Adds support for iOS outlined functions and improves firmware analysis.
Features
- Apple iOS 16 dyld shared cache support - Apple has modified the internal format of the system files on their mobile operating systems to improve performance and memory usage, so IDA has been updated to support the new tweaks.
- Outlined functions - Another new trick used by Apple on recent iOS versions is outlined functions. This is a code size optimization where the compiler extracts common instruction sequences used in several functions into a new pseudo-function which is then "called" from multiple places. This behavior tends to make decompiled pseudocode ugly, especially when the outlined functions use arbitrary registers or stack variables from the parent function. Now you can mark such functions with a special attribute and the decompiled code will look much nicer.
- Golang 1.18 - The new version of Golang introduced changes to the layout of metadata. The new IDA version can parse it and recover function names.
- ARC decompiler - ARC processors are used in many embedded devices such as SSD drives or Wi-Fi chipsets. The new decompiler supports all ARC instruction set variants currently supported by IDA: classic 32-bit ISA, 32/16-bit ARCompact and the new ARCv2. Delay slots, conditional instructions and zero-overhead loops are supported out of the box.
- No more Python 2 - IDA 8.0 will only support Python 3.x, including the latest 3.10.
- Better firmware analysis thanks to the function finder plugin (patfind) - Firmware binaries usually do not have any symbols or other metadata which would help IDA to find code in the unmarked loaded data, so users had to do it manually. The new release adds a plugin which makes use of the pattern format used in Ghidra (with minor extensions). This plugin is enabled by default for binary and binary-like formats and helps IDA discover more code automatically. It can also be invoked manually for normal structured files to find otherwise unreferenced code.
- FLAIR pattern generator (makepat) - The FLAIR toolkit, available to all IDA Pro customers, allows creating FLIRT signatures from static libraries. However, such libraries are not always available - sometimes all you have is just the final linked binary. The makepat plugin supports creating .pat files for functions in an arbitrary IDA database. It uses the functionality added for Lumina to mark variable bytes in the patterns. The .pat can then be compiled to a signature file using sigmake and applied to other files.