Introduction

Sysdiagnose #

Introduction #

Sysdiagnose is a utility on most Apple devices that can be used to gather system-wide diagnostic information. It includes logging from different services and reports on the state of systems. What is contained in a sysdiagnose will vary depending on what type of device and which version of the macOS, iOS, iPadOS, tvOS and watchOS.

What do you get? #

Among the tools which have been run, and whose output has been collected for you may consist of the following:

  • ps which lists information about all processes running at present, and its thread-aware variant
  • fs_usage which reports system calls and page faults related to filesystem activity
  • spindump which profiles your entire system for a period of time
  • vm_stat which shows Mach virtual memory statistics
  • top which displays sorted information about all processes running at present
  • powermetrics which shows CPU usage statistics
  • lsof which lists details of all open files
  • footprint which gives memory information about processes
  • vmmap and heap on process(es) using large amounts of memory, showing their virtual memory and heap allocations
  • diskutil checking mounted drives
  • gpt detailing GUID partition tables
  • hdiutil checking mounted disk images
  • BootCacheControl checking caches used during startup
  • df checking disk free space
  • mount checking mounted file systems
  • netstat giving detailed network status
  • ifconfig detailing network interfaces
  • ipconfig detailing IP configuration
  • scutil checking system configuration
  • dig checking name service (DNS) lookup
  • pmset detailing power management settings
  • system_profiler which compiles a full system profile just as the System Profiler app does - ioreg gives details of all input and output devices registered with I/O Kit

Questions & Remarks #

  • Sysdiagnose ask a lot of user interaction
  • Missing informations (sms/whatsapp etc…)

Generation #

  • Two methods :
  1. With any iOS device, the keychord is three buttons together: Both volume buttons + the Side or Top button (See figure below on where the buttons are located) Press and hold all three buttons for about one to 1.5 second, then release. You will feel a short vibration when the sysdiagnose starts. Be careful not to hold the buttons too long, or you may trigger the screen for Power Off / Emergency SOS as well. If this happens, hit Cancel to exit back to the regular Lock Screen. Your sysdiagnose will continue running. Sysdiagnose has to run for a minute or two (may take up to 10 minutes). Note that a sysdiagnose can be triggered on an iPhone or iPad while it is sitting at the Lock Screen.

  1. By using AssitiveTouch (requires much more user interaction) - In Settings -> Accessibility - - - It’s now possible to generate sysdiagnose by double-tapping the grey-outlined circle.
  • Can take up to 10min.
  • The generated sysdiagnose can be retrieved idevicecrashreport

Retrieve using idevicecrashreport #

  • We can retrieve sysdiagnose using idevicecrashreport
idevicecrashreport -f sysdiagnose_2023.06.06_15 -e -k OUTPUT_DIR
  • We could use the option -f to filter filename or idevicecrashreport will retrieve every crashlog. We should play with file name sysdiagnose and date/hour