b8000 (File: 0x377000) (com.apple.kpi.private)
Kext: AppleFSCompressionTypeZlib @0x803c100(com.apple.AppleFSCompression.AppleFSCompressionTypeZlib)
  
Kext: I/O Kit Storage Family @0x803fc00(com.apple.iokit.IOStorageFamily)
 +
Kext: IOCryptoAcceleratorFamily @0x80402000 (File: 0x3c1000) (com.apple.iokit.IOCryptoAcceleratorFamily)
Kext: AppleDiskImageDriver @0x8041400(com.apple.driver.DiskImages)
 +
Kext: AppleMobileFileIntegrity @0x80410000 (File: 0x3cf000) (com.apple.driver.AppleMobileFileIntegrity)
  +
Kext: IOHIDFamily @0x80427000 (File: 0x3e6000) (com.apple.iokit.IOHIDFamily)
Kext: AppleDiskImagesKernelBacked @0x8042000(com.apple.driver.DiskImages.KernelBacked)
  
  +
Kext: I/O Kit Driver for USB User Clients @0x80483000 (File: 0x442000) (com.apple.iokit.IOUSBUserClient)
Kext: AppleARMPlatform @0x804aa00(com.apple.driver.AppleARMPlatform)
  
Kext: AppleVXD375 @0x804e400(com.apple.driver.AppleVXD375)
 +
Kext: I/O Kit Driver for USB EHCI Controllers @0x80486000 (File: 0x445000) (com.apple.driver.AppleUSBEHCI)
Kext: IOSlaveProcessor @0x8050000(com.apple.driver.IOSlaveProcessor)
 +
Kext: I/O Kit Driver for USB OHCI Controllers @0x8049c000 (File: 0x45b000) (com.apple.driver.AppleUSBOHCI)
Kext: IOP_s5l8930x_firmware @0x8050500(com.apple.driver.IOP_s5l8930x_firmware)
 +
Kext: AppleD1815PMU @0x804a8000 (File: 0x467000) (com.apple.driver.AppleD1815PMU)
Kext: AppleDiskImagesUDIFDiskImage @0x8053200(com.apple.driver.DiskImages.UDIFDiskImage)
 +
Kext: AppleARMPL080DMAC @0x804bf000 (File: 0x47e000) (com.apple.driver.AppleARMPL080DMAC)
Kext: IOStreamFamily @0x8053900(com.apple.iokit.IOStreamFamily)
 +
Kext: AppleMultitouchSPI @0x804c3000 (File: 0x482000) (com.apple.driver.AppleMultitouchSPI)
Kext: IOAudio2Family @0x8053e00(com.apple.iokit.IOAudio2Family)
 +
Kext: AppleKernelStorage @0x804d7000 (File: 0x496000) (com.apple.platform.AppleKernelStorage)
Kext: IOAVFamily @0x8054800(com.apple.iokit.IOAVFamily)
 +
Kext: I/O Kit Storage Family @0x804da000 (File: 0x499000) (com.apple.iokit.IOStorageFamily)
Kext: IODisplayPortFamily @0x8057d00(com.apple.iokit.IODisplayPortFamily)
 +
Kext: AppleDiskImageDriver @0x804f2000 (File: 0x4b1000) (com.apple.driver.DiskImages)
Kext: AppleSamsungDPTX @0x8059300(com.apple.driver.AppleSamsungDPTX)
 +
Kext: AppleDiskImagesKernelBacked @0x804fe000 (File: 0x4bd000) (com.apple.driver.DiskImages.KernelBacked)
  +
Kext: AppleDiskImagesRAMBackingStore @0x8050a000 (File: 0x4c9000) (com.apple.driver.DiskImages.RAMBackingStore)
Kext: IOUSBDeviceFamily @0x805b000(com.apple.iokit.IOUSBDeviceFamily)
  
  +
Kext: AppleHIDKeyboardEmbedded @0x80559000 (File: 0x518000) (com.apple.iokit.IOStreamFamily)
Kext: I/O Kit Driver for USB Composite Devices @0x806c800(com.apple.driver.AppleUSBComposite)
  
Kext: I/O Kit Driver for USB Devices @0x806cd00(com.apple.driver.AppleUSBMergeNub)
 +
Kext: IOAudio2Family @0x8055e000 (File: 0x51d000) (com.apple.iokit.IOAudio2Family)
Kext: AppleEmbeddedUSBHost @0x806d200(com.apple.driver.AppleEmbeddedUSBHost)
 +
Kext: IOAVFamily @0x80568000 (File: 0x527000) (com.apple.iokit.IOAVFamily)
Kext: AppleUSBEthernetHost @0x806d700(com.apple.driver.AppleUSBEthernetHost)
 +
Kext: IODisplayPortFamily @0x8059d000 (File: 0x55c000) (com.apple.iokit.IODisplayPortFamily)
Kext: AppleARM7M @0x806dc00(com.apple.driver.AppleARM7M)
 +
Kext: AppleSamsungDPTX @0x805b3000 (File: 0x572000) (com.apple.driver.AppleSamsungDPTX)
Kext: corecrypto @0x806e000(com.apple.kec.corecrypto)
 +
Kext: IODARTFamily @0x805d0000 (File: 0x58f000) (com.apple.driver.IODARTFamily)
  +
Kext: Apple M2 Scaler and Color Space Converter Driver @0x805db000 (File: 0x59a000) (com.apple.driver.AppleM2ScalerCSCDriver)
Kext: IOTextEncryptionFamily @0x8070b00(com.apple.IOTextEncryptionFamily)
  
  +
Kext: IOSlaveProcessor @0x805ef000 (File: 0x5ae000) (com.apple.driver.IOSlaveProcessor)
Kext: IOCryptoAcceleratorFamily @0x8071000(com.apple.iokit.IOCryptoAcceleratorFamily)
  
  +
Kext: LightweightVolumeManager @0x80602000 (File: 0x5c1000) (com.apple.driver.LightweightVolumeManager)
Kext: Seatbelt sandbox policy @0x8073900(com.apple.security.sandbox)
  
Kext: AppleDiagnosticDataAccessReadOnly @0x8077600(com.apple.driver.AppleDiagnosticDataAccessReadOnly)
 +
Kext: HighlandParkAudioDevice @0x8062b000 (File: 0x5ea000) (com.apple.driver.HighlandParkAudioDevice)
Kext: IOMobileGraphicsFamily @0x8077900(com.apple.iokit.IOMobileGraphicsFamily)
 +
Kext: AppleBasebandAudio @0x8065e000 (File: 0x61d000) (com.apple.driver.AppleBasebandAudio)
Kext: IODARTFamily @0x8078800(com.apple.driver.IODARTFamily)
 +
Kext: IOUSBDeviceFamily @0x80661000 (File: 0x620000) (com.apple.iokit.IOUSBDeviceFamily)
Kext: Apple M2 Scaler and Color Space Converter Driver @0x8079300(com.apple.driver.AppleM2ScalerCSCDriver)
 +
Kext: I/O Kit Networking Family @0x8066e000 (File: 0x62d000) (com.apple.iokit.IONetworkingFamily)
Kext: IOAcceleratorFamily @0x807a700(com.apple.iokit.IOAcceleratorFamily)
 +
Kext: AppleUSBEthernetDevice @0x80688000 (File: 0x647000) (com.apple.driver.AppleUSBEthernetDevice)
Kext: EncryptedBlockStorage @0x807c400(com.apple.iokit.EncryptedBlockStorage)
 +
Kext: AppleTCA6408GPIOIC @0x8068d000 (File: 0x64c000) (com.apple.driver.AppleTCA6408GPIOIC)
Kext: IOFlashStorage @0x807cc00(com.apple.iokit.IOFlashStorage)
 +
Kext: AppleNANDConfigAccess @0x80691000 (File: 0x650000) (com.apple.driver.AppleNANDConfigAccess)
Kext: AppleNANDFTL @0x807e500(com.apple.driver.AppleNANDFTL)
 +
Kext: AppleCDMA @0x80694000 (File: 0x653000) (com.apple.driver.AppleCDMA)
Kext: ApplePPNFTL @0x807ee00(com.apple.driver.ApplePPNFTL)
 +
Kext: AppleNANDFTL @0x8069b000 (File: 0x65a000) (com.apple.driver.AppleNANDFTL)
  +
Kext: IOAccessoryManager @0x806a4000 (File: 0x663000) (com.apple.iokit.IOAccessoryManager)
Kext: AppleDiskImagesRAMBackingStore @0x8081b00(com.apple.driver.DiskImages.RAMBackingStore)
  
