dyld-shared-cache-extractor
As of macOS Big Sur, instead of shipping the system libraries with macOS, Apple ships a generated cache of all built in dynamic libraries and excludes the originals. This tool allows you to extract these libraries from the cache for reverse engineering.
Recently upgraded to the latest El Cap beta 15A216g. I have several build steps (Qt/clang/make/etc) that rely on DYLDLIBRARYPATH being set so that the proper libraries can be found. LDLIBRARYPATH: native code libraries (on Linux, in addition to the value of this variable, the lookup path typically contains /usr/local/lib, /usr/lib, /lib and a few others). The name LD comes from dynamic l oa d er, the system component that loads libraries into dynamically linked executables.
Usage
Extract the default shared cache to /tmp/libraries:
Installation
Homebrew:
Manually, after installing rust:
More details
There are a few different ways you can interact with these shared caches.
- Depending on what you're doing inspecting them in Hopper is the easiest option
- For a bit more functionality you can build the
dyld_shared_cache_utiltarget from the latestdyldsource dump, but this requires some modifications
Dyld_library_path
The problem with the 2 options above is that they can lag behind format changes in the shared cache. This tool loads the private dsc_extractor.bundle from Xcode, meaning whichever it should always be able to extract the newest versions of the file for beta OS versions.
Dyld_library_path Is Not Set
This logic is based on the function at the bottom of dyld3/shared-cache/dsc_extractor.cpp from the dyldsource dump.