Trying to class-dump UIKitCore results in out of range exception

[samhenrigold]

What happened?

shg@shg-mbp Downloads % ipsw class-dump '/Users/shg/Downloads/21F5048f/cache/21F90__iPhone16,1/dyld_shared_cache_arm64e' UIKitCore --xcfw --output /tmp
panic: runtime error: slice bounds out of range [-1:]

goroutine 1 [running]:
github.com/blacktop/go-macho/types/objc.decodeStructOrUnion({0x14034bf5181?, 0x38?}, {0x10288b7ab, 0x6})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:458 +0x9bc
github.com/blacktop/go-macho/types/objc.decodeStructure(...)
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:387
github.com/blacktop/go-macho/types/objc.decodeType({0x14034bf5180, 0x38})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:357 +0x5a0
github.com/blacktop/go-macho/types/objc.decodeStructOrUnion({0x14021f3d401?, 0x72?}, {0x10288b7ab, 0x6})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:474 +0x454
github.com/blacktop/go-macho/types/objc.decodeStructure(...)
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:387
github.com/blacktop/go-macho/types/objc.decodeType({0x14021f3d400, 0x72})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:357 +0x5a0
github.com/blacktop/go-macho/types/objc.decodeStructOrUnion({0x1403d35b8c1?, 0x28b?}, {0x1028891d8, 0x5})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:474 +0x454
github.com/blacktop/go-macho/types/objc.decodeUnion(...)
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:391
github.com/blacktop/go-macho/types/objc.decodeType({0x1403d35b8c0, 0x28b})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:346 +0x6cc
github.com/blacktop/go-macho/types/objc.decodeStructOrUnion({0x140221bc001?, 0x375?}, {0x1028891d8, 0x5})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:474 +0x454
github.com/blacktop/go-macho/types/objc.decodeUnion(...)
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:391
github.com/blacktop/go-macho/types/objc.decodeType({0x140221bc000, 0x375})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:346 +0x6cc
github.com/blacktop/go-macho/types/objc.decodeStructOrUnion({0x1401e035c01?, 0x3e0?}, {0x10288b7ab, 0x6})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:474 +0x454
github.com/blacktop/go-macho/types/objc.decodeStructure(...)
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:387
github.com/blacktop/go-macho/types/objc.decodeType({0x1401e035c00, 0x3e0})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:357 +0x5a0
github.com/blacktop/go-macho/types/objc.decodeStructOrUnion({0x14032f08901?, 0x443?}, {0x10288b7ab, 0x6})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:474 +0x454
github.com/blacktop/go-macho/types/objc.decodeStructure(...)
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:387
github.com/blacktop/go-macho/types/objc.decodeType({0x14032f08900, 0x443})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:357 +0x5a0
github.com/blacktop/go-macho/types/objc.getIVarType({0x14032f08900?, 0x100cc09f0?})
        github.com/blacktop/go-macho@v1.1.219/types/objc/type_encoding.go:290 +0xf4
github.com/blacktop/go-macho/types/objc.(*Ivar).dump(0x140306c3fa0, 0xe0?, 0xcd?)
        github.com/blacktop/go-macho@v1.1.219/types/objc/objc.go:453 +0xf4
github.com/blacktop/go-macho/types/objc.(*Ivar).Verbose(...)
        github.com/blacktop/go-macho@v1.1.219/types/objc/objc.go:467
github.com/blacktop/ipsw/internal/commands/macho.(*ObjC).processForwardDeclarations(0x140004a5dc0, 0x14000368780)
        github.com/blacktop/ipsw/internal/commands/macho/objc.go:982 +0x1150
github.com/blacktop/ipsw/internal/commands/macho.(*ObjC).Headers.func1(0x14000368780)
        github.com/blacktop/ipsw/internal/commands/macho/objc.go:494 +0x15c
github.com/blacktop/ipsw/internal/commands/macho.(*ObjC).Headers(0x140004a5dc0)
        github.com/blacktop/ipsw/internal/commands/macho/objc.go:665 +0x74
github.com/blacktop/ipsw/internal/commands/macho.(*ObjC).XCFramework(0x140004a5dc0)
        github.com/blacktop/ipsw/internal/commands/macho/objc.go:869 +0x13c4
github.com/blacktop/ipsw/cmd/ipsw/cmd.init.func25(0x14000756200?, {0x14000383ef0, 0x2, 0x102887735?})
        github.com/blacktop/ipsw/cmd/ipsw/cmd/class_dump.go:245 +0xbcc
github.com/spf13/cobra.(*Command).execute(0x103c9ac80, {0x14000383ea0, 0x5, 0x5})
        github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x103c9af60)
        github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(...)
        github.com/spf13/cobra@v1.8.0/command.go:1039
github.com/blacktop/ipsw/cmd/ipsw/cmd.Execute()
        github.com/blacktop/ipsw/cmd/ipsw/cmd/root.go:67 +0x24
main.main()
        github.com/blacktop/ipsw/cmd/ipsw/main.go:27 +0x1c
shg@shg-mbp Downloads %

How can we reproduce this?