  +
Kext: IOMobileGraphicsFamily @0x80704000 (File: 0x6c3000) (com.apple.iokit.IOMobileGraphicsFamily)
Kext: I/O Kit Driver for USB EHCI Controllers @0x8085700(com.apple.driver.AppleUSBEHCI)
  
Kext: AppleEmbeddedCompass @0x8088b00(com.apple.driver.AppleEmbeddedCompass)
 +
Kext: AppleEmbeddedGPS @0x80744000 (File: 0x703000) (com.apple.driver.AppleEmbeddedGPS)
Kext: AppleD1815PMU @0x8089300(com.apple.driver.AppleD1815PMU)
 +
Kext: AppleS5L8920X @0x8074a000 (File: 0x709000) (com.apple.driver.AppleS5L8920X)
  +
Kext: PPP @0x80757000 (File: 0x716000) (com.apple.nke.ppp)
Kext: AppleProfileThreadInfoAction @0x808aa00(com.apple.driver.AppleProfileThreadInfoAction)
  
Kext: AppleEmbeddedLightSensor @0x808c100(com.apple.driver.AppleEmbeddedLightSensor)
 +
Kext: AppleSynopsysOTGDevice @0x8076d000 (File: 0x72c000) (com.apple.driver.AppleSynopsysOTGDevice)
Kext: AppleSamsungSerial @0x808cd00(com.apple.driver.AppleSamsungSerial)
 +
Kext: FairPlayIOKit @0x80777000 (File: 0x736000) (com.apple.driver.FairPlayIOKit)
Kext: AppleUSBMike @0x808d100(com.apple.driver.AppleUSBMike)
 +
Kext: LSKDIOKit @0x807d7000 (File: 0x796000) (com.apple.driver.LSKDIOKit)
Kext: AppleNANDLegacyFTL @0x808d500(com.apple.driver.AppleNANDLegacyFTL)
 +
Kext: AppleAMC_r2 @0x807f5000 (File: 0x7b4000) (com.apple.driver.AppleAMC_r2)
Kext: AppleSamsungMIPIDSI @0x8090300(com.apple.driver.AppleSamsungMIPIDSI)
 +
Kext: AppleProfileFamily @0x8086e000 (File: 0x82d000) (com.apple.iokit.AppleProfileFamily)
Kext: I/O Kit HID Event Driver Safe Boot @0x8090800(com.apple.driver.AppleBSDKextStarter)
 +
Kext: AppleProfileTimestampAction @0x80899000 (File: 0x858000) (com.apple.driver.AppleProfileTimestampAction)
Kext: AppleHIDKeyboard @0x8090b00(com.apple.driver.AppleHIDKeyboard)
 +
Kext: AppleAC3Passthrough @0x8089d000 (File: 0x85c000) (com.apple.driver.AppleAC3Passthrough)
Kext: IOKit SDIO Family @0x8090e00(com.apple.iokit.IOSDIOFamily)
 +
Kext: IOTextEncryptionFamily @0x808a3000 (File: 0x862000) (com.apple.IOTextEncryptionFamily)
Kext: AppleIOPSDIO @0x8091e00(com.apple.driver.AppleIOPSDIO)
 +
Kext: corecrypto @0x808a8000 (File: 0x867000) (com.apple.kec.corecrypto)
Kext: AppleLTC4099Charger @0x8092600(com.apple.driver.AppleLTC4099Charger)
 +
Kext: AppleUSBMike @0x808d3000 (File: 0x892000) (com.apple.driver.AppleUSBMike)
Kext: I/O Kit Driver for USB HID Devices @0x8092a00(com.apple.driver.AppleCDMA)
 +
Kext: AppleProfileRegisterStateAction @0x808d7000 (File: 0x896000) (com.apple.driver.AppleProfileRegisterStateAction)
Kext: AppleProfileReadCounterAction @0x8093100(com.apple.driver.AppleProfileReadCounterAction)
 +
Kext: AppleDiskImagesFileBackingStore @0x808db000 (File: 0x89a000) (com.apple.driver.DiskImages.FileBackingStore)
Kext: AppleSamsungSWI @0x8093500(com.apple.driver.AppleSamsungSWI)
 +
Kext: AppleEmbeddedProx @0x808df000 (File: 0x89e000) (com.apple.driver.AppleEmbeddedProx)
  +
Kext: AppleProfileReadCounterAction @0x808e7000 (File: 0x8a6000) (com.apple.driver.AppleProfileReadCounterAction)
Kext: IOUserEthernet @0x8093900(com.apple.iokit.IOUserEthernet)
  
Kext: AppleUSBHIDKeyboard @0x80a1a00(com.apple.driver.AppleUSBHIDKeyboard)
 +
Kext: AppleBSDKextStarter @0x80a19000 (File: 0x9d8000) (com.apple.driver.AppleBSDKextStarter)
Kext: BasebandSPI @0x80a1d00(com.apple.driver.BasebandSPI)
 +
Kext: AppleSamsungMIPIDSI @0x80a1c000 (File: 0x9db000) (com.apple.driver.AppleSamsungMIPIDSI)
  +
Kext: Regular Expression Matching Engine @0x80a21000 (File: 0x9e0000) (com.apple.kext.AppleMatch)
Kext: AppleEffaceableStorage @0x80a3700(com.apple.driver.AppleEffaceableStorage)
  
