InfiniteMac OSx86
Page 1 of 2 1 2 >
Show 50 post(s) from this thread on one page

InfiniteMac OSx86 (http://infinitemac.com/forum.php)
-   10.X (http://infinitemac.com/forumdisplay.php?f=36)
-   -   FakeSMC V2 (http://infinitemac.com/showthread.php?t=4228)

andyvand 09-26-2009 04:52 PM
FakeSMC V2
 
Netkas has released FakeSMC V2
Get it from:
http://netkas.org/?p=215

andyvand 09-26-2009 05:34 PM
I think it's very cool on how it tricks "Dont steal Mac OS X.kext" to think it actually runs on a genuine Mac because of OSK1 and OSK2

xXrkidXx 09-26-2009 05:39 PM
wow thats amazing! Ill be using that When booting Snow Leo, right when ur kernel comes out!

andyvand 09-27-2009 10:31 AM
I have remade the tools apb_encrypt and apb_decrypt and smc_read
the ones indicated as "legal" query the SMC
Get them from: http://rapidshare.com/files/285582619/SMC_Tools.zip

Lykich 09-27-2009 04:33 PM
Ahdy,how to use the utility?

andyvand 09-28-2009 12:07 PM
Quote:
Originally Posted by Lykich (Post 36058)
Ahdy,how to use the utility?
cd into build/Release
./apb_decrypt <encrypted_bin> <decrypted_bin>
./apb_encrypt <unencrypted_bin> <encrypted_bin>
same for apb_encrypt_legal or apb_decrypt_legal
./smc_read
for testing fakesmc...
Only works for Leopard as I don't yet have the encryption algo's for Snow Leopard...

andyvand 09-28-2009 10:42 PM
Quote:
Originally Posted by andyvand (Post 36144)
cd into build/Release
./apb_decrypt <encrypted_bin> <decrypted_bin>
./apb_encrypt <unencrypted_bin> <encrypted_bin>
same for apb_encrypt_legal or apb_decrypt_legal
./smc_read
for testing fakesmc...
Only works for Leopard as I don't yet have the encryption algo's for Snow Leopard...
Correction: it decrypts 32bit encrypted binaries for Snow Leopard...
I'll check Dont steal Mac OS X to see if I can get it going for 64bit too...
It would be cool to have decrypts for SL

bobtom0 09-30-2009 02:11 AM
I can't get this to work. I tested this on snow leo using lipo to strip out the x32 version of Finder then ran the decrypt util on it but when I launch it it won't launch.

Did anyone else get this to work?

CupOfJava 12-11-2009 04:25 PM
Diff
 
There is a difference in the way Apple decodes the binaries on a Mac OS X 10.6 versus 10.5.

1st The binary pages are decoded on 10.6 with a salt "0x2e69cf40". Here is the relevant source:

Code:
#define        APPLE_UNPROTECTED_HEADER_SIZE        (3 * PAGE_SIZE_64)

static load_return_t
unprotect_segment(
        uint64_t        file_off,
        uint64_t        file_size,
        struct vnode        *vp,
        off_t                macho_offset,
        vm_map_t        map,
        vm_map_offset_t        map_addr,
        vm_map_size_t        map_size)
{
        kern_return_t        kr;

        /*
        * The first APPLE_UNPROTECTED_HEADER_SIZE bytes (from offset 0 of
        * this part of a Universal binary) are not protected...
        * The rest needs to be "transformed".
        */
        if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE &&
            file_off + file_size <= APPLE_UNPROTECTED_HEADER_SIZE) {
                /* it's all unprotected, nothing to do... */
                kr = KERN_SUCCESS;
        } else {
                if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE) {
                        /*
                        * We start mapping in the unprotected area.
                        * Skip the unprotected part...
                        */
                        vm_map_offset_t        delta;

                        delta = APPLE_UNPROTECTED_HEADER_SIZE;
                        delta -= file_off;
                        map_addr += delta;
                        map_size -= delta;
                }
                /* ... transform the rest of the mapping. */
                struct pager_crypt_info crypt_info;
                crypt_info.page_decrypt = dsmos_page_transform;
                crypt_info.crypt_ops = NULL;
                crypt_info.crypt_end = NULL;
#pragma unused(vp, macho_offset)
                crypt_info.crypt_ops = (void *)0x2e69cf40;
                kr = vm_map_apple_protected(map,
                                            map_addr,
                                            map_addr + map_size,
                                            &crypt_info);
        }

        if (kr != KERN_SUCCESS) {
                return LOAD_FAILURE;
        }
        return LOAD_SUCCESS;
}
In Mac OS X 10.5 the same function is very different:
Code:
#define        APPLE_UNPROTECTED_HEADER_SIZE        (3 * PAGE_SIZE_64)

static load_return_t
unprotect_segment_64(
        uint64_t        file_off,
        uint64_t        file_size,
        vm_map_t        map,
        vm_map_offset_t        map_addr,
        vm_map_size_t        map_size)
{
        kern_return_t        kr;

        /*
        * The first APPLE_UNPROTECTED_HEADER_SIZE bytes (from offset 0 of
        * this part of a Universal binary) are not protected...
        * The rest needs to be "transformed".
        */
        if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE &&
            file_off + file_size <= APPLE_UNPROTECTED_HEADER_SIZE) {
                /* it's all unprotected, nothing to do... */
                kr = KERN_SUCCESS;
        } else {
                if (file_off <= APPLE_UNPROTECTED_HEADER_SIZE) {
                        /*
                        * We start mapping in the unprotected area.
                        * Skip the unprotected part...
                        */
                        vm_map_offset_t        delta;

                        delta = APPLE_UNPROTECTED_HEADER_SIZE;
                        delta -= file_off;
                        map_addr += delta;
                        map_size -= delta;
                }
                /* ... transform the rest of the mapping. */
                struct pager_crypt_info crypt_info;
                crypt_info.page_decrypt = dsmos_page_transform;
                crypt_info.crypt_ops = NULL;
                crypt_info.crypt_end = NULL;
                kr = vm_map_apple_protected(map,
                                            map_addr,
                                            map_addr + map_size,
                                            &crypt_info);
        }

        if (kr != KERN_SUCCESS) {
                return LOAD_FAILURE;
        }
        return LOAD_SUCCESS;
}
The key difference lies in the line:
Code:
crypt_info.crypt_ops = (void *)0x2e69cf40;
Cup Of Java

CarterA 02-25-2010 06:42 AM
andyvand, do you have a copy of the two apb programs working on Snow Leopard? I modified the code you posted so that it encrypted 64 bit binaries, but the binaries themselves couldn't be run.

Any ideas?