134 lines
4.5 KiB
Bash
Executable File
134 lines
4.5 KiB
Bash
Executable File
# set -ex
|
|
|
|
VERSION=${1:-14}
|
|
OUT=./out
|
|
LOGIC=${2}
|
|
|
|
mkdir -p $OUT
|
|
|
|
echo "using mach-o version $VERSION"
|
|
if [[ $VERSION -ge 14 ]]
|
|
then
|
|
echo "Resulting binary uses MODERN symbol resolver"
|
|
else
|
|
echo "Resulting binary uses LEGACY symbol resolver"
|
|
fi
|
|
|
|
cat <<'fly'
|
|
______
|
|
_\ _~-\___
|
|
= = ==(____AA____D
|
|
\_____\___________________,-~~~~~~~`-.._
|
|
/ o O o o o o O O o o o o o o O o |\_
|
|
`~-.__ ___..----.. )
|
|
`---~~\___________/------------`````
|
|
= ===(_________D
|
|
fly
|
|
|
|
# this is a joke for those who knows
|
|
# https://www.blackhat.com/presentations/bh-dc-09/Iozzo/BlackHat-DC-09-Iozzo-let-your-mach0-fly-whitepaper.pdf
|
|
echo "make your Mach-O fly"
|
|
|
|
if [[ $LOGIC -eq 0 ]]
|
|
then
|
|
|
|
clang-format -i -style=llvm *.cc
|
|
|
|
elif [[ $LOGIC -eq 1 ]]
|
|
then
|
|
# full poc flow
|
|
|
|
echo "to be continue"
|
|
# remove imports
|
|
# remove mod init
|
|
# remove symtab dysymtab
|
|
# fix link edit section
|
|
|
|
elif [[ $LOGIC -eq 2 ]]
|
|
then
|
|
# remove imports test
|
|
|
|
# libc to test reexport custom lib
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -shared c.cc
|
|
|
|
# create our dummy lib first
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib dummy.cc
|
|
# build a references libb
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/a -L"./out" -Xlinker -no_data_const -lb a.cc
|
|
|
|
# extract symbols from a
|
|
../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --remove-imports --remove-exports --remove-symbol-table $OUT/a
|
|
../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h
|
|
# build libb with symbols extracted from a
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib b.cc
|
|
|
|
codesign --force --deep -s - $OUT/a-fixed
|
|
$OUT/a-fixed
|
|
|
|
elif [[ $LOGIC -eq 3 ]]
|
|
then
|
|
# remove imports test
|
|
|
|
# libc to test reexport custom lib
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -shared c.cc
|
|
|
|
# create our dummy lib first
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib dummy.cc
|
|
# build a references libb
|
|
clang -fobjc-arc -ObjC -mmacosx-version-min=$VERSION -o $OUT/a -L"./out" -lb a.mm
|
|
|
|
# extract symbols from a
|
|
# ../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --remove-imports --remove-exports --remove-symbol-table --keep-imports _printf $OUT/a
|
|
../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell --remove-imports --remove-exports --remove-symbol-table --remove-others $OUT/a
|
|
../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h
|
|
# build libb with symbols extracted from a
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared -Wl,-reexport_library out/libc.dylib b.cc
|
|
../../macho-go/bin/ios-wrapper pepe -o $OUT/libb.dylib -b $OUT/libb.bcell --remove-imports --remove-exports --remove-symbol-table --remove-others --keep-imports _dyld_get_sdk_version --keep-imports _malloc --keep-imports ___stack_chk_guard --keep-imports _printf $OUT/libb.dylib
|
|
|
|
# resign
|
|
codesign --force --deep -s - $OUT/a-fixed
|
|
codesign --force --deep -s - $OUT/libb.dylib
|
|
|
|
# export OBJC_PRINT_LOAD_METHODS=1
|
|
# export OBJC_PRINT_CLASS_SETUP=1
|
|
$OUT/a-fixed
|
|
# unset OBJC_PRINT_LOAD_METHODS
|
|
# unset OBJC_PRINT_CLASS_SETUP
|
|
|
|
else
|
|
|
|
# remove imports test
|
|
|
|
# test rpath
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libc.dylib -install_name @rpath/libc.dylib -shared c.cc
|
|
# linked with libd
|
|
# with rpath = $OUT
|
|
clang++ -mmacosx-version-min=$VERSION -Xlinker -no_data_const -o $OUT/a \
|
|
-rpath ./heheeeekkkkkkk \
|
|
-rpath $OUT \
|
|
-rpath ./hehe \
|
|
-rpath ./haha \
|
|
$OUT/libc.dylib a.cc \
|
|
|
|
|
|
# extract symbols from a
|
|
../../macho-go/bin/ios-wrapper pepe -o $OUT/a-fixed -b $OUT/b.bcell -l out/libb.dylib --remove-imports --remove-exports $OUT/a
|
|
|
|
# build restoration libb with symbols extracted from a
|
|
../../macho-go/bin/ios-wrapper bcell2header -b $OUT/b.bcell -o $OUT/b.h
|
|
clang++ -mmacosx-version-min=$VERSION -o $OUT/libb.dylib -shared b.cc
|
|
|
|
# obfuscate libb (bugged)
|
|
# ../../macho-go/bin/ios-wrapper pepe -o $OUT/libb.dylib -b $OUT/libb.bcell --remove-imports --remove-exports --keep-imports _dyld_get_sdk_version --keep-imports _malloc --keep-imports _printf --keep-imports ___stack_chk_guard $OUT/libb.dylib
|
|
|
|
# resign
|
|
codesign --force --deep -s - $OUT/a-fixed
|
|
codesign --force --deep -s - $OUT/libb.dylib
|
|
|
|
# export OBJC_PRINT_LOAD_METHODS=1
|
|
# export OBJC_PRINT_CLASS_SETUP=1
|
|
$OUT/a-fixed
|
|
# unset OBJC_PRINT_LOAD_METHODS
|
|
# unset OBJC_PRINT_CLASS_SETUP
|
|
fi
|