Kext: I/O Kit HID Event Driver @0x80a7800(com.apple.driver.AppleIOPFMI)
 +
Kext: AppleEmbeddedAudio @0x80a3b000 (File: 0x9fa000) (com.apple.driver.AppleEmbeddedAudio)
Kext: AppleTetheredDevice @0x80a8800(com.apple.driver.AppleTetheredDevice)
 +
Kext: AppleCS42L61Audio @0x80a5c000 (File: 0xa1b000) (com.apple.driver.AppleCS42L61Audio)
Kext: AppleProfileKEventAction @0x80a8b00(com.apple.driver.AppleProfileKEventAction)
 +
Kext: IOP_s5l8930x_firmware @0x80a61000 (File: 0xa20000) (com.apple.driver.IOP_s5l8930x_firmware)
Kext: AppleRGBOUT @0x80a8f00(com.apple.driver.AppleRGBOUT)
 +
Kext: AppleBasebandN90 @0x80a8e000 (File: 0xa4d000) (com.apple.driver.AppleBasebandN90)
Kext: IOFlashNVRAM @0x80a9700(com.apple.driver.IOFlashNVRAM)
 +
Kext: AppleMultitouchSPIN1F55 @0x80a97000 (File: 0xa56000) (com.apple.driver.AppleBluetooth)
Kext: AppleS5L8930XUSB @0x80a9d00(com.apple.driver.AppleS5L8930XUSB)
 +
Kext: AppleIntegratedProxALSSensor @0x80a9a000 (File: 0xa59000) (com.apple.driver.AppleIntegratedProxALSSensor)
Kext: AppleDPRepeater @0x80aa100(com.apple.driver.AppleDPRepeater)
 +
Kext: AppleCDCSerialDevice @0x80aa4000 (File: 0xa63000) (com.apple.driver.AppleCDCSerialDevice)
Kext: AppleARMPL080DMAC @0x80ad000(com.apple.driver.AppleARMPL080DMAC)
 +
Kext: H3 H264 Video Encoder @0x80aac000 (File: 0xa6b000) (com.apple.driver.H2H264VideoEncoderDriver)
Kext: AppleAC3Passthrough @0x80ad400(com.apple.driver.AppleAC3Passthrough)
 +
Kext: AppleProfileKEventAction @0x80acd000 (File: 0xa8c000) (com.apple.driver.AppleProfileKEventAction)
Kext: AppleIntegratedProxALSSensor @0x80ada00(com.apple.driver.AppleIntegratedProxALSSensor)
 +
Kext: AppleS5L8930XUSBPhy @0x80ad1000 (File: 0xa90000) (com.apple.driver.AppleS5L8930XUSBPhy)
  +
Kext: IOKit SDIO Family @0x80ad5000 (File: 0xa94000) (com.apple.iokit.IOSDIOFamily)
Kext: AppleDiskImagesFileBackingStore @0x80ae400(com.apple.driver.DiskImages.FileBackingStore)
  
  +
Kext: AppleDiskImagesReadWriteDiskImage @0x80b40000 (File: 0xaff000) (com.apple.driver.DiskImages.ReadWriteDiskImage)
Kext: AppleARMIISAudio @0x80b4b00(com.apple.iokit.AppleARMIISAudio)
  
  +
Kext: AppleFSCompressionTypeZlib @0x80b43000 (File: 0xb02000) (com.apple.AppleFSCompression.AppleFSCompressionTypeZlib)
Kext: AppleEmbeddedProx @0x80b5200(com.apple.driver.AppleEmbeddedProx)
  
Kext: Broadcom WLAN SDIO Bus Driver @0x80b8f00(com.apple.driver.AppleBCMWLANBusInterfaceSDIO)
 +
Kext: I/O Kit Driver for USB HID Devices @0x80b59000 (File: 0xb18000) (com.apple.driver.AppleS5L8930X)
Kext: AppleUSBEthernet @0x80ba000(com.apple.driver.AppleUSBEthernet)
 +
Kext: AppleSamsungI2S @0x80b63000 (File: 0xb22000) (com.apple.driver.AppleSamsungI2S)
Kext: PPTP @0x80ba900(com.apple.nke.pptp)
 +
Kext: AppleM68Buttons @0x80b67000 (File: 0xb26000) (com.apple.driver.AppleM68Buttons)
Kext: AppleJPEGDriver @0x80bae00(com.apple.driver.AppleJPEGDriver)
 +
Kext: AppleVXD375 @0x80b6b000 (File: 0xb2a000) (com.apple.driver.AppleVXD375)
Kext: AppleSamsungI2S @0x80bb800(com.apple.driver.AppleSamsungI2S)
 +
Kext: AppleUSBDeviceMux @0x80b87000 (File: 0xb46000) (com.apple.driver.AppleUSBDeviceMux)
  +
Kext: PPTP @0x80b8f000 (File: 0xb4e000) (com.apple.nke.pptp)
Kext: AppleEmbeddedAccelerometer @0x80bbc00(com.apple.driver.AppleEmbeddedAccelerometer)
  
  +
Kext: IMGSGX535 Graphics Kernel Extension @0x80bb7000 (File: 0xb76000) (com.apple.IMGSGX535)
Kext: AppleLM48557Amp @0x80bf500(com.apple.driver.AppleLM48557Amp)
  
