Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shared cache loading fails to recognize CFString / NSString literals #6122

Open
bdash opened this issue Nov 12, 2024 · 1 comment
Open

Shared cache loading fails to recognize CFString / NSString literals #6122

bdash opened this issue Nov 12, 2024 · 1 comment
Assignees
@0cyn
Labels
Component: DSC Dylib Shared Cache State: Awaiting Triage Issue is waiting for more in-depth triage from a developer

Comments

@bdash
Copy link
Contributor

bdash commented Nov 12, 2024

Version and Platform (required):

  • Binary Ninja Version: 4.2.6406-dev Personal (7c9db0b0)
  • OS: macOS
  • OS Version: 15.1
  • CPU Architecture: arm64

Bug Description:
When opening a macOS dyld shared cache and loading a library that uses CFString or NSString literals, Binary Ninja often leaves references to them as opaque data_1e6b5cdb8 references. The data within the __cfstring section does not have its type set to struct __NSConstantString and is not renamed to a descriptive name.

These steps are done when loading an executable from the file system.

Steps To Reproduce:

  1. Open /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_arm64e
  2. Load AppKit.framework
  3. Wait patiently
  4. Search for _systemInformationRequested in the symbol list.

Expected Behavior:

  1. The reference to the string literal should be named to provide some hint as to its contents (com.apple.SystemProfiler) rather than an opaque data_ reference.
  2. The referenced data should have its type set to struct __NSConstantString.

For executables loaded from the file system rather than the shared cache, this reference typically would have been renamed to something like cfstr_com_apple_SystemProfiler.

Screenshots/Video Recording:
Reference from code:
Screenshot 2024-11-12 at 13 00 25

Lack of type of data within __cfstring section:
Screenshot 2024-11-12 at 13 01 17

Expected behavior (from an executable on disk, rather than a framework in the shared cache):
Screenshot 2024-11-12 at 13 02 03
Screenshot 2024-11-12 at 13 02 39

Binary:
See steps to reproduce.
@xusheng6 xusheng6 added the State: Awaiting Triage Issue is waiting for more in-depth triage from a developer label Nov 19, 2024
@plafosse plafosse added the Component: DSC Dylib Shared Cache label Nov 19, 2024
@bdash
Copy link
Contributor Author

bdash commented Nov 26, 2024

Some combination of #6172, #6192, and #6198 fixes this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0cyn 0cyn

Labels
Component: DSC Dylib Shared Cache State: Awaiting Triage Issue is waiting for more in-depth triage from a developer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bdash @plafosse @0cyn @xusheng6