set -e clear VERSION=${1:-14} METH=${2} OUT=./out LOGIC=3 make -C ../../macho-go mkdir -p $OUT echo "using mach-o version $VERSION" if [[ $VERSION -ge 14 ]] then echo "Resulting binary uses MODERN symbol resolver" else echo "Resulting binary uses LEGACY symbol resolver" fi cat <<'fly' ______ _\ _~-\___ = = ==(____AA____D \_____\___________________,-~~~~~~~`-.._ / o O o o o o O O o o o o o o O o |\_ `~-.__ ___..----.. ) `---~~\___________/------------````` = ===(_________D fly # this is a joke for those who knows # https://www.blackhat.com/presentations/bh-dc-09/Iozzo/BlackHat-DC-09-Iozzo-let-your-mach0-fly-whitepaper.pdf echo "make your Mach-O fly" if [[ $LOGIC -eq 0 ]] then clang-format -i -style=llvm *.cc elif [[ $LOGIC -eq 1 ]] then # full poc flow echo "to be continue" # remove imports # remove mod init # remove symtab dysymtab # fix link edit section elif [[ $LOGIC -eq 2 ]] then # remove imports test # libc to test reexport custom lib clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -shared c.cc # create our dummy lib first clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib dummy.cc # build a references libb clang++ -mmacosx-version-min=$VERSION -o $OUT/a -L"./out" -Xlinker -no_data_const -lb a.cc # extract symbols from a ../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --remove-imports --remove-exports --remove-symbol-table $OUT/a ../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h # build libb with symbols extracted from a clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib b.cc codesign --force --deep -s - $OUT/a-fixed $OUT/a-fixed elif [[ $LOGIC -eq 3 ]] then # remove imports test # libc to test reexport custom lib clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -shared c.cc # create our dummy lib first clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib dummy.cc # build a references libb clang -fobjc-arc -ObjC -mmacosx-version-min=$VERSION -o $OUT/a a.mm # extract symbols from a # ../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --remove-imports --remove-exports --remove-symbol-table --keep-imports _printf $OUT/a ../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --dylibs=./out/libb.dylib --remove-imports --remove-exports --remove-symbol-table --remove-others $OUT/a ../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h if [ "$METH" = "METH1" ]; then # build libb with symbols extracted from a clang++ -D $METH -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib b.cc # ../../macho-go/bin/ios-wrapper pepe -o $OUT/libb.dylib -b $OUT/libb.bcell --remove-imports --remove-exports --remove-symbol-table --remove-others --keep-imports _dyld_get_sdk_version --keep-imports _malloc --keep-imports ___stack_chk_guard --keep-imports _printf $OUT/libb.dylib elif [ "$METH" = "METH3" ]; then clang -mmacosx-version-min=$VERSION -fobjc-arc -ObjC -c -o $OUT/hooking.o hooking.mm clang++ -mmacosx-version-min=$VERSION -D $METH -c -o $OUT/b.o b.cc clang++ -fobjc-arc -ObjC -shared -Wl,-reexport_library -o $OUT/libb.dylib $OUT/b.o $OUT/hooking.o fi # resign codesign --force --deep -s - $OUT/a-fixed codesign --force --deep -s - $OUT/libb.dylib # export OBJC_PRINT_LOAD_METHODS=1 # export OBJC_PRINT_CLASS_SETUP=1 $OUT/a-fixed # unset OBJC_PRINT_LOAD_METHODS # unset OBJC_PRINT_CLASS_SETUP else # remove imports test # test rpath clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -install_name @rpath/libc.dylib -shared c.cc # linked with libd # with rpath = $OUT clang++ -mmacosx-version-min=$VERSION -Xlinker -no_data_const -o $OUT/a \ -rpath ./heheeeekkkkkkk \ -rpath $OUT \ -rpath ./hehe \ -rpath ./haha \ $OUT/libc.dylib a.cc \ # extract symbols from a ../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell -l out/libb.dylib --remove-imports --remove-exports $OUT/a # build restoration libb with symbols extracted from a ../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared b.cc # obfuscate libb (bugged) # ../../macho-go/bin/ios-wrapper pepe -o $OUT/libb.dylib -b $OUT/libb.bcell --remove-imports --remove-exports --keep-imports _dyld_get_sdk_version --keep-imports _malloc --keep-imports _printf --keep-imports ___stack_chk_guard $OUT/libb.dylib # resign codesign --force --deep -s - $OUT/a-fixed codesign --force --deep -s - $OUT/libb.dylib # export OBJC_PRINT_LOAD_METHODS=1 # export OBJC_PRINT_CLASS_SETUP=1 $OUT/a-fixed # unset OBJC_PRINT_LOAD_METHODS # unset OBJC_PRINT_CLASS_SETUP fi