Kext: Mach Kernel Pseudoextension @0x803c600(com.apple.kpi.mach)
 +
Kext: BSD Kernel Pseudoextension @0x803bd000 (File: 0x37c000) (com.apple.kpi.bsd)
Kext: Unsupported Pseudoextension @0x803c700(com.apple.kpi.unsupported)
 +
Kext: AppleARMPlatform @0x803c3000 (File: 0x382000) (com.apple.driver.AppleARMPlatform)
Kext: I/O Kit USB Family @0x803c900(com.apple.iokit.IOUSBFamily)
 +
Kext: AppleSamsungSPI @0x803fd000 (File: 0x3bc000) (com.apple.driver.AppleSamsungSPI)
Kext: I/O Kit Driver for USB User Clients @0x803f900(com.apple.iokit.IOUSBUserClient)
 +
Kext: MAC Framework Pseudoextension @0x80401000 (File: 0x3c0000) (com.apple.kpi.dsep)
Kext: FairPlayIOKit @0x8042c00(com.apple.driver.FairPlayIOKit)
 +
Kext: AppleEmbeddedLightSensor @0x80447000 (File: 0x406000) (com.apple.driver.AppleEmbeddedLightSensor)
Kext: LSKDIOKit @0x8048c00(com.apple.driver.LSKDIOKit)
 +
Kext: I/O Kit USB Family @0x80453000 (File: 0x412000) (com.apple.iokit.IOUSBFamily)
Kext: AppleUSBDeviceMux @0x805bd00(com.apple.driver.AppleUSBDeviceMux)
 +
Kext: AppleJPEGDriver @0x8050d000 (File: 0x4cc000) (com.apple.driver.AppleJPEGDriver)
Kext: PPP @0x805c500(com.apple.nke.ppp)
 +
Kext: EncryptedBlockStorage @0x80517000 (File: 0x4d6000) (com.apple.iokit.EncryptedBlockStorage)
Kext: L2TP @0x805cf00(com.apple.nke.l2tp)
 +
Kext: IOFlashStorage @0x8051f000 (File: 0x4de000) (com.apple.iokit.IOFlashStorage)
Kext: I/O Kit Networking Family @0x805d500(com.apple.iokit.IONetworkingFamily)
 +
Kext: AppleTVOut @0x80538000 (File: 0x4f7000) (com.apple.driver.AppleTVOut)
Kext: IO80211Family @0x805ef00(com.apple.iokit.IO80211Family)
 +
Kext: AppleEmbeddedUSB @0x8053c000 (File: 0x4fb000) (com.apple.driver.AppleEmbeddedUSB)
Kext: IOKit Serial Port Family @0x8063e00(com.apple.iokit.IOSerialFamily)
 +
Kext: I/O Kit Driver for USB Composite Devices @0x80545000 (File: 0x504000) (com.apple.driver.AppleUSBComposite)
Kext: AppleOnboardSerial @0x8064800(com.apple.driver.AppleOnboardSerial)
 +
Kext: I/O Kit Driver for USB Devices @0x8054a000 (File: 0x509000) (com.apple.driver.AppleUSBMergeNub)
Kext: Broadcom 802.11 Driver @0x8065600(com.apple.driver.AppleBCMWLANCore)
 +
Kext: AppleEmbeddedUSBHost @0x8054f000 (File: 0x50e000) (com.apple.driver.AppleEmbeddedUSBHost)
Kext: AppleSamsungSPI @0x806c400(com.apple.driver.AppleSamsungSPI)
 +
Kext: Embedded I/O Kit Driver for USB OHCI Controllers @0x80554000 (File: 0x513000) (com.apple.driver.AppleUSBOHCIARM)
Kext: AppleMobileFileIntegrity @0x8071e00(com.apple.driver.AppleMobileFileIntegrity)
 +
Kext: AppleARM7M @0x805f4000 (File: 0x5b3000) (com.apple.driver.AppleARM7M)
Kext: Regular Expression Matching Engine @0x8073500(com.apple.kext.AppleMatch)
 +
Kext: AppleEffaceableStorage @0x805f8000 (File: 0x5b7000) (com.apple.driver.AppleEffaceableStorage)
Kext: AppleProfileFamily @0x8074400(com.apple.iokit.AppleProfileFamily)
 +
Kext: IOKit Serial Port Family @0x8060c000 (File: 0x5cb000) (com.apple.iokit.IOSerialFamily)
Kext: AppleProfileTimestampAction @0x8076f00(com.apple.driver.AppleProfileTimestampAction)
 +
Kext: AppleOnboardSerial @0x80616000 (File: 0x5d5000) (com.apple.driver.AppleOnboardSerial)
Kext: AppleNANDConfigAccess @0x8077300(com.apple.driver.AppleNANDConfigAccess)
 +
Kext: AppleARMIISAudio @0x80624000 (File: 0x5e3000) (com.apple.iokit.AppleARMIISAudio)
Kext: IOHIDFamily @0x8081e00(com.apple.iokit.IOHIDFamily)
 +
Kext: IOUserEthernet @0x806b8000 (File: 0x677000) (com.apple.iokit.IOUserEthernet)
Kext: I/O Kit Driver for USB HID Devices @0x8083e00(com.apple.iokit.IOUSBHIDDriver)
 +
Kext: AppleUSBAudio @0x806c0000 (File: 0x67f000) (com.apple.driver.AppleUSBAudio)
Kext: AppleS5L8920X @0x8084400(com.apple.driver.AppleS5L8920X)
 +
Kext: AppleDiskImagesUDIFDiskImage @0x806f0000 (File: 0x6af000) (com.apple.driver.DiskImages.UDIFDiskImage)
Kext: AppleARMPL192VIC @0x8085100(com.apple.driver.AppleARMPL192VIC)
 +
Kext: AppleS5L8930XUSB @0x806f7000 (File: 0x6b6000) (com.apple.driver.AppleS5L8930XUSB)
Kext: AppleBluetooth @0x8085400(com.apple.driver.AppleBluetooth)
 +
Kext: AppleEmbeddedGyro @0x806fb000 (File: 0x6ba000) (com.apple.driver.AppleEmbeddedGyro)
Kext: I/O Kit Driver for USB OHCI Controllers @0x8086d00(com.apple.driver.AppleUSBOHCI)
 +
Kext: IOSurface @0x80713000 (File: 0x6d2000) (com.apple.iokit.IOSurface)
Kext: AppleEmbeddedUSB @0x8087900(com.apple.driver.AppleEmbeddedUSB)
 +
Kext: AppleDisplayPipe @0x80721000 (File: 0x6e0000) (com.apple.driver.AppleDisplayPipe)
Kext: Embedded I/O Kit Driver for USB OHCI Controllers @0x8088200(com.apple.driver.AppleUSBOHCIARM)
 +
Kext: AppleCLCD @0x80731000 (File: 0x6f0000) (com.apple.driver.AppleCLCD)
Kext: AppleNANDFirmware @0x8088700(com.apple.driver.AppleNANDFirmware)
 +
Kext: AppleS5L8930XDART @0x8073f000 (File: 0x6fe000) (com.apple.driver.AppleS5L8930XDART)
Kext: AppleEmbeddedGyro @0x808ae00(com.apple.driver.AppleEmbeddedGyro)
 +
Kext: L2TP @0x80761000 (File: 0x720000) (com.apple.nke.l2tp)
Kext: AppleSynopsysOTGDevice @0x808b700(com.apple.driver.AppleSynopsysOTGDevice)
 +
Kext: AppleEmbeddedAccelerometer @0x80767000 (File: 0x726000) (com.apple.driver.AppleEmbeddedAccelerometer)
Kext: AppleUSBHSIC @0x8094100(com.apple.driver.AppleUSBHSIC)
 +
Kext: BasebandSPI @0x808eb000 (File: 0x8aa000) (com.apple.driver.BasebandSPI)
Kext: Embedded I/O Kit Driver for USB EHCI Controllers @0x8094900(com.apple.driver.AppleUSBEHCIARM)
 +
Kext: AppleSerialMultiplexer @0x80905000 (File: 0x8c4000) (com.apple.driver.AppleSerialMultiplexer)
Kext: AppleAMC_r2 @0x8095000(com.apple.driver.AppleAMC_r2)
 +
Kext: AppleNANDFirmware @0x80924000 (File: 0x8e3000) (com.apple.driver.AppleNANDFirmware)
Kext: EmbeddedIOP @0x809c900(com.apple.driver.EmbeddedIOP)
 +
Kext: AppleImage3NORAccess @0x80928000 (File: 0x8e7000) (com.apple.driver.AppleImage3NORAccess)
Kext: ApplePinotLCD @0x809d100(com.apple.driver.ApplePinotLCD)
 +
