Thread: 10.3.0 Legacy Kernel for INTEL/AMD by qoopz/nawcom
View Single Post
 
Old 05-12-2011, 05:05 AM
kocoman kocoman is offline
Jaguar
  
Join Date: Jan 2009
Posts: 73
Quote:
Originally Posted by andyvand View Post
That is because the patched binaries still have code signatures inside.
I once released on InsanelyMac a tutorial on how to remove them from the binaries (No more clearing CS_VALID messages...)
I suppose those messages aren't the worst but if I had an AMD system I would patch up....

As for the rebooting problem: why not fix it with a customized FADT.aml ACPI table override?
I am patching launchctl (terminal app), but afterward it complain of code signing

Andy Vandijck did post some post about "removing code signatures", and did an amd_insn_patcher (with source code), but I don't understand whats the code is doing, I could run it through debugger, but if anyone knows this faster than me and would like to answer.

I searched insanelymac for Andy Vandijck's post about this, but can't find it, maybe its deleted for DCMA?

Code:
kern_return_t remove_code_signature_64(uint8_t *data)
{
	struct mach_header_64 *mh_64 = (struct mach_header_64 *)data;
	struct load_command *tmplc = (struct load_command *)(data + sizeof(struct mach_header_64));
	uint32_t curlc = 0;
	uint32_t totlc = mh_64->ncmds;
	uint32_t curoff = sizeof(struct mach_header_64);
	struct linkedit_data_command *cryptsiglc = (struct linkedit_data_command *)0;
	uint8_t *cryptsigdata = (uint8_t *)0;
	uint32_t cryptsigdatasize = 0;
	uint32_t zeroeddata = 0;
	
       /* Get code signature load command + divide */
        while (curlc < totlc)
        {
                if (tmplc->cmd == LC_CODE_SIGNATURE)
                {
                        cryptsiglc = (struct linkedit_data_command *)(data + curoff);
                        break;
                }

                curoff += tmplc->cmdsize;
                tmplc = (struct load_command *)(data + curoff);
                ++curlc;
        }

	/* Safety check */
	if (cryptsiglc == 0)
	{
		printf("No code signature found, skipping patch\n");
		return KERN_FAILURE;
	}
	
	cryptsigdata = (uint8_t *)(data + cryptsiglc->dataoff);
	
	/* Zero code signature... */
	while (zeroeddata < cryptsiglc->datasize)
	{
		*cryptsigdata = 0;
		++zeroeddata;
		++cryptsigdata;
	}
	
	/* Reduce the number of load commands + load command size */
	mh_64->ncmds -= 1;
	mh_64->sizeofcmds -= cryptsiglc->cmdsize;
	
	/* Zero out load command of LC_CODE_SIGNATURE */
	cryptsiglc->cmd = 0;
	cryptsiglc->cmdsize = 0;
	cryptsiglc->dataoff = 0;
	cryptsiglc->datasize = 0;
	
	printf("Code signature removed succesfully (64bit)");
	return KERN_SUCCESS;
}
Reply With Quote