ipsw VS idevicerestore

In theory I have all of those, but currently I have none, so it's manual work. Your best friend in diagnosing a kernel crash is a KDK. If you have one that matches your build, it will have symbols in it. With a little bit of math you can take the backtrace in the crash log and slide it appropriately to match the binary. Personally I use LLDB for this. Here's an example of what this looks like on an x86-64 kernel (Apple silicon has its own math but it's largely the same): https://github.com/saagarjha/unxip/issues/14#issuecomment-10.... The kernel is typically compiled with optimization, so there's a lot of inlining and code folding, but with function names, source files, and instruction offsets it's pretty trivial to match it to the code Apple publishes.

In this case I do not have a KDK for that build. In fact Apple has been unable to produce one for a couple of months, a inadequacy which I have repeatedly emphasized to them because of how critical they are for stuff like this. Supposedly they are working on it. Whatever; in lieu of that I got to figure out how good the tooling for analyzing kernels is these days, which was my real goal anyways.

For this crash log I downloaded the IPSW file for your build, 22A400. All of them get linked on The iPhone Wiki, e.g. https://www.theiphonewiki.com/wiki/Firmware/Mac/13.x. Once you unpack the IPSW (it's a zip file) there are compressed kernelcache files inside. Apple changed the format of these this year so most of the tooling breaks on it, but https://github.com/blacktop/ipsw was able to decompress them. Then I loaded it in to Binary Ninja, which apparently doesn't support them either but compiling this person's plugin (+166 submodules, and a LLVM & Boost build) gets it to work: https://github.com/skr0x1c0/binja_kc.

From there you can load up the faulting address from the crash log and see what the function looks like. In this case, a bunch of junk has been inlined into it but there's a really obvious and fairly unique string reference for "invalid knote %p detach, filter: %d". From there, you can compare it against the actual source code to see which one matches the "shape" of the function you're looking at. I happened to also pull up an older kernel which did have a KDK available and then compared its assembly to the new one to match it up to ptsd_kqops_detach. The disassembly of the crashing code is obviously doing a linked list walk so you can figure out exactly which line it is from that.

If I wasn't lazy I might also fire up a debugger to see why the function had walked off the end of the list but without KDKs things get pretty bad, not that they're very good to begin with. I don't have a m1n1 setup (I should probably do this at some point) and the things I do have, like remote debugging or the VM GDB stub, are not really worth suffering through for a Hacker News comment.

Github: https://github.com/blacktop/ipsw Release: https://github.com/blacktop/ipsw/releases Instructions/Website: https://blacktop.github.io/ipsw/

Install idevicerestore Manually https://github.com/libimobiledevice/idevicerestore [Remove the (libimobiledevice-glue-dev \) line from the first command for it to work]

Open Source Implementation: https://github.com/libimobiledevice/idevicerestore

Get ahold of another pc(it doesn't have to be a mac), run your favourite distro on in, and then follow this instructions: https://github.com/libimobiledevice/idevicerestore .

If you have a PC that can run Linux, you might be able to use iDeviceRestore as a substitute for the helper Mac: https://github.com/libimobiledevice/idevicerestore

Like the other comment says yes for macOS, imo however in a completely stupid way because if you wipe your internal SSD you need another Mac (or idevicerestore) to restore the firmware, if your internal SSD ever breaks you are completely fcked because you can't replace it (only maybe on the Mac Studio) and apple only allows you to boot from that (and *after that a different drive)

I tried using idevicerestore to restore my iPhone X from the ios 16 beta to ios 15.6 using the ipsw file, the command ran fine with no errors but my phone is now stuck on a black screen with the apple logo(no spinner or progress bar).

Unfortunately the guide is taken down by the developer, so the closest I can find the remains of the guide is from this link: https://github.com/libimobiledevice/idevicerestore/issues/237