Kext: AppleSamsungSWI @0x80930000 (File: 0x8ef000) (com.apple.driver.AppleSamsungSWI)
Kext: IOSurface @0x809d400(com.apple.iokit.IOSurface)
 +
Kext: AppleARMPL192VIC @0x80934000 (File: 0x8f3000) (com.apple.driver.AppleARMPL192VIC)
Kext: AppleDisplayPipe @0x809e200(com.apple.driver.AppleDisplayPipe)
 +
Kext: AppleIOPFMI @0x80937000 (File: 0x8f6000) (com.apple.driver.AppleIOPFMI)
Kext: AppleCLCD @0x809f200(com.apple.driver.AppleCLCD)
 +
Kext: IO80211Family @0x80947000 (File: 0x906000) (com.apple.iokit.IO80211Family)
Kext: AppleS5L8930XDART @0x80a0000(com.apple.driver.AppleS5L8930XDART)
 +
Kext: Broadcom 802.11 Driver @0x80996000 (File: 0x955000) (com.apple.driver.AppleBCMWLANCore)
Kext: I/O Kit Driver for USB Hubs @0x80a0500(com.apple.driver.AppleUSBHub)
 +
Kext: IOFlashNVRAM @0x80a04000 (File: 0x9c3000) (com.apple.driver.IOFlashNVRAM)
Kext: AppleKernelStorage @0x80a0e00(com.apple.platform.AppleKernelStorage)
 +
Kext: AppleSamsungSerial @0x80a0a000 (File: 0x9c9000) (com.apple.driver.AppleSamsungSerial)
Kext: AppleM68Buttons @0x80a1100(com.apple.driver.AppleM68Buttons)
 +
Kext: AppleBasebandUSB @0x80a0e000 (File: 0x9cd000) (com.apple.driver.AppleBasebandUSB)
Kext: AppleUSBEthernetDevice @0x80a1500(com.apple.driver.AppleUSBEthernetDevice)
 +
Kext: AppleRGBOUT @0x80a11000 (File: 0x9d0000) (com.apple.driver.AppleRGBOUT)
Kext: LightweightVolumeManager @0x80a4100(com.apple.driver.LightweightVolumeManager)
 +
Kext: AppleLTC4099Charger @0x80a25000 (File: 0x9e4000) (com.apple.driver.AppleLTC4099Charger)
Kext: IMGSGX535 Graphics Kernel Extension @0x80a4b00(com.apple.IMGSGX535)
 +
Kext: IOMikeyBusFamily @0x80a29000 (File: 0x9e8000) (com.apple.iokit.IOMikeyBusFamily)
Kext: AppleUSBAudio @0x80ae800(com.apple.driver.AppleUSBAudio)
 +
Kext: AppleSamsungPKE @0x80ae5000 (File: 0xaa4000) (com.apple.driver.AppleSamsungPKE)
Kext: AppleTVOut @0x80b1800(com.apple.driver.AppleTVOut)
 +
Kext: AppleIOPSDIO @0x80ae9000 (File: 0xaa8000) (com.apple.driver.AppleIOPSDIO)
Kext: tlsnke @0x80b1c00(com.apple.nke.tls)
 +
Kext: Seatbelt sandbox policy @0x80af1000 (File: 0xab0000) (com.apple.security.sandbox)
Kext: AppleS5L8930XUSBPhy @0x80b2200(com.apple.driver.AppleS5L8930XUSBPhy)
 +
Kext: AppleHIDKeyboard @0x80afc000 (File: 0xabb000) (com.apple.driver.AppleHIDKeyboard)
Kext: AppleProfileRegisterStateAction @0x80b2600(com.apple.driver.AppleProfileRegisterStateAction)
 +
Kext: AppleKeyStore @0x80aff000 (File: 0xabe000) (com.apple.driver.AppleKeyStore)
Kext: IOAccessoryManager @0x80b2a00(com.apple.iokit.IOAccessoryManager)
 +
Kext: AppleHDQGasGaugeControl @0x80b0c000 (File: 0xacb000) (com.apple.driver.AppleHDQGasGaugeControl)
Kext: AppleS5L8930X @0x80b3e00(com.apple.driver.AppleS5L8930X)
 +
Kext: Broadcom WLAN SDIO Bus Driver @0x80b10000 (File: 0xacf000) (com.apple.driver.AppleBCMWLANBusInterfaceSDIO)
Kext: AppleBSDKextStarterVPN @0x80b4800(com.apple.driver.DiskImages.ReadWriteDiskImage)
 +
Kext: I/O Kit HID Event Driver @0x80b21000 (File: 0xae0000) (com.apple.driver.AppleH3CameraInterface)
Kext: AppleMultitouchSPI @0x80b5a00(com.apple.driver.AppleMultitouchSPI)
 +
Kext: AppleUSBEthernet @0x80b48000 (File: 0xb07000) (com.apple.driver.AppleUSBEthernet)
Kext: H3 H264 Video Encoder @0x80b6e00(com.apple.driver.H2H264VideoEncoderDriver)
 +
Kext: EmbeddedIOP @0x80b51000 (File: 0xb10000) (com.apple.driver.EmbeddedIOP)
Kext: IOMikeyBusFamily @0x80bc200(com.apple.iokit.IOMikeyBusFamily)
 +
Kext: I/O Kit Driver for USB HID Devices @0x80b94000 (File: 0xb53000) (com.apple.iokit.IOUSBHIDDriver)
Kext: AppleEmbeddedAudio @0x80bd400(com.apple.driver.AppleEmbeddedAudio)
 +
Kext: AppleMultitouchSPIZ2F13 @0x80b9a000 (File: 0xb59000) (com.apple.iokit.IOAcceleratorFamily)
Kext: AppleProfileCallstackAction @0x80bf800(com.apple.driver.AppleProfileCallstackAction)
 +
Kext: ApplePinotLCD @0x80be4000 (File: 0xba3000) (com.apple.driver.ApplePinotLCD)
Kext: AppleMultitouchSPIN1F55 @0x80bfc00(com.apple.driver.AppleCD3282Mikey)
 +
Kext: I/O Kit Driver for USB Hubs @0x80be7000 (File: 0xba6000) (com.apple.driver.AppleUSBHub)
Kext: AppleMultitouchSPIZ2F13 @0x80c0000(com.apple.driver.AppleImage3NORAccess)
 +
Kext: AppleEmbeddedCompass @0x80bf0000 (File: 0xbaf000) (com.apple.driver.AppleEmbeddedCompass)
Kext: AppleH3CameraInterface @0x80c0800(com.apple.driver.AppleH3CameraInterface)
 +
Kext: AppleProfileThreadInfoAction @0x80bf8000 (File: 0xbb7000) (com.apple.driver.AppleProfileThreadInfoAction)
Kext: AppleSamsungPKE @0x80c2700(com.apple.driver.AppleSamsungPKE)
 +
Kext: AppleBasebandCDC @0x80bfc000 (File: 0xbbb000) (com.apple.driver.AppleBasebandCDC)
Kext: AppleKeyStore @0x80c2b00(com.apple.driver.AppleKeyStore)
 +
Kext: AppleUSBEthernetHost @0x80c02000 (File: 0xbc1000) (com.apple.driver.AppleUSBEthernetHost)
Kext: AppleHIDKeyboardEmbedded @0x80c3800(com.apple.driver.AppleCS42L59Audio)
 +
Kext: AppleDPRepeater @0x80c07000 (File: 0xbc6000) (com.apple.driver.AppleDPRepeater)
  +
Kext: I/O Kit HID Event Driver Safe Boot @0x80c36000 (File: 0xbf5000) (com.apple.driver.AppleCD3282Mikey)
  +
Kext: tlsnke @0x80c3a000 (File: 0xbf9000) (com.apple.nke.tls)
  +
Kext: AppleUSBHIDKeyboard @0x80c40000 (File: 0xbff000) (com.apple.driver.AppleUSBHIDKeyboard)
  +
Kext: AppleProfileCallstackAction @0x80c43000 (File: 0xc02000) (com.apple.driver.AppleProfileCallstackAction)
  +
Kext: AppleDiagnosticDataAccessReadOnly @0x80c47000 (File: 0xc06000) (com.apple.driver.AppleDiagnosticDataAccessReadOnly)
  +
Kext: AppleNANDLegacyFTL @0x80c4a000 (File: 0xc09000) (com.apple.driver.AppleNANDLegacyFTL)
  +
Kext: AppleTetheredDevice @0x80c78000 (File: 0xc37000) (com.apple.driver.AppleTetheredDevice)
  +
Kext: AppleUSBHSIC @0x80c7b000 (File: 0xc3a000) (com.apple.driver.AppleUSBHSIC)
  +
Kext: Embedded I/O Kit Driver for USB EHCI Controllers @0x80c83000 (File: 0xc42000) (com.apple.driver.AppleUSBEHCIARM)
   
