![]() ![]() However, the tool is open source, so we can build it ourselves. ![]() Unfortunately, this tool does not come installed with macOS Big Sur. One way is provided by Apple itself: the dyld_shared_cache_util command-line tool. If the libraries are no longer present on the filesystem, that makes it awfully hard to disassemble them! Fortunately, there are ways to extract the system libraries from the cache. This is going to hurt developers more than the ARM transition If you’re trying to track down why there’s a bug in your app, or how a system implementation works, you are screwed. Incidentally, the new stripped framework cache on macOS 11 is horrendous for disassembly. The data is there, but there currently aren’t tools that can get it into a useful format like we had before. The shared cache format may not be stable, but isn’t secret either The shared cache isn’t encrypted or anything, and dyld is in the Darwin source dumps. The goal was optimization, but unfortunately it does make reverse engineering more difficult. IOS has been like that for a decade already. Which is a terrible idea for perf anyway. The only impact is if you are doing runtime detection/search of library by path yourself. Instead, check for library presence by attempting to dlopen() the path, which will correctly check for the library in the cache. Code that attempts to check for dynamic library presence by looking for a file at a path or enumerating a directory will fail. As part of this change, copies of dynamic libraries are no longer present on the filesystem. New in macOS Big Sur 11 beta, the system ships with a built-in dynamic linker cache of all system-provided libraries. ![]()
0 Comments
Leave a Reply. |