skill_skill

This skill helps security researchers perform Apple reverse engineering tasks by guiding and executing IPSW-based analysis of iOS/macOS binaries.

43

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill blacktop/ipsw-skill --skill skill

  • LICENSE.txt1.0 KB
  • SKILL.md5.5 KB

Overview

This skill provides a practical interface to the ipsw CLI for Apple firmware and binary reverse engineering. It streamlines downloading IPSWs, extracting kernel and dyld_shared_cache, disassembling Mach-O functions, dumping Objective-C headers, and building searchable entitlements databases. Use it to accelerate iOS/macOS internals research, vulnerability triage, or KEXT/kernel analysis.

How this skill works

The skill wraps common ipsw workflows and commands to inspect firmware and binaries. It resolves crash addresses to symbols, disassembles functions in dyld_shared_cache or standalone Mach-O files, extracts kernels/KEXTs, and dumps Objective-C headers from frameworks. It also supports downloading IPSWs, building entitlements databases, and exporting JSON for automation.

When to use it

  • Triage crash reports by mapping PC/LR to symbols in dyld_shared_cache
  • Disassemble and analyze functions inside dyld_shared_cache or a Mach-O binary
  • Extract kernelcache/KEXTs for kernel vulnerability research
  • Dump Objective-C headers from private frameworks for API discovery
  • Build or query an entitlements database across firmware builds

Best practices

  • Always specify --image when querying dyld_shared_cache to speed lookups
  • Run an initial a2s/symaddr to create the symbol cache for faster subsequent queries
  • Use --json output for scripting and reproducible analyses
  • Prefer remote extraction for quick access to specific components without full IPSW download
  • Keep extracted artifacts organized by device and OS version for diffs

Example use cases

  • Resolve a crash address to -[SomeClass someMethod:] using dyld a2s and disassemble the surrounding instructions
  • Download the latest IPSW for a device and extract the kernel and dyld cache for offline analysis
  • Extract and compare KEXTs between two kernelcache versions to spot new or modified drivers
  • Dump headers from Security or UIKit frameworks to find private APIs used by a sample app
  • Build an entitlements SQLite database from an IPSW and query for platform or private entitlements

FAQ

Yes. Use ipsw macho commands on local binaries for info, disassembly, entitlements, and signatures.

How do I speed up repeated dyld_shared_cache queries?

Run an initial a2s or symaddr to create the .a2s cache and always use --image to narrow searches.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational