iBoot64helper - IDAPython utility to help with iBoot64 reverse engineering

  •        1

This aims to become an IDAPython utility to help with iBoot64 reverse engineering. Currently it just locates iBoot's proper loading address, rebases the image, and identifies ARM64 functions based on a common function prologue. As you can see in the screenshot below, 1347 functions are recognized after running it on iBoot version 4076.1.43. I will be adding features to it, like function renaming based on string usage, etc.

https://github.com/argp/iBoot64helper

Tags
Implementation
License
Platform

   




Related Projects

IDA-Pro-Code


The goal of IDA-Pro-Code is to provide support for auditing applications including binary audits through extensions of the IDA Pro disassembler by DataRescue sa/nv and/or HexRays.com.

Sark - IDAPython Made Easy


IDA Plugins & IDAPython Scripting Library. For documentation, see sark.rtfd.io.

python-idb - Pure Python parser and analyzer for IDA Pro database files (.idb).


python-idb is a library for accessing the contents of IDA Pro databases (.idb files). It provides read-only access to internal structures such as the B-tree (ID0 section), name address index (NAM section), and flags index (ID2 section). The library also provides analysis of B-tree entries to expose logical structures like functions, cross references, bytes, and disassembly (via Capstone). An example use for python-idb might be to run IDA scripts in a pure-Python environment. Willem Hengeveld (mailto:itsme@xs4all.nl) provided the initial research into the low-level structures in his projects pyidbutil and idbutil. Willem deserves substantial credit for reversing the .idb file format and publishing his results online. This project heavily borrows from his knowledge, though there is little code overlap.

collabREate


collabREate is an Ida Pro plugin and remote server component designed to facilitate collaborative reverse engineering and synchronization of database content across differing versions of Ida Pro.

m_ iDA


m_iDA is mobile based version of iDA ( http://sourceforge.net/projects/theida ) its goal is to creating a IDE ( integrated development environment ) which runs on mobile platform.


Ida - Intrusion Detection for Apache


Ida, is a Apache log security analyzer written in PHP. It will scan Apache logs and report about security incidents like SQL injections, XSS attacks, path traveling and so on.

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API


ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

intercom-ios - :iphone: Intercom for iOS, for integrating Intercom into your iOS application.


Engage customers with email, push, and in‑app messages and support them with an integrated knowledge base and help desk. Intercom for iOS supports iOS 8, iOS 9, iOS 10 and iOS 11.

BugScam IDC Package


A bunch of IDC scripts for IDA to look for common programming flaws

BigDecimal.js - Arbitrary-precision decimals library for JavaScript


This is a copy of version 1.0.1 of the STZ-IDA JavaScript translation of the com.ibm.icu.math.BigDecimal and com.ibm.icu.math.MathContext Java classes from the ICU4J project. This version includes a small bug fix in the implementation of the pow() function. See this answer on Stack Overflow for more information (note that you will need 10K+ reputation on Stack Overflow in order to view the answer because the question was deleted by a moderator).

ida-x86emu


This is a plugin for IDAPro that allows emulated execution of x86 instructions within the IDAPro environment

ida-syslog


A Web-based Viewer for Syslog Data. Requires Syslog in MySQL Database. Ajax based on jQuery and PHP.

GnetRAID


Use of Michael Rabin's Information Dispersal Algorithm to provide secure, dispersed storage in a networked environment. For full download, please get both Math-FastGF2 and Crypt-IDA releases under the files link. See project wiki for more information.

gef - GEF - GDB Enhanced Features for exploit devs & reversers


GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode


McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

material-components-ios - Modular and customizable Material Design UI components for iOS


Material Components for iOS (MDC-iOS) helps developers execute Material Design. Developed by a core team of engineers and UX designers at Google, these components enable a reliable development workflow to build beautiful and functional iOS apps. Learn more about how Material Components for iOS supports design and usability best practices across platforms in the Material Design Platform Adaptation guidelines.Material Components for iOS are written in Objective-C and support Swift and Interface Builder.

EarlGrey - :tea: iOS UI Automation Test Framework


EarlGrey is a native iOS UI automation test framework that enables you to write clear, concise tests.With the EarlGrey framework, you have access to enhanced synchronization features. EarlGrey automatically synchronizes with the UI, network requests, and various queues; but still allows you to manually implement customized timings, if needed.

SimpleKeychain - A Keychain helper for iOS to make it very simple to store/obtain values from iOS Keychain


A wrapper to make it really easy to deal with iOS Keychain and store your user's credentials securely.At least iOS 7, if you want to use kSecAttrAccessControl with the flag useAccessControl you need to have iOS 8+.

Hero - Elegant transition library for iOS & tvOS


Hero is a library for building iOS view controller transitions. It provides a declarative layer on top of the UIKit's cumbersome transition APIs—making custom transitions an easy task for developers.Hero is similar to Keynote's Magic Move. It checks the heroID property on all source and destination views. Every matched view pair is then automatically transitioned from its old state to its new state.

apollo-ios - 📱 A strongly-typed, caching GraphQL client for iOS, written in Swift


Apollo iOS is a strongly-typed, caching GraphQL client for iOS, written in Swift.It allows you to execute queries and mutations against a GraphQL server, and returns results as query-specific Swift types. This means you don’t have to deal with parsing JSON, or passing around dictionaries and making clients cast values to the right type manually. You also don't have to write model types yourself, because these are generated from the GraphQL definitions your UI uses.