From The iPhone Wiki
Jump to: navigation, search

The kernelcache is basically the kernel itself as well as all of its extensions (AppleImage3NORAccess, IOAESAccelerator, IOPKEAccelerator, etc.) into one file, then packed/encrypted in an IMG3 (iOS 2.0 and above) or 8900 (iOS 1.0 through 1.1.4) container.

The joker tool, from can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1.3 kernelcache (iPhone 4 (iPhone3,1)) using this tool, showing 153 kexts, is as follows:

KextCache begins at : 0x80396000 (File Offset: 3493888)
Kext: Libkern Pseudoextension @0x80396000 (File: 0xffffffff) (
Kext: Mach Kernel Pseudoextension @0x8039e000 (File: 0x35d000) (
Kext: Unsupported Pseudoextension @0x8039f000 (File: 0x35e000) (
Kext: I/O Kit Pseudoextension @0x803a1000 (File: 0x360000) (
Kext: Private Pseudoextension @0x803b8000 (File: 0x377000) (
Kext: BSD Kernel Pseudoextension @0x803bd000 (File: 0x37c000) (
Kext: AppleARMPlatform @0x803c3000 (File: 0x382000) (
Kext: AppleSamsungSPI @0x803fd000 (File: 0x3bc000) (
Kext: MAC Framework Pseudoextension @0x80401000 (File: 0x3c0000) (
Kext: IOCryptoAcceleratorFamily @0x80402000 (File: 0x3c1000) (
Kext: AppleMobileFileIntegrity @0x80410000 (File: 0x3cf000) (
Kext: IOHIDFamily @0x80427000 (File: 0x3e6000) (
Kext: AppleEmbeddedLightSensor @0x80447000 (File: 0x406000) (
Kext: I/O Kit USB Family @0x80453000 (File: 0x412000) (
Kext: I/O Kit Driver for USB User Clients @0x80483000 (File: 0x442000) (
Kext: I/O Kit Driver for USB EHCI Controllers @0x80486000 (File: 0x445000) (
Kext: I/O Kit Driver for USB OHCI Controllers @0x8049c000 (File: 0x45b000) (
Kext: AppleD1815PMU @0x804a8000 (File: 0x467000) (
Kext: AppleARMPL080DMAC @0x804bf000 (File: 0x47e000) (
Kext: AppleMultitouchSPI @0x804c3000 (File: 0x482000) (
Kext: AppleKernelStorage @0x804d7000 (File: 0x496000) (
Kext: I/O Kit Storage Family @0x804da000 (File: 0x499000) (
Kext: AppleDiskImageDriver @0x804f2000 (File: 0x4b1000) (
Kext: AppleDiskImagesKernelBacked @0x804fe000 (File: 0x4bd000) (
Kext: AppleDiskImagesRAMBackingStore @0x8050a000 (File: 0x4c9000) (
Kext: AppleJPEGDriver @0x8050d000 (File: 0x4cc000) (
Kext: EncryptedBlockStorage @0x80517000 (File: 0x4d6000) (
Kext: IOFlashStorage @0x8051f000 (File: 0x4de000) (
Kext: AppleTVOut @0x80538000 (File: 0x4f7000) (
Kext: AppleEmbeddedUSB @0x8053c000 (File: 0x4fb000) (
Kext: I/O Kit Driver for USB Composite Devices @0x80545000 (File: 0x504000) (
Kext: I/O Kit Driver for USB Devices @0x8054a000 (File: 0x509000) (
Kext: AppleEmbeddedUSBHost @0x8054f000 (File: 0x50e000) (
Kext: Embedded I/O Kit Driver for USB OHCI Controllers @0x80554000 (File: 0x513000) (
Kext: AppleHIDKeyboardEmbedded @0x80559000 (File: 0x518000) (
Kext: IOAudio2Family @0x8055e000 (File: 0x51d000) (
Kext: IOAVFamily @0x80568000 (File: 0x527000) (
Kext: IODisplayPortFamily @0x8059d000 (File: 0x55c000) (
Kext: AppleSamsungDPTX @0x805b3000 (File: 0x572000) (
Kext: IODARTFamily @0x805d0000 (File: 0x58f000) (
Kext: Apple M2 Scaler and Color Space Converter Driver @0x805db000 (File: 0x59a000) (
Kext: IOSlaveProcessor @0x805ef000 (File: 0x5ae000) (
Kext: AppleARM7M @0x805f4000 (File: 0x5b3000) (