 
</pre>
  
</pre>
  +
  +
As of the iPhone11 (iPhone XS/R) and iOS 12, Apple has moved to a new kernelcache format. This is recognizable by an LC_SOURCE_VERSION which is much Lower than that of XNU's (1469 for iOS12, 17xx for iOS13), likely an artifact of misconfiguration on Apple's side, since it matches the source version of the kernelcache builder.
  +
  +
The new kernelcaches are monolithic and tightly linked, in that KEXT code is interspersed with the kernel's own. They are also fully stripped of all symbols. The joker tool's most useful feature, Kextraction (extracting kexts from the kernelcache) can therefore no longer be used (and, in fact, there is no straightforward way to extract kexts anymore from these caches). Joker has been superseded by jtool2's --analyze option, which can effectively symbolicate 1000s (3,000-8,000, depending on iOS version) of symbols.

Revision as of 18:25, 6 June 2019

The kernelcache is basically the kernel itself as well as all of its extensions (AppleImage3NORAccess, IOAESAccelerator, IOPKEAccelerator, etc.) into one file, then packed/encrypted in an IMG3 (iPhone OS 2.0 and above) or 8900 (iPhone OS 1.0 through 1.1.4) container.

The joker tool, from http://newosxbook.com/ can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1.3 kernelcache (iPhone 4 (iPhone3,1)) using this tool, showing 153 kexts, is as follows: 

