As of macOS Big Sur, instead of shipping the system libraries with macOS, Apple ships a generated cache of all built in dynamic libraries and excludes the originals. This tool allows you to extract these libraries from the cache for reverse engineering.
Extract the default shared cache to /tmp/libraries:
dyld-shared-cache-extractor /System/Library/dyld/dyld_shared_cache_arm64e /tmp/librariesbrew install keith/formulae/dyld-shared-cache-extractorManually, after installing rust:
cargo install --locked --path .There are a few different ways you can interact with these shared caches.
- Depending on what you're doing inspecting them in Hopper is the easiest option
- For a bit more functionality you can build the
dyld_shared_cache_utiltarget from the latestdyldsource dump, but this requires some modifications
The problem with the 2 options above is that they can lag behind format
changes in the shared cache. This tool loads the private
dsc_extractor.bundle from Xcode, meaning it should always be able to
extract the shared cache files even from beta OS versions (potentially
using a beta Xcode version).
This logic is based on the function at the bottom of
dyld3/shared-cache/dsc_extractor.cpp from the dyld source
dump.