The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Kernelcache

From The iPhone Wiki
Revision as of 00:08, 9 April 2013 by Morpheus (talk | contribs)
Jump to: navigation, search

The kernelcache is basically the kernel itself as well as all of its extensions (AppleImage3NORAccess, IOAESAccelerator, IOPKEAccelerator, etc.) into one file, then packed/encrypted in an IMG3 (iOS 2.0 and above) or 8900 (iOS 1.0 through 1.1.4) container.

The joker tool, from http://newosxbook.com/ can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1.3 kernelcache (iPod 4,1) is as follows: 

Kext: MAC Framework Pseudoextension @0x8039600(com.apple.kpi.dsep)
Kext: Private Pseudoextension @0x8039700(com.apple.kpi.private)
Kext: I/O Kit Pseudoextension @0x8039c00(com.apple.kpi.iokit)
Kext: Libkern Pseudoextension @0x803b300(com.apple.kpi.libkern)
Kext: BSD Kernel Pseudoextension @0x803bb00(com.apple.kpi.bsd)
Kext: AppleFSCompressionTypeZlib @0x803c100(com.apple.AppleFSCompression.AppleFSCompressionTypeZlib)
Kext: Mach Kernel Pseudoextension @0x803c600(com.apple.kpi.mach)
Kext: Unsupported Pseudoextension @0x803c700(com.apple.kpi.unsupported)
Kext: I/O Kit USB Family @0x803c900(com.apple.iokit.IOUSBFamily)
Kext: I/O Kit Driver for USB User Clients @0x803f900(com.apple.iokit.IOUSBUserClient)
Kext: I/O Kit Storage Family @0x803fc00(com.apple.iokit.IOStorageFamily)
Kext: AppleDiskImageDriver @0x8041400(com.apple.driver.DiskImages)
Kext: AppleDiskImagesKernelBacked @0x8042000(com.apple.driver.DiskImages.KernelBacked)
Kext: FairPlayIOKit @0x8042c00(com.apple.driver.FairPlayIOKit)
Kext: LSKDIOKit @0x8048c00(com.apple.driver.LSKDIOKit)
Kext: AppleARMPlatform @0x804aa00(com.apple.driver.AppleARMPlatform)
Kext: AppleVXD375 @0x804e400(com.apple.driver.AppleVXD375)
Kext: IOSlaveProcessor @0x8050000(com.apple.driver.IOSlaveProcessor)
Kext: IOP_s5l8930x_firmware @0x8050500(com.apple.driver.IOP_s5l8930x_firmware)
Kext: AppleDiskImagesUDIFDiskImage @0x8053200(com.apple.driver.DiskImages.UDIFDiskImage)
Kext: IOStreamFamily @0x8053900(com.apple.iokit.IOStreamFamily)
Kext: IOAudio2Family @0x8053e00(com.apple.iokit.IOAudio2Family)
Kext: IOAVFamily @0x8054800(com.apple.iokit.IOAVFamily)
Kext: IODisplayPortFamily @0x8057d00(com.apple.iokit.IODisplayPortFamily)
Kext: AppleSamsungDPTX @0x8059300(com.apple.driver.AppleSamsungDPTX)
Kext: IOUSBDeviceFamily @0x805b000(com.apple.iokit.IOUSBDeviceFamily)
Kext: AppleUSBDeviceMux @0x805bd00(com.apple.driver.AppleUSBDeviceMux)
Kext: PPP @0x805c500(com.apple.nke.ppp)
Kext: L2TP @0x805cf00(com.apple.nke.l2tp)
Kext: I/O Kit Networking Family @0x805d500(com.apple.iokit.IONetworkingFamily)
Kext: IO80211Family @0x805ef00(com.apple.iokit.IO80211Family)
Kext: IOKit Serial Port Family @0x8063e00(com.apple.iokit.IOSerialFamily)
