A Binary Ninja loader for fwsg binaries (rkos, cdpu, cdpd, l1cs, cdph, CR.., R...) part of Apple's C1 / C4000 / Sinope baseband firmware.
The current version of the loader supports the native Rust interface of Binary Ninja v5.2.
If you want to use the loader with older or newer versions of Binary Ninja, you have to adjust the branch property of
the crates binaryninja and binaryninjacore-sys defined in Cargo.toml and recompile the loader.
Make sure to install blacktop's command-line utility ipsw.
# Download ftab.bin of latest iOS version for iPhone16 e (iPhone17,5)
ipsw download appledb --os iOS --latest --device "iPhone17,5" --release --pattern "c4000"
# Extract ftab.bin into extracted/
ipsw fw c1 23A355__iPhone17,5/23A355__iPhone17,5/Firmware/c4000v59/Release/patched/ftab.bin
# Open directory with extracted firmware files
open extractedcargo build --release
ln -sf $PWD/target/release/libc1_binja_loader.dylib ~/Library/Application\ Support/Binary\ Ninja/plugins# Create debug build (may be slower)
cargo build
ln -sf $PWD/target/debug/libc1_binja_loader.dylib ~/Library/Application\ Support/Binary\ Ninja/plugins
# Print Binary Ninja log to console to diagnose crashes
/Applications/Binary\ Ninja.app/Contents/MacOS/binaryninja --debug --stderr-logBinary Ninja's Rust API:
- https://dev-rust.binary.ninja/binaryninja/index.html
- https://github.com/Vector35/binaryninja-api/tree/dev/rust/examples
- https://github.com/topics/binary-ninja?l=rust
- https://github.com/cxiao/minidump_bn/
- https://github.com/bdash/bn-objc-extras
- https://docs.rs/deku/latest/deku/
C4000 Firmware: