Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #15728648
Analyzing a New Shared Cache With PensiveTrace 1.5.1
- On a MAC, run the dsc_extractor on the extracted shared cache
- dsc_extractor extracts the libraries as Universal binaries, which PT 1.5.1 does not support, so recursively run lipo -thin <arch>
find . -type f -exec lipo -thin arm64 {} -output {} \;
- scp over the files to the ptserver (currently at ptserver.devlan.net)
- Rename duplicate files since PT 1.5.1 goes crazy if duplicate file names are found
/usr/share/fslint/fslint/findsn <sharedcachedir> (sudo apt-get install fslint)
count=0; cat dupes.txt | while read n; do fullpath="iPhone6,1_9.0_13A4325c_sharedcache/$n"; mv "$fullpath" "${fullpath}_${count}"; count=$(expr $count + 1); done
- Remove actual duplicate files since PT 1.5.1 goes crazy if duplicate files are found
fdupes -r -d -N <path_to_cache_dir>
nohup pt_prepare -vvv -E--recursive <path_to_cache_dir> <output path> &