Kext: AppleOnboardSerial @0x8064800(com.apple.driver.AppleOnboardSerial)
Kext: Broadcom 802.11 Driver @0x8065600(com.apple.driver.AppleBCMWLANCore)
Kext: AppleSamsungSPI @0x806c400(com.apple.driver.AppleSamsungSPI)
Kext: I/O Kit Driver for USB Composite Devices @0x806c800(com.apple.driver.AppleUSBComposite)
Kext: I/O Kit Driver for USB Devices @0x806cd00(com.apple.driver.AppleUSBMergeNub)
Kext: AppleEmbeddedUSBHost @0x806d200(com.apple.driver.AppleEmbeddedUSBHost)
Kext: AppleUSBEthernetHost @0x806d700(com.apple.driver.AppleUSBEthernetHost)
Kext: AppleARM7M @0x806dc00(com.apple.driver.AppleARM7M)
Kext: corecrypto @0x806e000(com.apple.kec.corecrypto)
Kext: IOTextEncryptionFamily @0x8070b00(com.apple.IOTextEncryptionFamily)
Kext: IOCryptoAcceleratorFamily @0x8071000(com.apple.iokit.IOCryptoAcceleratorFamily)
Kext: AppleMobileFileIntegrity @0x8071e00(com.apple.driver.AppleMobileFileIntegrity)
Kext: Regular Expression Matching Engine @0x8073500(com.apple.kext.AppleMatch)
Kext: Seatbelt sandbox policy @0x8073900(com.apple.security.sandbox)
Kext: AppleProfileFamily @0x8074400(com.apple.iokit.AppleProfileFamily)
Kext: AppleProfileTimestampAction @0x8076f00(com.apple.driver.AppleProfileTimestampAction)
Kext: AppleNANDConfigAccess @0x8077300(com.apple.driver.AppleNANDConfigAccess)
Kext: AppleDiagnosticDataAccessReadOnly @0x8077600(com.apple.driver.AppleDiagnosticDataAccessReadOnly)
Kext: IOMobileGraphicsFamily @0x8077900(com.apple.iokit.IOMobileGraphicsFamily)
Kext: IODARTFamily @0x8078800(com.apple.driver.IODARTFamily)
Kext: Apple M2 Scaler and Color Space Converter Driver @0x8079300(com.apple.driver.AppleM2ScalerCSCDriver)
Kext: IOAcceleratorFamily @0x807a700(com.apple.iokit.IOAcceleratorFamily)
Kext: EncryptedBlockStorage @0x807c400(com.apple.iokit.EncryptedBlockStorage)
Kext: IOFlashStorage @0x807cc00(com.apple.iokit.IOFlashStorage)
Kext: AppleNANDFTL @0x807e500(com.apple.driver.AppleNANDFTL)
Kext: ApplePPNFTL @0x807ee00(com.apple.driver.ApplePPNFTL)
Kext: AppleDiskImagesRAMBackingStore @0x8081b00(com.apple.driver.DiskImages.RAMBackingStore)
Kext: IOHIDFamily @0x8081e00(com.apple.iokit.IOHIDFamily)
Kext: I/O Kit Driver for USB HID Devices @0x8083e00(com.apple.iokit.IOUSBHIDDriver)
Kext: AppleS5L8920X @0x8084400(com.apple.driver.AppleS5L8920X)
Kext: AppleARMPL192VIC @0x8085100(com.apple.driver.AppleARMPL192VIC)
Kext: AppleBluetooth @0x8085400(com.apple.driver.AppleBluetooth)
Kext: I/O Kit Driver for USB EHCI Controllers @0x8085700(com.apple.driver.AppleUSBEHCI)
Kext: I/O Kit Driver for USB OHCI Controllers @0x8086d00(com.apple.driver.AppleUSBOHCI)
Kext: AppleEmbeddedUSB @0x8087900(com.apple.driver.AppleEmbeddedUSB)
Kext: Embedded I/O Kit Driver for USB OHCI Controllers @0x8088200(com.apple.driver.AppleUSBOHCIARM)
Kext: AppleNANDFirmware @0x8088700(com.apple.driver.AppleNANDFirmware)