KextCache begins at : 0x80396000 (File Offset: 3493888)
Kext: Libkern Pseudoextension @0x80396000 (File: 0xffffffff) (com.apple.kpi.libkern)
Kext: Mach Kernel Pseudoextension @0x8039e000 (File: 0x35d000) (com.apple.kpi.mach)
Kext: Unsupported Pseudoextension @0x8039f000 (File: 0x35e000) (com.apple.kpi.unsupported)
Kext: I/O Kit Pseudoextension @0x803a1000 (File: 0x360000) (com.apple.kpi.iokit)
Kext: Private Pseudoextension @0x803b8000 (File: 0x377000) (com.apple.kpi.private)
Kext: BSD Kernel Pseudoextension @0x803bd000 (File: 0x37c000) (com.apple.kpi.bsd)
Kext: AppleARMPlatform @0x803c3000 (File: 0x382000) (com.apple.driver.AppleARMPlatform)
Kext: AppleSamsungSPI @0x803fd000 (File: 0x3bc000) (com.apple.driver.AppleSamsungSPI)
Kext: MAC Framework Pseudoextension @0x80401000 (File: 0x3c0000) (com.apple.kpi.dsep)
Kext: IOCryptoAcceleratorFamily @0x80402000 (File: 0x3c1000) (com.apple.iokit.IOCryptoAcceleratorFamily)
Kext: AppleMobileFileIntegrity @0x80410000 (File: 0x3cf000) (com.apple.driver.AppleMobileFileIntegrity)
Kext: IOHIDFamily @0x80427000 (File: 0x3e6000) (com.apple.iokit.IOHIDFamily)
Kext: AppleEmbeddedLightSensor @0x80447000 (File: 0x406000) (com.apple.driver.AppleEmbeddedLightSensor)
Kext: I/O Kit USB Family @0x80453000 (File: 0x412000) (com.apple.iokit.IOUSBFamily)
Kext: I/O Kit Driver for USB User Clients @0x80483000 (File: 0x442000) (com.apple.iokit.IOUSBUserClient)
Kext: I/O Kit Driver for USB EHCI Controllers @0x80486000 (File: 0x445000) (com.apple.driver.AppleUSBEHCI)
Kext: I/O Kit Driver for USB OHCI Controllers @0x8049c000 (File: 0x45b000) (com.apple.driver.AppleUSBOHCI)
Kext: AppleD1815PMU @0x804a8000 (File: 0x467000) (com.apple.driver.AppleD1815PMU)
Kext: AppleARMPL080DMAC @0x804bf000 (File: 0x47e000) (com.apple.driver.AppleARMPL080DMAC)
Kext: AppleMultitouchSPI @0x804c3000 (File: 0x482000) (com.apple.driver.AppleMultitouchSPI)
Kext: AppleKernelStorage @0x804d7000 (File: 0x496000) (com.apple.platform.AppleKernelStorage)
Kext: I/O Kit Storage Family @0x804da000 (File: 0x499000) (com.apple.iokit.IOStorageFamily)
Kext: AppleDiskImageDriver @0x804f2000 (File: 0x4b1000) (com.apple.driver.DiskImages)
Kext: AppleDiskImagesKernelBacked @0x804fe000 (File: 0x4bd000) (com.apple.driver.DiskImages.KernelBacked)
Kext: AppleDiskImagesRAMBackingStore @0x8050a000 (File: 0x4c9000) (com.apple.driver.DiskImages.RAMBackingStore)
Kext: AppleJPEGDriver @0x8050d000 (File: 0x4cc000) (com.apple.driver.AppleJPEGDriver)
Kext: EncryptedBlockStorage @0x80517000 (File: 0x4d6000) (com.apple.iokit.EncryptedBlockStorage)
Kext: IOFlashStorage @0x8051f000 (File: 0x4de000) (com.apple.iokit.IOFlashStorage)
Kext: AppleTVOut @0x80538000 (File: 0x4f7000) (com.apple.driver.AppleTVOut)
Kext: AppleEmbeddedUSB @0x8053c000 (File: 0x4fb000) (com.apple.driver.AppleEmbeddedUSB)
Kext: I/O Kit Driver for USB Composite Devices @0x80545000 (File: 0x504000) (com.apple.driver.AppleUSBComposite)
Kext: I/O Kit Driver for USB Devices @0x8054a000 (File: 0x509000) (com.apple.driver.AppleUSBMergeNub)
Kext: AppleEmbeddedUSBHost @0x8054f000 (File: 0x50e000) (com.apple.driver.AppleEmbeddedUSBHost)
Kext: Embedded I/O Kit Driver for USB OHCI Controllers @0x80554000 (File: 0x513000) (com.apple.driver.AppleUSBOHCIARM)
Kext: AppleHIDKeyboardEmbedded @0x80559000 (File: 0x518000) (com.apple.iokit.IOStreamFamily)
Kext: IOAudio2Family @0x8055e000 (File: 0x51d000) (com.apple.iokit.IOAudio2Family)
Kext: IOAVFamily @0x80568000 (File: 0x527000) (com.apple.iokit.IOAVFamily)
Kext: IODisplayPortFamily @0x8059d000 (File: 0x55c000) (com.apple.iokit.IODisplayPortFamily)
Kext: AppleSamsungDPTX @0x805b3000 (File: 0x572000) (com.apple.driver.AppleSamsungDPTX)
Kext: IODARTFamily @0x805d0000 (File: 0x58f000) (com.apple.driver.IODARTFamily)
Kext: Apple M2 Scaler and Color Space Converter Driver @0x805db000 (File: 0x59a000) (com.apple.driver.AppleM2ScalerCSCDriver)
Kext: IOSlaveProcessor @0x805ef000 (File: 0x5ae000) (com.apple.driver.IOSlaveProcessor)
Kext: AppleARM7M @0x805f4000 (File: 0x5b3000) (com.apple.driver.AppleARM7M)
Kext: AppleEffaceableStorage @0x805f8000 (File: 0x5b7000) (com.apple.driver.AppleEffaceableStorage)
Kext: LightweightVolumeManager @0x80602000 (File: 0x5c1000) (com.apple.driver.LightweightVolumeManager)
Kext: IOKit Serial Port Family @0x8060c000 (File: 0x5cb000) (com.apple.iokit.IOSerialFamily)
Kext: AppleOnboardSerial @0x80616000 (File: 0x5d5000) (com.apple.driver.AppleOnboardSerial)
Kext: AppleARMIISAudio @0x80624000 (File: 0x5e3000) (com.apple.iokit.AppleARMIISAudio)
Kext: HighlandParkAudioDevice @0x8062b000 (File: 0x5ea000) (com.apple.driver.HighlandParkAudioDevice)
Kext: AppleBasebandAudio @0x8065e000 (File: 0x61d000) (com.apple.driver.AppleBasebandAudio)
Kext: IOUSBDeviceFamily @0x80661000 (File: 0x620000) (com.apple.iokit.IOUSBDeviceFamily)
Kext: I/O Kit Networking Family @0x8066e000 (File: 0x62d000) (com.apple.iokit.IONetworkingFamily)
Kext: AppleUSBEthernetDevice @0x80688000 (File: 0x647000) (com.apple.driver.AppleUSBEthernetDevice)
Kext: AppleTCA6408GPIOIC @0x8068d000 (File: 0x64c000) (com.apple.driver.AppleTCA6408GPIOIC)
Kext: AppleNANDConfigAccess @0x80691000 (File: 0x650000) (com.apple.driver.AppleNANDConfigAccess)
Kext: AppleCDMA @0x80694000 (File: 0x653000) (com.apple.driver.AppleCDMA)
Kext: AppleNANDFTL @0x8069b000 (File: 0x65a000) (com.apple.driver.AppleNANDFTL)
Kext: IOAccessoryManager @0x806a4000 (File: 0x663000) (com.apple.iokit.IOAccessoryManager)
Kext: IOUserEthernet @0x806b8000 (File: 0x677000) (com.apple.iokit.IOUserEthernet)
Kext: AppleUSBAudio @0x806c0000 (File: 0x67f000) (com.apple.driver.AppleUSBAudio)
Kext: AppleDiskImagesUDIFDiskImage @0x806f0000 (File: 0x6af000) (com.apple.driver.DiskImages.UDIFDiskImage)
Kext: AppleS5L8930XUSB @0x806f7000 (File: 0x6b6000) (com.apple.driver.AppleS5L8930XUSB)
Kext: AppleEmbeddedGyro @0x806fb000 (File: 0x6ba000) (com.apple.driver.AppleEmbeddedGyro)
Kext: IOMobileGraphicsFamily @0x80704000 (File: 0x6c3000) (com.apple.iokit.IOMobileGraphicsFamily)
Kext: IOSurface @0x80713000 (File: 0x6d2000) (com.apple.iokit.IOSurface)
Kext: AppleDisplayPipe @0x80721000 (File: 0x6e0000) (com.apple.driver.AppleDisplayPipe)
Kext: AppleCLCD @0x80731000 (File: 0x6f0000) (com.apple.driver.AppleCLCD)
Kext: AppleS5L8930XDART @0x8073f000 (File: 0x6fe000) (com.apple.driver.AppleS5L8930XDART)
Kext: AppleEmbeddedGPS @0x80744000 (File: 0x703000) (com.apple.driver.AppleEmbeddedGPS)
Kext: AppleS5L8920X @0x8074a000 (File: 0x709000) (com.apple.driver.AppleS5L8920X)
Kext: PPP @0x80757000 (File: 0x716000) (com.apple.nke.ppp)
Kext: L2TP @0x80761000 (File: 0x720000) (com.apple.nke.l2tp)
Kext: AppleEmbeddedAccelerometer @0x80767000 (File: 0x726000) (com.apple.driver.AppleEmbeddedAccelerometer)
Kext: AppleSynopsysOTGDevice @0x8076d000 (File: 0x72c000) (com.apple.driver.AppleSynopsysOTGDevice)
Kext: FairPlayIOKit @0x80777000 (File: 0x736000) (com.apple.driver.FairPlayIOKit)
Kext: LSKDIOKit @0x807d7000 (File: 0x796000) (com.apple.driver.LSKDIOKit)
Kext: AppleAMC_r2 @0x807f5000 (File: 0x7b4000) (com.apple.driver.AppleAMC_r2)
Kext: AppleProfileFamily @0x8086e000 (File: 0x82d000) (com.apple.iokit.AppleProfileFamily)
Kext: AppleProfileTimestampAction @0x80899000 (File: 0x858000) (com.apple.driver.AppleProfileTimestampAction)
Kext: AppleAC3Passthrough @0x8089d000 (File: 0x85c000) (com.apple.driver.AppleAC3Passthrough)
Kext: IOTextEncryptionFamily @0x808a3000 (File: 0x862000) (com.apple.IOTextEncryptionFamily)
Kext: corecrypto @0x808a8000 (File: 0x867000) (com.apple.kec.corecrypto)