Kext: AppleEffaceableStorage @0x805f8000 (File: 0x5b7000) (
Kext: LightweightVolumeManager @0x80602000 (File: 0x5c1000) (
Kext: IOKit Serial Port Family @0x8060c000 (File: 0x5cb000) (
Kext: AppleOnboardSerial @0x80616000 (File: 0x5d5000) (
Kext: AppleARMIISAudio @0x80624000 (File: 0x5e3000) (
Kext: HighlandParkAudioDevice @0x8062b000 (File: 0x5ea000) (
Kext: AppleBasebandAudio @0x8065e000 (File: 0x61d000) (
Kext: IOUSBDeviceFamily @0x80661000 (File: 0x620000) (
Kext: I/O Kit Networking Family @0x8066e000 (File: 0x62d000) (
Kext: AppleUSBEthernetDevice @0x80688000 (File: 0x647000) (
Kext: AppleTCA6408GPIOIC @0x8068d000 (File: 0x64c000) (
Kext: AppleNANDConfigAccess @0x80691000 (File: 0x650000) (
Kext: AppleCDMA @0x80694000 (File: 0x653000) (
Kext: AppleNANDFTL @0x8069b000 (File: 0x65a000) (
Kext: IOAccessoryManager @0x806a4000 (File: 0x663000) (
Kext: IOUserEthernet @0x806b8000 (File: 0x677000) (
Kext: AppleUSBAudio @0x806c0000 (File: 0x67f000) (
Kext: AppleDiskImagesUDIFDiskImage @0x806f0000 (File: 0x6af000) (
Kext: AppleS5L8930XUSB @0x806f7000 (File: 0x6b6000) (
Kext: AppleEmbeddedGyro @0x806fb000 (File: 0x6ba000) (
Kext: IOMobileGraphicsFamily @0x80704000 (File: 0x6c3000) (
Kext: IOSurface @0x80713000 (File: 0x6d2000) (
Kext: AppleDisplayPipe @0x80721000 (File: 0x6e0000) (
Kext: AppleCLCD @0x80731000 (File: 0x6f0000) (
Kext: AppleS5L8930XDART @0x8073f000 (File: 0x6fe000) (
Kext: AppleEmbeddedGPS @0x80744000 (File: 0x703000) (
Kext: AppleS5L8920X @0x8074a000 (File: 0x709000) (
Kext: PPP @0x80757000 (File: 0x716000) (
Kext: L2TP @0x80761000 (File: 0x720000) (
Kext: AppleEmbeddedAccelerometer @0x80767000 (File: 0x726000) (
Kext: AppleSynopsysOTGDevice @0x8076d000 (File: 0x72c000) (
Kext: FairPlayIOKit @0x80777000 (File: 0x736000) (
Kext: LSKDIOKit @0x807d7000 (File: 0x796000) (
Kext: AppleAMC_r2 @0x807f5000 (File: 0x7b4000) (
Kext: AppleProfileFamily @0x8086e000 (File: 0x82d000) (
Kext: AppleProfileTimestampAction @0x80899000 (File: 0x858000) (
Kext: AppleAC3Passthrough @0x8089d000 (File: 0x85c000) (
Kext: IOTextEncryptionFamily @0x808a3000 (File: 0x862000) (
Kext: corecrypto @0x808a8000 (File: 0x867000) (
Kext: AppleUSBMike @0x808d3000 (File: 0x892000) (
Kext: AppleProfileRegisterStateAction @0x808d7000 (File: 0x896000) (
Kext: AppleDiskImagesFileBackingStore @0x808db000 (File: 0x89a000) (
Kext: AppleEmbeddedProx @0x808df000 (File: 0x89e000) (
Kext: AppleProfileReadCounterAction @0x808e7000 (File: 0x8a6000) (
Kext: BasebandSPI @0x808eb000 (File: 0x8aa000) (
Kext: AppleSerialMultiplexer @0x80905000 (File: 0x8c4000) (
Kext: AppleNANDFirmware @0x80924000 (File: 0x8e3000) (
Kext: AppleImage3NORAccess @0x80928000 (File: 0x8e7000) (
Kext: AppleSamsungSWI @0x80930000 (File: 0x8ef000) (
Kext: AppleARMPL192VIC @0x80934000 (File: 0x8f3000) (
Kext: AppleIOPFMI @0x80937000 (File: 0x8f6000) (
Kext: IO80211Family @0x80947000 (File: 0x906000) (
Kext: Broadcom 802.11 Driver @0x80996000 (File: 0x955000) (
Kext: IOFlashNVRAM @0x80a04000 (File: 0x9c3000) (
Kext: AppleSamsungSerial @0x80a0a000 (File: 0x9c9000) (
Kext: AppleBasebandUSB @0x80a0e000 (File: 0x9cd000) (
Kext: AppleRGBOUT @0x80a11000 (File: 0x9d0000) (
