2024-02-09 14:01:34 +07:00
|
|
|
set -e
|
2024-03-28 01:59:55 +07:00
|
|
|
clear
|
2023-06-05 15:54:22 +07:00
|
|
|
VERSION=${1:-14}
|
2024-03-28 01:59:55 +07:00
|
|
|
METH=${2}
|
2023-05-31 16:17:45 +07:00
|
|
|
OUT=./out
|
2024-03-28 01:59:55 +07:00
|
|
|
LOGIC=3
|
|
|
|
|
make -C ../../macho-go
|
2023-05-31 16:17:45 +07:00
|
|
|
mkdir -p $OUT
|
2023-06-01 17:29:45 +07:00
|
|
|
|
2023-06-05 15:54:22 +07:00
|
|
|
echo "using mach-o version $VERSION"
|
|
|
|
|
if [[ $VERSION -ge 14 ]]
|
|
|
|
|
then
|
|
|
|
|
echo "Resulting binary uses MODERN symbol resolver"
|
|
|
|
|
else
|
|
|
|
|
echo "Resulting binary uses LEGACY symbol resolver"
|
|
|
|
|
fi
|
|
|
|
|
|
2024-01-10 14:50:53 +07:00
|
|
|
cat <<'fly'
|
|
|
|
|
______
|
|
|
|
|
_\ _~-\___
|
|
|
|
|
= = ==(____AA____D
|
|
|
|
|
\_____\___________________,-~~~~~~~`-.._
|
|
|
|
|
/ o O o o o o O O o o o o o o O o |\_
|
|
|
|
|
`~-.__ ___..----.. )
|
|
|
|
|
`---~~\___________/------------`````
|
|
|
|
|
= ===(_________D
|
|
|
|
|
fly
|
|
|
|
|
|
|
|
|
|
# this is a joke for those who knows
|
|
|
|
|
# https://www.blackhat.com/presentations/bh-dc-09/Iozzo/BlackHat-DC-09-Iozzo-let-your-mach0-fly-whitepaper.pdf
|
|
|
|
|
echo "make your Mach-O fly"
|
|
|
|
|
|
2023-06-02 15:24:09 +07:00
|
|
|
if [[ $LOGIC -eq 0 ]]
|
|
|
|
|
then
|
|
|
|
|
|
|
|
|
|
clang-format -i -style=llvm *.cc
|
|
|
|
|
|
|
|
|
|
elif [[ $LOGIC -eq 1 ]]
|
2023-06-01 17:29:45 +07:00
|
|
|
then
|
|
|
|
|
# full poc flow
|
|
|
|
|
|
|
|
|
|
echo "to be continue"
|
|
|
|
|
# remove imports
|
|
|
|
|
# remove mod init
|
|
|
|
|
# remove symtab dysymtab
|
|
|
|
|
# fix link edit section
|
|
|
|
|
|
|
|
|
|
elif [[ $LOGIC -eq 2 ]]
|
|
|
|
|
then
|
|
|
|
|
# remove imports test
|
|
|
|
|
|
|
|
|
|
# libc to test reexport custom lib
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -shared c.cc
|
|
|
|
|
|
|
|
|
|
# create our dummy lib first
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib dummy.cc
|
|
|
|
|
# build a references libb
|
2023-12-14 10:44:40 +07:00
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/a -L"./out" -Xlinker -no_data_const -lb a.cc
|
2023-06-01 17:29:45 +07:00
|
|
|
|
|
|
|
|
# extract symbols from a
|
2023-07-10 14:14:03 +07:00
|
|
|
../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --remove-imports --remove-exports --remove-symbol-table $OUT/a
|
|
|
|
|
../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h
|
2023-06-01 17:29:45 +07:00
|
|
|
# build libb with symbols extracted from a
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib b.cc
|
|
|
|
|
|
2023-06-21 17:29:24 +07:00
|
|
|
codesign --force --deep -s - $OUT/a-fixed
|
|
|
|
|
$OUT/a-fixed
|
2023-06-05 15:54:22 +07:00
|
|
|
|
2023-06-07 10:49:59 +07:00
|
|
|
elif [[ $LOGIC -eq 3 ]]
|
|
|
|
|
then
|
|
|
|
|
# remove imports test
|
|
|
|
|
|
|
|
|
|
# libc to test reexport custom lib
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -shared c.cc
|
|
|
|
|
|
|
|
|
|
# create our dummy lib first
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib dummy.cc
|
|
|
|
|
# build a references libb
|
2024-02-09 14:01:34 +07:00
|
|
|
clang -fobjc-arc -ObjC -mmacosx-version-min=$VERSION -o $OUT/a a.mm
|
2023-06-07 10:49:59 +07:00
|
|
|
|
|
|
|
|
# extract symbols from a
|
2023-07-11 10:06:59 +07:00
|
|
|
# ../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --remove-imports --remove-exports --remove-symbol-table --keep-imports _printf $OUT/a
|
