As of macOS Big Sur, instead of shipping the system libraries with macOS, Apple ships a generated cache of all built in dynamic libraries and excludes the originals. This tool allows you to extract these libraries from the cache for reverse engineering.
Extract the default shared cache to
dyld-shared-cache-extractor /System/Library/dyld/dyld_shared_cache_arm64e /tmp/libraries
brew install keith/formulae/dyld-shared-cache-extractor
Manually, after installing rust:
cargo install --locked --path .
There are a few different ways you can interact with these shared caches.
- Depending on what you're doing inspecting them in Hopper is the easiest option
- For a bit more functionality you can build the
dyld_shared_cache_utiltarget from the latest
dyldsource dump, but this requires some modifications
The problem with the 2 options above is that they can lag behind format changes in the shared cache. This tool loads the private
dsc_extractor.bundle from Xcode, meaning whichever it should always be able to extract the newest versions of the file for beta OS versions.
This logic is based on the function at the bottom of
dyld3/shared-cache/dsc_extractor.cpp from the
dyld source dump.