1. Download the iPhone16,1 21F90 firmware
2. Create this directory structure and extract the DSC:

IPSW_FILE="/Users/shg/Downloads/iPhone16,1_17.5.1_21F90_Restore.ipsw"
CACHE_DIR="/Users/shg/Downloads/21F5048f/cache"
OUTPUT_HEADERS_DIR="/Users/shg/Downloads/21F5048f/headers"
OUTPUT_STRINGS_DIR="/Users/shg/Downloads/21F5048f/strings"

# Create output directories
mkdir -p $OUTPUT_HEADERS_DIR
mkdir -p $OUTPUT_STRINGS_DIR

# Extract dyld shared cache
ipsw extract $IPSW_FILE -d -o $CACHE_DIR

3. Attempt to extract UIKitCore:

ipsw class-dump '/Users/shg/Downloads/21F5048f/cache/21F90__iPhone16,1/dyld_shared_cache_arm64e' UIKitCore --xcfw --output /tmp

ipsw version

Version: 3.1.492, BuildCommit: 0e84bf870f5398079eae84bd29cda2be0f1097d1

Search

• I did search for other open and closed issues before opening this

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

uname -a:

Darwin shg-mbp 23.4.0 Darwin Kernel Version 23.4.0: Fri Mar 15 00:10:42 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6000 arm64

[blacktop]

@t0rr3sp3dr0 please feel ZERO obligation to take a look, but if you had any spare cycles I thought I'd ask 🙏

I'm currently slammed w/ iOS18/macOS15 beta changes, but will look into this soon.

[blacktop]

@samhenrigold please try w/ latest release

[frankschlegel]

The issue still exists, unfortunately. I was able to dump Foundation, but not others like UIKitCore. Still getting
panic: runtime error: slice bounds out of range [-1:]

[blacktop]

thanks for checking @frankschlegel I'll dig deeper

[blacktop]

should be good now in release I'm pushing out now, please re-open if there is still an issue

[blacktop]

reopening as it's failing for me on iOS 18

[blacktop]

pushing new release that I believe fixes the iOS 18 issue.

[frankschlegel]

Thanks! I can confirm that UIKitCore works now (with 3.1.502). But I still couldn't dump Vision or CoreImage:

ipsw class-dump dyld_shared_cache_arm64e CoreImage --headers
panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
github.com/blacktop/go-macho/types/objc.decodeType({0x1402753ff5c, 0x1})
	github.com/blacktop/go-macho@v1.1.222/types/objc/type_encoding.go:314 +0x4b4
github.com/blacktop/go-macho/types/objc.getIVarType({0x1402753ff5c?, 0x1049480d4?})
	github.com/blacktop/go-macho@v1.1.222/types/objc/type_encoding.go:290 +0xf4
github.com/blacktop/go-macho/types/objc.(*Ivar).dump(0x140224125c0, 0x0?, 0x6?)
	github.com/blacktop/go-macho@v1.1.222/types/objc/objc.go:453 +0xf4
github.com/blacktop/go-macho/types/objc.(*Ivar).Verbose(...)
	github.com/blacktop/go-macho@v1.1.222/types/objc/objc.go:467
github.com/blacktop/ipsw/internal/commands/macho.(*ObjC).processForwardDeclarations(0x140005b7080, 0x1400047e780)
	github.com/blacktop/ipsw/internal/commands/macho/objc.go:982 +0x1150
github.com/blacktop/ipsw/internal/commands/macho.(*ObjC).Headers.func1(0x1400047e780)
	github.com/blacktop/ipsw/internal/commands/macho/objc.go:494 +0x15c
github.com/blacktop/ipsw/internal/commands/macho.(*ObjC).Headers(0x140005b7080)
	github.com/blacktop/ipsw/internal/commands/macho/objc.go:665 +0x74
github.com/blacktop/ipsw/cmd/ipsw/cmd.init.func25(0x14000754900?, {0x1400098a900, 0x2, 0x10653c807?})
	github.com/blacktop/ipsw/cmd/ipsw/cmd/class_dump.go:241 +0xbf4
github.com/spf13/cobra.(*Command).execute(0x107982f60, {0x1400098a8a0, 0x3, 0x3})
	github.com/spf13/cobra@v1.8.1/command.go:985 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x107983240)
	github.com/spf13/cobra@v1.8.1/command.go:1117 +0x344
github.com/spf13/cobra.(*Command).Execute(...)
	github.com/spf13/cobra@v1.8.1/command.go:1041
github.com/blacktop/ipsw/cmd/ipsw/cmd.Execute()
	github.com/blacktop/ipsw/cmd/ipsw/cmd/root.go:67 +0x24
main.main()
	github.com/blacktop/ipsw/cmd/ipsw/main.go:27 +0x1c

[blacktop]

alright pushing out another release. tested on the entire iOS 17.5.1 and iOS 18b1 DSC using the new --all flag.

Let me know if you have any further issues and if not feel free to close the issue.

[frankschlegel]

It works now. 👍
Thanks for all your efforts!