2024-02-09 14:01:34 +07:00
|
|
|
../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --dylibs=./out/libb.dylib --remove-imports --remove-exports --remove-symbol-table --remove-others $OUT/a
|
2023-07-10 14:14:03 +07:00
|
|
|
../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h
|
2024-03-28 01:59:55 +07:00
|
|
|
|
|
|
|
|
if [ "$METH" = "METH1" ]; then
|
2023-06-07 10:49:59 +07:00
|
|
|
# build libb with symbols extracted from a
|
2024-03-28 01:59:55 +07:00
|
|
|
clang++ -D $METH -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib b.cc
|
|
|
|
|
# ../../macho-go/bin/ios-wrapper pepe -o $OUT/libb.dylib -b $OUT/libb.bcell --remove-imports --remove-exports --remove-symbol-table --remove-others --keep-imports _dyld_get_sdk_version --keep-imports _malloc --keep-imports ___stack_chk_guard --keep-imports _printf $OUT/libb.dylib
|
|
|
|
|
|
|
|
|
|
elif [ "$METH" = "METH3" ]; then
|
|
|
|
|
clang -mmacosx-version-min=$VERSION -fobjc-arc -ObjC -c -o $OUT/hooking.o hooking.mm
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -D $METH -c -o $OUT/b.o b.cc
|
|
|
|
|
clang++ -fobjc-arc -ObjC -shared -Wl,-reexport_library -o $OUT/libb.dylib $OUT/b.o $OUT/hooking.o
|
|
|
|
|
fi
|
2023-06-07 10:49:59 +07:00
|
|
|
|
2023-07-12 13:34:02 +07:00
|
|
|
# resign
|
2023-06-21 17:29:24 +07:00
|
|
|
codesign --force --deep -s - $OUT/a-fixed
|
2023-07-12 13:34:02 +07:00
|
|
|
codesign --force --deep -s - $OUT/libb.dylib
|
2023-06-21 17:29:24 +07:00
|
|
|
|
|
|
|
|
# export OBJC_PRINT_LOAD_METHODS=1
|
|
|
|
|
# export OBJC_PRINT_CLASS_SETUP=1
|
|
|
|
|
$OUT/a-fixed
|
|
|
|
|
# unset OBJC_PRINT_LOAD_METHODS
|
|
|
|
|
# unset OBJC_PRINT_CLASS_SETUP
|
2023-06-07 10:49:59 +07:00
|
|
|
|
2023-06-01 17:29:45 +07:00
|
|
|
else
|
|
|
|
|
|
2023-12-14 10:44:40 +07:00
|
|
|
# remove imports test
|
2023-06-01 17:29:45 +07:00
|
|
|
|
2023-12-14 10:44:40 +07:00
|
|
|
# test rpath
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -install_name @rpath/libc.dylib -shared c.cc
|
|
|
|
|
# linked with libd
|
|
|
|
|
# with rpath = $OUT
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -Xlinker -no_data_const -o $OUT/a \
|
|
|
|
|
-rpath ./heheeeekkkkkkk \
|
|
|
|
|
-rpath $OUT \
|
|
|
|
|
-rpath ./hehe \
|
|
|
|
|
-rpath ./haha \
|
|
|
|
|
$OUT/libc.dylib a.cc \
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# extract symbols from a
|
|
|
|
|
../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell -l out/libb.dylib --remove-imports --remove-exports $OUT/a
|
2023-06-01 17:29:45 +07:00
|
|
|
|
2023-12-14 10:44:40 +07:00
|
|
|
# build restoration libb with symbols extracted from a
|
|
|
|
|
../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h
|
|
|
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared b.cc
|
|
|
|
|
|
|
|
|
|
# obfuscate libb (bugged)
|
|
|
|
|
# ../../macho-go/bin/ios-wrapper pepe -o $OUT/libb.dylib -b $OUT/libb.bcell --remove-imports --remove-exports --keep-imports _dyld_get_sdk_version --keep-imports _malloc --keep-imports _printf --keep-imports ___stack_chk_guard $OUT/libb.dylib
|
|
|
|
|
|
|
|
|
|
# resign
|
|
|
|
|
codesign --force --deep -s - $OUT/a-fixed
|
|
|
|
|
codesign --force --deep -s - $OUT/libb.dylib
|
|
|
|
|
|
|
|
|
|
# export OBJC_PRINT_LOAD_METHODS=1
|
|
|
|
|
# export OBJC_PRINT_CLASS_SETUP=1
|
|
|
|
|
$OUT/a-fixed
|
|
|
|
|
# unset OBJC_PRINT_LOAD_METHODS
|
|
|
|
|
# unset OBJC_PRINT_CLASS_SETUP
|
2023-06-01 17:29:45 +07:00
|
|
|
fi
|
