in7egral · September 5, 2016 13:35
diff --git a/dump_MAC_policies_name.py b/dump_MAC_policies_name.py
 from idc import *
 from idaapi import *

 def getSysctlSegment():
    addr = 0
    seg = SegByName("__sysctl_set")
    if seg != BADADDR:
        addr = SegByBase(seg)
    return addr

 def processMacPolicy(addr):
    # indexes checked on iOS 8.4.1
    name_addr = Qword(addr + 5 * 8)
    handler_addr = Qword(addr + 6 * 8)
    desc_addr = Qword(addr + 8 * 8)
    name = GetString(name_addr, -1, ASCSTR_C)
    desc = GetString(desc_addr, -1, ASCSTR_C)
    handler_name = GetFunctionName(handler_addr)
    if handler_addr == 0:
        print '%s: %s [ no handler ]' % (name, desc)
        return
    if handler_name and handler_name[:4] != 'sub_':
        print '%s: %s [ %x (%s) ]' % (name, desc, handler_addr, handler_name)
    else:
        print '%s: %s [ %x ]' % (name, desc, handler_addr)

 seg = getSysctlSegment()
 if seg != BADADDR:
    seg_end = SegEnd(seg)
    x = seg
    while x < seg_end:
        mp = Qword(x)
        processMacPolicy(mp)
        x = x + 8
	from idc import *
	from idaapi import *

	def getSysctlSegment():
	addr = 0
	seg = SegByName("__sysctl_set")
	if seg != BADADDR:
	addr = SegByBase(seg)
	return addr

	def processMacPolicy(addr):
	# indexes checked on iOS 8.4.1
	name_addr = Qword(addr + 5 * 8)
	handler_addr = Qword(addr + 6 * 8)
	desc_addr = Qword(addr + 8 * 8)
	name = GetString(name_addr, -1, ASCSTR_C)
	desc = GetString(desc_addr, -1, ASCSTR_C)
	handler_name = GetFunctionName(handler_addr)
	if handler_addr == 0:
	print '%s: %s [ no handler ]' % (name, desc)
	return
	if handler_name and handler_name[:4] != 'sub_':
	print '%s: %s [ %x (%s) ]' % (name, desc, handler_addr, handler_name)
	else:
	print '%s: %s [ %x ]' % (name, desc, handler_addr)

	seg = getSysctlSegment()
	if seg != BADADDR:
	seg_end = SegEnd(seg)
	x = seg
	while x < seg_end:
	mp = Qword(x)
	processMacPolicy(mp)
	x = x + 8