Python script to give function names for iOS kernelcaches on Radare2, by using Jtool2's companion file

## generate.py
#!/usr/bin/env python3

import sys
import re

def usage():
    print("""usage: %s <kernelcache> <Jtool2's companion file> <R2 project name>
Companion file can be obtained as follows:
    $ jtool2 --analyze <kernelcache>
""")
    return

def gen(afs, binname, projname):
    buf = """#!/usr/bin/env python3
\"\"\"
[!] C++ mangled symbols would be unchanged (for now)
Prior the execution, create the R2 project as follows:
    $ r2 -AA <kernelcache>
    [0xfffffff0...]> Ps <R2 project name>
Then close the R2 session.
Make sure that no R2 sessions are opening the project when you execute the script!

While R2 commands are executed, there would be warning messages:
    \"Cannot find function at 0x...\"
Those are fine. They are just not addresses where the functions start, and no change
will take place for those addresses.
\"\"\"
import r2pipe

"""
    buf += "r = r2pipe.open(\"%s\"" % binname
    buf += ", flags=[\"-p%s\"])\n\n" % projname

    for af in afs:
        buf += "r.cmd(\"afn jtool2.%s @ %s\")\n" % (af[1], af[0])

    if projname is not None:
        buf += "\nr.cmd(\"Ps\")\n\n"

    outname = "r2script.py"
    with open(outname, "w") as f:
        f.write(buf)

def main():
    if len(sys.argv) < 4:
        usage()
        sys.exit(1)

    kernelcache = sys.argv[1]
    companion_file = sys.argv[2]
    project = sys.argv[3]

    pattern = "^0xf{7}0([0-9]|[a-f]){8}\|_(?!(_Z|func_|munger))"
    addr_funs = list()
    funcs = list()

    with open(companion_file, "r") as f:
        for line in f:
            if re.match(pattern, line):
                tup = tuple(line.split("|"))
                if tup[2] == "\n":
                    addr_funs.append(tup)
                    funcs.append(tup[1])

    for i in range(len(funcs)):
        func = funcs.pop(0)
        if func in funcs:
            # Remove from addr_funs too
            to_rm_idx = list()
            for i in range(len(addr_funs)):
                if addr_funs[i][1] == func:
                    to_rm_idx.append(i)
            for idx in sorted(to_rm_idx, reverse=True):
                del addr_funs[idx]

    print("[+] Generate radare2 script to rename %d symbols" % len(addr_funs))
    gen(addr_funs, kernelcache, project)

if __name__ == "__main__":
    main()
	#!/usr/bin/env python3

	import sys
	import re

	def usage():
	print("""usage: %s <kernelcache> <Jtool2's companion file> <R2 project name>
	Companion file can be obtained as follows:
	$ jtool2 --analyze <kernelcache>
	""")
	return

	def gen(afs, binname, projname):
	buf = """#!/usr/bin/env python3
	\"\"\"
	[!] C++ mangled symbols would be unchanged (for now)
	Prior the execution, create the R2 project as follows:
	$ r2 -AA <kernelcache>
	[0xfffffff0...]> Ps <R2 project name>
	Then close the R2 session.
	Make sure that no R2 sessions are opening the project when you execute the script!

	While R2 commands are executed, there would be warning messages:
	\"Cannot find function at 0x...\"
	Those are fine. They are just not addresses where the functions start, and no change
	will take place for those addresses.
	\"\"\"
	import r2pipe

	"""
	buf += "r = r2pipe.open(\"%s\"" % binname
	buf += ", flags=[\"-p%s\"])\n\n" % projname

	for af in afs:
	buf += "r.cmd(\"afn jtool2.%s @ %s\")\n" % (af[1], af[0])

	if projname is not None:
	buf += "\nr.cmd(\"Ps\")\n\n"

	outname = "r2script.py"
	with open(outname, "w") as f:
	f.write(buf)

	def main():
	if len(sys.argv) < 4:
	usage()
	sys.exit(1)

	kernelcache = sys.argv[1]
	companion_file = sys.argv[2]
	project = sys.argv[3]

	pattern = "^0xf{7}0([0-9]\|[a-f]){8}\\|_(?!(_Z\|func_\|munger))"
	addr_funs = list()
	funcs = list()

	with open(companion_file, "r") as f:
	for line in f:
	if re.match(pattern, line):
	tup = tuple(line.split("\|"))
	if tup[2] == "\n":
	addr_funs.append(tup)
	funcs.append(tup[1])

	for i in range(len(funcs)):
	func = funcs.pop(0)
	if func in funcs:
	# Remove from addr_funs too
	to_rm_idx = list()
	for i in range(len(addr_funs)):
	if addr_funs[i][1] == func:
	to_rm_idx.append(i)
	for idx in sorted(to_rm_idx, reverse=True):
	del addr_funs[idx]

	print("[+] Generate radare2 script to rename %d symbols" % len(addr_funs))
	gen(addr_funs, kernelcache, project)

	if __name__ == "__main__":
	main()