Kext: AppleEmbeddedCompass @0x8088b00(com.apple.driver.AppleEmbeddedCompass)
Kext: AppleD1815PMU @0x8089300(com.apple.driver.AppleD1815PMU)
Kext: AppleProfileThreadInfoAction @0x808aa00(com.apple.driver.AppleProfileThreadInfoAction)
Kext: AppleEmbeddedGyro @0x808ae00(com.apple.driver.AppleEmbeddedGyro)
Kext: AppleSynopsysOTGDevice @0x808b700(com.apple.driver.AppleSynopsysOTGDevice)
Kext: AppleEmbeddedLightSensor @0x808c100(com.apple.driver.AppleEmbeddedLightSensor)
Kext: AppleSamsungSerial @0x808cd00(com.apple.driver.AppleSamsungSerial)
Kext: AppleUSBMike @0x808d100(com.apple.driver.AppleUSBMike)
Kext: AppleNANDLegacyFTL @0x808d500(com.apple.driver.AppleNANDLegacyFTL)
Kext: AppleSamsungMIPIDSI @0x8090300(com.apple.driver.AppleSamsungMIPIDSI)
Kext: I/O Kit HID Event Driver Safe Boot @0x8090800(com.apple.driver.AppleBSDKextStarter)
Kext: AppleHIDKeyboard @0x8090b00(com.apple.driver.AppleHIDKeyboard)
Kext: IOKit SDIO Family @0x8090e00(com.apple.iokit.IOSDIOFamily)
Kext: AppleIOPSDIO @0x8091e00(com.apple.driver.AppleIOPSDIO)
Kext: AppleLTC4099Charger @0x8092600(com.apple.driver.AppleLTC4099Charger)
Kext: I/O Kit Driver for USB HID Devices @0x8092a00(com.apple.driver.AppleCDMA)
Kext: AppleProfileReadCounterAction @0x8093100(com.apple.driver.AppleProfileReadCounterAction)
Kext: AppleSamsungSWI @0x8093500(com.apple.driver.AppleSamsungSWI)
Kext: IOUserEthernet @0x8093900(com.apple.iokit.IOUserEthernet)
Kext: AppleUSBHSIC @0x8094100(com.apple.driver.AppleUSBHSIC)
Kext: Embedded I/O Kit Driver for USB EHCI Controllers @0x8094900(com.apple.driver.AppleUSBEHCIARM)
Kext: AppleAMC_r2 @0x8095000(com.apple.driver.AppleAMC_r2)
Kext: EmbeddedIOP @0x809c900(com.apple.driver.EmbeddedIOP)
Kext: ApplePinotLCD @0x809d100(com.apple.driver.ApplePinotLCD)
Kext: IOSurface @0x809d400(com.apple.iokit.IOSurface)
Kext: AppleDisplayPipe @0x809e200(com.apple.driver.AppleDisplayPipe)
Kext: AppleCLCD @0x809f200(com.apple.driver.AppleCLCD)
Kext: AppleS5L8930XDART @0x80a0000(com.apple.driver.AppleS5L8930XDART)
Kext: I/O Kit Driver for USB Hubs @0x80a0500(com.apple.driver.AppleUSBHub)
Kext: AppleKernelStorage @0x80a0e00(com.apple.platform.AppleKernelStorage)
Kext: AppleM68Buttons @0x80a1100(com.apple.driver.AppleM68Buttons)
Kext: AppleUSBEthernetDevice @0x80a1500(com.apple.driver.AppleUSBEthernetDevice)
Kext: AppleUSBHIDKeyboard @0x80a1a00(com.apple.driver.AppleUSBHIDKeyboard)
Kext: BasebandSPI @0x80a1d00(com.apple.driver.BasebandSPI)
Kext: AppleEffaceableStorage @0x80a3700(com.apple.driver.AppleEffaceableStorage)
Kext: LightweightVolumeManager @0x80a4100(com.apple.driver.LightweightVolumeManager)
Kext: IMGSGX535 Graphics Kernel Extension @0x80a4b00(com.apple.IMGSGX535)
Kext: I/O Kit HID Event Driver @0x80a7800(com.apple.driver.AppleIOPFMI)
Kext: AppleTetheredDevice @0x80a8800(com.apple.driver.AppleTetheredDevice)