Kext: AppleBSDKextStarter @0x80a19000 (File: 0x9d8000) (
Kext: AppleSamsungMIPIDSI @0x80a1c000 (File: 0x9db000) (
Kext: Regular Expression Matching Engine @0x80a21000 (File: 0x9e0000) (
Kext: AppleLTC4099Charger @0x80a25000 (File: 0x9e4000) (
Kext: IOMikeyBusFamily @0x80a29000 (File: 0x9e8000) (
Kext: AppleEmbeddedAudio @0x80a3b000 (File: 0x9fa000) (
Kext: AppleCS42L61Audio @0x80a5c000 (File: 0xa1b000) (
Kext: IOP_s5l8930x_firmware @0x80a61000 (File: 0xa20000) (
Kext: AppleBasebandN90 @0x80a8e000 (File: 0xa4d000) (
Kext: AppleMultitouchSPIN1F55 @0x80a97000 (File: 0xa56000) (
Kext: AppleIntegratedProxALSSensor @0x80a9a000 (File: 0xa59000) (
Kext: AppleCDCSerialDevice @0x80aa4000 (File: 0xa63000) (
Kext: H3 H264 Video Encoder @0x80aac000 (File: 0xa6b000) (
Kext: AppleProfileKEventAction @0x80acd000 (File: 0xa8c000) (
Kext: AppleS5L8930XUSBPhy @0x80ad1000 (File: 0xa90000) (
Kext: IOKit SDIO Family @0x80ad5000 (File: 0xa94000) (
Kext: AppleSamsungPKE @0x80ae5000 (File: 0xaa4000) (
Kext: AppleIOPSDIO @0x80ae9000 (File: 0xaa8000) (
Kext: Seatbelt sandbox policy @0x80af1000 (File: 0xab0000) (
Kext: AppleHIDKeyboard @0x80afc000 (File: 0xabb000) (
Kext: AppleKeyStore @0x80aff000 (File: 0xabe000) (
Kext: AppleHDQGasGaugeControl @0x80b0c000 (File: 0xacb000) (
Kext: Broadcom WLAN SDIO Bus Driver @0x80b10000 (File: 0xacf000) (
Kext: I/O Kit HID Event Driver @0x80b21000 (File: 0xae0000) (
Kext: AppleDiskImagesReadWriteDiskImage @0x80b40000 (File: 0xaff000) (
Kext: AppleFSCompressionTypeZlib @0x80b43000 (File: 0xb02000) (
Kext: AppleUSBEthernet @0x80b48000 (File: 0xb07000) (
Kext: EmbeddedIOP @0x80b51000 (File: 0xb10000) (
Kext: I/O Kit Driver for USB HID Devices @0x80b59000 (File: 0xb18000) (
Kext: AppleSamsungI2S @0x80b63000 (File: 0xb22000) (
Kext: AppleM68Buttons @0x80b67000 (File: 0xb26000) (
Kext: AppleVXD375 @0x80b6b000 (File: 0xb2a000) (
Kext: AppleUSBDeviceMux @0x80b87000 (File: 0xb46000) (
Kext: PPTP @0x80b8f000 (File: 0xb4e000) (
Kext: I/O Kit Driver for USB HID Devices @0x80b94000 (File: 0xb53000) (
Kext: AppleMultitouchSPIZ2F13 @0x80b9a000 (File: 0xb59000) (
Kext: IMGSGX535 Graphics Kernel Extension @0x80bb7000 (File: 0xb76000) (
Kext: ApplePinotLCD @0x80be4000 (File: 0xba3000) (
Kext: I/O Kit Driver for USB Hubs @0x80be7000 (File: 0xba6000) (
Kext: AppleEmbeddedCompass @0x80bf0000 (File: 0xbaf000) (
Kext: AppleProfileThreadInfoAction @0x80bf8000 (File: 0xbb7000) (
Kext: AppleBasebandCDC @0x80bfc000 (File: 0xbbb000) (
Kext: AppleUSBEthernetHost @0x80c02000 (File: 0xbc1000) (
Kext: AppleDPRepeater @0x80c07000 (File: 0xbc6000) (
Kext: I/O Kit HID Event Driver Safe Boot @0x80c36000 (File: 0xbf5000) (
Kext: tlsnke @0x80c3a000 (File: 0xbf9000) (
Kext: AppleUSBHIDKeyboard @0x80c40000 (File: 0xbff000) (
Kext: AppleProfileCallstackAction @0x80c43000 (File: 0xc02000) (
Kext: AppleDiagnosticDataAccessReadOnly @0x80c47000 (File: 0xc06000) (
Kext: AppleNANDLegacyFTL @0x80c4a000 (File: 0xc09000) (
Kext: AppleTetheredDevice @0x80c78000 (File: 0xc37000) (
Kext: AppleUSBHSIC @0x80c7b000 (File: 0xc3a000) (
Kext: Embedded I/O Kit Driver for USB EHCI Controllers @0x80c83000 (File: 0xc42000) (