My findings on the private lsaw.csstoredump format inside iOS sysdiagnose tarball #1
Description
It is just a gzipped file that, when uncompressed, can be handled by the iOS /usr/bin/lsdiagnose.
It is weird that if I directly take /private/var/mobile/Containers/Data/InternalDaemon/<UUID>/Library/Caches/com.apple.LaunchServices-<VERSION>-v2.csstore out of my iOS device, and then try to use different ways to dump its human readable format, all fails:
# with macOS /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister:
failed to scan /.../com.apple.LaunchServices-5019-v2.csstore: -10811
from spotlight%
# with iOS lsdiagnose
Failed to display Launch Services data: Error Domain=NSOSStatusErrorDomain Code=-10817 "kLSDataErr: Not used in 10.4 and later" UserInfo={_LSFunction=_LSSchemaConfigureForStore, _LSLine=483, ExpectedHeaderLength=192, WrongHeaderLength=208}
# with csstore.py in this repo, I had to run it through python3 -m launchservices:
Bucket count 30
Bucket count 8192
Bucket count 16
...
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
...
File "/.../launchservices/csstore.py", line 150, in get_string
return self._strings.hashmap[key].data.decode("utf-8")
~~~~~~~~~~~~~~~~~~~~~^^^^^
KeyError: 37818429
But, with a sysdiagnose, extracting lsaw.csstoredump, ungzipping it, I can use iOS lsdiagnose on it without problem.
I am using iOS 17.0.
The file com.apple.LaunchServices-5019-v2.csstore I got directly with Filza is very small (9.6 MB), but the lsaw.csstoredump is 33MB and 110MB ungzipped. So I think the former might be incomplete on iOS 17.0.
I am running lsdiagnose from iOS by extracting the binary, and patch it so it can be run on macOS directly using this method.