Kext: AppleProfileKEventAction @0x80a8b00(com.apple.driver.AppleProfileKEventAction)
Kext: AppleRGBOUT @0x80a8f00(com.apple.driver.AppleRGBOUT)
Kext: IOFlashNVRAM @0x80a9700(com.apple.driver.IOFlashNVRAM)
Kext: AppleS5L8930XUSB @0x80a9d00(com.apple.driver.AppleS5L8930XUSB)
Kext: AppleDPRepeater @0x80aa100(com.apple.driver.AppleDPRepeater)
Kext: AppleARMPL080DMAC @0x80ad000(com.apple.driver.AppleARMPL080DMAC)
Kext: AppleAC3Passthrough @0x80ad400(com.apple.driver.AppleAC3Passthrough)
Kext: AppleIntegratedProxALSSensor @0x80ada00(com.apple.driver.AppleIntegratedProxALSSensor)
Kext: AppleDiskImagesFileBackingStore @0x80ae400(com.apple.driver.DiskImages.FileBackingStore)
Kext: AppleUSBAudio @0x80ae800(com.apple.driver.AppleUSBAudio)
Kext: AppleTVOut @0x80b1800(com.apple.driver.AppleTVOut)
Kext: tlsnke @0x80b1c00(com.apple.nke.tls)
Kext: AppleS5L8930XUSBPhy @0x80b2200(com.apple.driver.AppleS5L8930XUSBPhy)
Kext: AppleProfileRegisterStateAction @0x80b2600(com.apple.driver.AppleProfileRegisterStateAction)
Kext: IOAccessoryManager @0x80b2a00(com.apple.iokit.IOAccessoryManager)
Kext: AppleS5L8930X @0x80b3e00(com.apple.driver.AppleS5L8930X)
Kext: AppleBSDKextStarterVPN @0x80b4800(com.apple.driver.DiskImages.ReadWriteDiskImage)
Kext: AppleARMIISAudio @0x80b4b00(com.apple.iokit.AppleARMIISAudio)
Kext: AppleEmbeddedProx @0x80b5200(com.apple.driver.AppleEmbeddedProx)
Kext: AppleMultitouchSPI @0x80b5a00(com.apple.driver.AppleMultitouchSPI)
Kext: H3 H264 Video Encoder @0x80b6e00(com.apple.driver.H2H264VideoEncoderDriver)
Kext: Broadcom WLAN SDIO Bus Driver @0x80b8f00(com.apple.driver.AppleBCMWLANBusInterfaceSDIO)
Kext: AppleUSBEthernet @0x80ba000(com.apple.driver.AppleUSBEthernet)
Kext: PPTP @0x80ba900(com.apple.nke.pptp)
Kext: AppleJPEGDriver @0x80bae00(com.apple.driver.AppleJPEGDriver)
Kext: AppleSamsungI2S @0x80bb800(com.apple.driver.AppleSamsungI2S)
Kext: AppleEmbeddedAccelerometer @0x80bbc00(com.apple.driver.AppleEmbeddedAccelerometer)
Kext: IOMikeyBusFamily @0x80bc200(com.apple.iokit.IOMikeyBusFamily)
Kext: AppleEmbeddedAudio @0x80bd400(com.apple.driver.AppleEmbeddedAudio)
Kext: AppleLM48557Amp @0x80bf500(com.apple.driver.AppleLM48557Amp)
Kext: AppleProfileCallstackAction @0x80bf800(com.apple.driver.AppleProfileCallstackAction)
Kext: AppleMultitouchSPIN1F55 @0x80bfc00(com.apple.driver.AppleCD3282Mikey)
Kext: AppleMultitouchSPIZ2F13 @0x80c0000(com.apple.driver.AppleImage3NORAccess)
Kext: AppleH3CameraInterface @0x80c0800(com.apple.driver.AppleH3CameraInterface)
Kext: AppleSamsungPKE @0x80c2700(com.apple.driver.AppleSamsungPKE)
Kext: AppleKeyStore @0x80c2b00(com.apple.driver.AppleKeyStore)
Kext: AppleHIDKeyboardEmbedded @0x80c3800(com.apple.driver.AppleCS42L59Audio)
Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Kernelcache&oldid=31579"