Try to not use private entitlements

2018-11-13 22:39:03 -08:00
parent ce7e6e7dd8
commit f462ee68ca
12 changed files with 309 additions and 51 deletions
--- a/agentHook/agentHook.m
+++ b/agentHook/agentHook.m
@@ -0,0 +1,19 @@
+#import <mach/message.h>
+#import <Foundation/Foundation.h>
+
+#include <dlfcn.h>
+
+#define DYLD_INTERPOSE(_replacment,_replacee) \
+__attribute__((used)) static struct{ const void* replacment; const void* replacee; } _interpose_##_replacee \
+__attribute__ ((section ("__DATA,__interpose"))) = { (const void*)(unsigned long)&_replacment, (const void*)(unsigned long)&_replacee };
+
+
+BOOL IMDAuditTokenTaskHasEntitlement(audit_token_t *auditToken, NSString *entitlement);
+
+BOOL replacement__IMDAuditTokenTaskHasEntitlement(audit_token_t *auditToken, NSString *entitlement)
+{
+    // Bypass all entitlement checks
+    return YES;
+}
+
+DYLD_INTERPOSE(replacement__IMDAuditTokenTaskHasEntitlement, IMDAuditTokenTaskHasEntitlement);
--- a/agentHook/hookAgent.sh
+++ b/agentHook/hookAgent.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# This script is necessary to circumvent the entitlements check in imagent.
+# Might want to wrap this script up in a startup script or something so we make sure this
+# happens every time.
+
+if [[ $# -lt 1 ]]; then
+    echo "Usage: hookAgent.sh libagentHook.dylib"
+    exit 0
+fi
+
+LIB_PATH=$(python -c "import os; print(os.path.realpath('$1'))")
+echo "Library path: $LIB_PATH"
+
+echo "Telling imagent to launch with inserted libraries for uid $EUID"
+sudo launchctl debug gui/$EUID/com.apple.imagent --environment DYLD_INSERT_LIBRARIES=$LIB_PATH
+launchctl kill SIGKILL gui/501/com.apple.imagent
+
+