 |
|
|
|
#1
09-26-2009, 04:52 PM
|
||||
|
||||
|
FakeSMC V2
|
|
#3
09-26-2009, 05:39 PM
|
|||
|
|||
|
wow thats amazing! Ill be using that When booting Snow Leo, right when ur kernel comes out!
Computer: Gateway 838GM | 9.5.0 Vodoo Kernel |2.0 RC4 Chameleon Bootloader | Processor:Intel Pentium 4 630 / 3 GHz | RAM: 512MB | OS: Windows 7 32BIT, OSx86 iPC 10.5.6 | Mainboard Chipset: Intel 915G Express | Graphics Card:Integrated Intel GMA 900 | Video Memory: Dynamic Video Memory Technology 3.0 | Audio:ALC 860 |Card Reader:8 in 1 Integrated| Hard Drives:1x 200GB SATA(Win 7), 1x 320GB SATA(OS X) Both Internal
|
|
#4
09-27-2009, 10:31 AM
|
||||
|
||||
|
I have remade the tools apb_encrypt and apb_decrypt and smc_read
the ones indicated as "legal" query the SMC Get them from: http://rapidshare.com/files/285582619/SMC_Tools.zip
|
|
#6
09-28-2009, 12:07 PM
|
||||
|
||||
|
Quote:
./apb_decrypt <encrypted_bin> <decrypted_bin> ./apb_encrypt <unencrypted_bin> <encrypted_bin> same for apb_encrypt_legal or apb_decrypt_legal ./smc_read for testing fakesmc... Only works for Leopard as I don't yet have the encryption algo's for Snow Leopard...
|
|
#7
09-28-2009, 10:42 PM
|
||||
|
||||
|
Quote:
I'll check Dont steal Mac OS X to see if I can get it going for 64bit too... It would be cool to have decrypts for SL
|
|
#9
12-11-2009, 04:25 PM
|
|||
|
|||
|
Diff
There is a difference in the way Apple decodes the binaries on a Mac OS X 10.6 versus 10.5.
1st The binary pages are decoded on 10.6 with a salt "0x2e69cf40". Here is the relevant source: Code:
#define APPLE_UNPROTECTED_HEADER_SIZE (3 * PAGE_SIZE_64)
static load_return_t
unprotect_segment(
uint64_t file_off,
uint64_t file_size,
struct vnode *vp,
off_t macho_offset,
vm_map_t map,
vm_map_offset_t map_addr,
vm_map_size_t map_size)
{
kern_return_t kr;
/*
* The first APPLE_UNPROTECTED_HEADER_SIZE bytes (from offset 0 of
* this part of a Universal binary) are not protected...
* The rest needs to be "transformed".
*/
if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE &&
file_off + file_size <= APPLE_UNPROTECTED_HEADER_SIZE) {
/* it's all unprotected, nothing to do... */
kr = KERN_SUCCESS;
} else {
if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE) {
/*
* We start mapping in the unprotected area.
* Skip the unprotected part...
*/
vm_map_offset_t delta;
delta = APPLE_UNPROTECTED_HEADER_SIZE;
delta -= file_off;
map_addr += delta;
map_size -= delta;
}
/* ... transform the rest of the mapping. */
struct pager_crypt_info crypt_info;
crypt_info.page_decrypt = dsmos_page_transform;
crypt_info.crypt_ops = NULL;
crypt_info.crypt_end = NULL;
#pragma unused(vp, macho_offset)
crypt_info.crypt_ops = (void *)0x2e69cf40;
kr = vm_map_apple_protected(map,
map_addr,
map_addr + map_size,
&crypt_info);
}
if (kr != KERN_SUCCESS) {
return LOAD_FAILURE;
}
return LOAD_SUCCESS;
}
Code:
#define APPLE_UNPROTECTED_HEADER_SIZE (3 * PAGE_SIZE_64)
static load_return_t
unprotect_segment_64(
uint64_t file_off,
uint64_t file_size,
vm_map_t map,
vm_map_offset_t map_addr,
vm_map_size_t map_size)
{
kern_return_t kr;
/*
* The first APPLE_UNPROTECTED_HEADER_SIZE bytes (from offset 0 of
* this part of a Universal binary) are not protected...
* The rest needs to be "transformed".
*/
if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE &&
file_off + file_size <= APPLE_UNPROTECTED_HEADER_SIZE) {
/* it's all unprotected, nothing to do... */
kr = KERN_SUCCESS;
} else {
if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE) {
/*
* We start mapping in the unprotected area.
* Skip the unprotected part...
*/
vm_map_offset_t delta;
delta = APPLE_UNPROTECTED_HEADER_SIZE;
delta -= file_off;
map_addr += delta;
map_size -= delta;
}
/* ... transform the rest of the mapping. */
struct pager_crypt_info crypt_info;
crypt_info.page_decrypt = dsmos_page_transform;
crypt_info.crypt_ops = NULL;
crypt_info.crypt_end = NULL;
kr = vm_map_apple_protected(map,
map_addr,
map_addr + map_size,
&crypt_info);
}
if (kr != KERN_SUCCESS) {
return LOAD_FAILURE;
}
return LOAD_SUCCESS;
}
Code:
crypt_info.crypt_ops = (void *)0x2e69cf40;
|
 |
Hybrid Mode
|
|