Kext: AppleUSBMike @0x808d3000 (File: 0x892000) (com.apple.driver.AppleUSBMike)
Kext: AppleProfileRegisterStateAction @0x808d7000 (File: 0x896000) (com.apple.driver.AppleProfileRegisterStateAction)
Kext: AppleDiskImagesFileBackingStore @0x808db000 (File: 0x89a000) (com.apple.driver.DiskImages.FileBackingStore)
Kext: AppleEmbeddedProx @0x808df000 (File: 0x89e000) (com.apple.driver.AppleEmbeddedProx)
Kext: AppleProfileReadCounterAction @0x808e7000 (File: 0x8a6000) (com.apple.driver.AppleProfileReadCounterAction)
Kext: BasebandSPI @0x808eb000 (File: 0x8aa000) (com.apple.driver.BasebandSPI)
Kext: AppleSerialMultiplexer @0x80905000 (File: 0x8c4000) (com.apple.driver.AppleSerialMultiplexer)
Kext: AppleNANDFirmware @0x80924000 (File: 0x8e3000) (com.apple.driver.AppleNANDFirmware)
Kext: AppleImage3NORAccess @0x80928000 (File: 0x8e7000) (com.apple.driver.AppleImage3NORAccess)
Kext: AppleSamsungSWI @0x80930000 (File: 0x8ef000) (com.apple.driver.AppleSamsungSWI)
Kext: AppleARMPL192VIC @0x80934000 (File: 0x8f3000) (com.apple.driver.AppleARMPL192VIC)
Kext: AppleIOPFMI @0x80937000 (File: 0x8f6000) (com.apple.driver.AppleIOPFMI)
Kext: IO80211Family @0x80947000 (File: 0x906000) (com.apple.iokit.IO80211Family)
Kext: Broadcom 802.11 Driver @0x80996000 (File: 0x955000) (com.apple.driver.AppleBCMWLANCore)
Kext: IOFlashNVRAM @0x80a04000 (File: 0x9c3000) (com.apple.driver.IOFlashNVRAM)
Kext: AppleSamsungSerial @0x80a0a000 (File: 0x9c9000) (com.apple.driver.AppleSamsungSerial)
Kext: AppleBasebandUSB @0x80a0e000 (File: 0x9cd000) (com.apple.driver.AppleBasebandUSB)
Kext: AppleRGBOUT @0x80a11000 (File: 0x9d0000) (com.apple.driver.AppleRGBOUT)
Kext: AppleBSDKextStarter @0x80a19000 (File: 0x9d8000) (com.apple.driver.AppleBSDKextStarter)
Kext: AppleSamsungMIPIDSI @0x80a1c000 (File: 0x9db000) (com.apple.driver.AppleSamsungMIPIDSI)
Kext: Regular Expression Matching Engine @0x80a21000 (File: 0x9e0000) (com.apple.kext.AppleMatch)
Kext: AppleLTC4099Charger @0x80a25000 (File: 0x9e4000) (com.apple.driver.AppleLTC4099Charger)
Kext: IOMikeyBusFamily @0x80a29000 (File: 0x9e8000) (com.apple.iokit.IOMikeyBusFamily)
Kext: AppleEmbeddedAudio @0x80a3b000 (File: 0x9fa000) (com.apple.driver.AppleEmbeddedAudio)
Kext: AppleCS42L61Audio @0x80a5c000 (File: 0xa1b000) (com.apple.driver.AppleCS42L61Audio)
Kext: IOP_s5l8930x_firmware @0x80a61000 (File: 0xa20000) (com.apple.driver.IOP_s5l8930x_firmware)
Kext: AppleBasebandN90 @0x80a8e000 (File: 0xa4d000) (com.apple.driver.AppleBasebandN90)
Kext: AppleMultitouchSPIN1F55 @0x80a97000 (File: 0xa56000) (com.apple.driver.AppleBluetooth)
Kext: AppleIntegratedProxALSSensor @0x80a9a000 (File: 0xa59000) (com.apple.driver.AppleIntegratedProxALSSensor)
Kext: AppleCDCSerialDevice @0x80aa4000 (File: 0xa63000) (com.apple.driver.AppleCDCSerialDevice)
Kext: H3 H264 Video Encoder @0x80aac000 (File: 0xa6b000) (com.apple.driver.H2H264VideoEncoderDriver)
Kext: AppleProfileKEventAction @0x80acd000 (File: 0xa8c000) (com.apple.driver.AppleProfileKEventAction)
Kext: AppleS5L8930XUSBPhy @0x80ad1000 (File: 0xa90000) (com.apple.driver.AppleS5L8930XUSBPhy)
Kext: IOKit SDIO Family @0x80ad5000 (File: 0xa94000) (com.apple.iokit.IOSDIOFamily)
Kext: AppleSamsungPKE @0x80ae5000 (File: 0xaa4000) (com.apple.driver.AppleSamsungPKE)
Kext: AppleIOPSDIO @0x80ae9000 (File: 0xaa8000) (com.apple.driver.AppleIOPSDIO)
Kext: Seatbelt sandbox policy @0x80af1000 (File: 0xab0000) (com.apple.security.sandbox)
Kext: AppleHIDKeyboard @0x80afc000 (File: 0xabb000) (com.apple.driver.AppleHIDKeyboard)
Kext: AppleKeyStore @0x80aff000 (File: 0xabe000) (com.apple.driver.AppleKeyStore)
Kext: AppleHDQGasGaugeControl @0x80b0c000 (File: 0xacb000) (com.apple.driver.AppleHDQGasGaugeControl)
Kext: Broadcom WLAN SDIO Bus Driver @0x80b10000 (File: 0xacf000) (com.apple.driver.AppleBCMWLANBusInterfaceSDIO)
Kext: I/O Kit HID Event Driver @0x80b21000 (File: 0xae0000) (com.apple.driver.AppleH3CameraInterface)
Kext: AppleDiskImagesReadWriteDiskImage @0x80b40000 (File: 0xaff000) (com.apple.driver.DiskImages.ReadWriteDiskImage)
Kext: AppleFSCompressionTypeZlib @0x80b43000 (File: 0xb02000) (com.apple.AppleFSCompression.AppleFSCompressionTypeZlib)
Kext: AppleUSBEthernet @0x80b48000 (File: 0xb07000) (com.apple.driver.AppleUSBEthernet)
Kext: EmbeddedIOP @0x80b51000 (File: 0xb10000) (com.apple.driver.EmbeddedIOP)
Kext: I/O Kit Driver for USB HID Devices @0x80b59000 (File: 0xb18000) (com.apple.driver.AppleS5L8930X)
Kext: AppleSamsungI2S @0x80b63000 (File: 0xb22000) (com.apple.driver.AppleSamsungI2S)
Kext: AppleM68Buttons @0x80b67000 (File: 0xb26000) (com.apple.driver.AppleM68Buttons)
Kext: AppleVXD375 @0x80b6b000 (File: 0xb2a000) (com.apple.driver.AppleVXD375)
Kext: AppleUSBDeviceMux @0x80b87000 (File: 0xb46000) (com.apple.driver.AppleUSBDeviceMux)
Kext: PPTP @0x80b8f000 (File: 0xb4e000) (com.apple.nke.pptp)
Kext: I/O Kit Driver for USB HID Devices @0x80b94000 (File: 0xb53000) (com.apple.iokit.IOUSBHIDDriver)
Kext: AppleMultitouchSPIZ2F13 @0x80b9a000 (File: 0xb59000) (com.apple.iokit.IOAcceleratorFamily)
Kext: IMGSGX535 Graphics Kernel Extension @0x80bb7000 (File: 0xb76000) (com.apple.IMGSGX535)
Kext: ApplePinotLCD @0x80be4000 (File: 0xba3000) (com.apple.driver.ApplePinotLCD)
Kext: I/O Kit Driver for USB Hubs @0x80be7000 (File: 0xba6000) (com.apple.driver.AppleUSBHub)
Kext: AppleEmbeddedCompass @0x80bf0000 (File: 0xbaf000) (com.apple.driver.AppleEmbeddedCompass)
Kext: AppleProfileThreadInfoAction @0x80bf8000 (File: 0xbb7000) (com.apple.driver.AppleProfileThreadInfoAction)
Kext: AppleBasebandCDC @0x80bfc000 (File: 0xbbb000) (com.apple.driver.AppleBasebandCDC)
Kext: AppleUSBEthernetHost @0x80c02000 (File: 0xbc1000) (com.apple.driver.AppleUSBEthernetHost)
Kext: AppleDPRepeater @0x80c07000 (File: 0xbc6000) (com.apple.driver.AppleDPRepeater)
Kext: I/O Kit HID Event Driver Safe Boot @0x80c36000 (File: 0xbf5000) (com.apple.driver.AppleCD3282Mikey)
Kext: tlsnke @0x80c3a000 (File: 0xbf9000) (com.apple.nke.tls)
Kext: AppleUSBHIDKeyboard @0x80c40000 (File: 0xbff000) (com.apple.driver.AppleUSBHIDKeyboard)
Kext: AppleProfileCallstackAction @0x80c43000 (File: 0xc02000) (com.apple.driver.AppleProfileCallstackAction)
Kext: AppleDiagnosticDataAccessReadOnly @0x80c47000 (File: 0xc06000) (com.apple.driver.AppleDiagnosticDataAccessReadOnly)
Kext: AppleNANDLegacyFTL @0x80c4a000 (File: 0xc09000) (com.apple.driver.AppleNANDLegacyFTL)
Kext: AppleTetheredDevice @0x80c78000 (File: 0xc37000) (com.apple.driver.AppleTetheredDevice)
Kext: AppleUSBHSIC @0x80c7b000 (File: 0xc3a000) (com.apple.driver.AppleUSBHSIC)
Kext: Embedded I/O Kit Driver for USB EHCI Controllers @0x80c83000 (File: 0xc42000) (com.apple.driver.AppleUSBEHCIARM)

As of the iPhone11 (iPhone XS/R) and iOS 12, Apple has moved to a new kernelcache format. This is recognizable by an LC_SOURCE_VERSION which is much Lower than that of XNU's (1469 for iOS12, 17xx for iOS13), likely an artifact of misconfiguration on Apple's side, since it matches the source version of the kernelcache builder.

The new kernelcaches are monolithic and tightly linked, in that KEXT code is interspersed with the kernel's own. They are also fully stripped of all symbols. The joker tool's most useful feature, Kextraction (extracting kexts from the kernelcache) can therefore no longer be used (and, in fact, there is no straightforward way to extract kexts anymore from these caches). Joker has been superseded by jtool2's --analyze option, which can effectively symbolicate 1000s (3,000-8,000, depending on iOS version) of symbols.

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Kernelcache&oldid=74349"