mirror of
https://github.com/CloverHackyColor/CloverBootloader.git
synced 2024-12-25 16:37:42 +01:00
simplify SIP patch
Signed-off-by: SergeySlice <sergey.slice@gmail.com>
This commit is contained in:
parent
06f1f9301a
commit
d7d3c960a9
@ -178,7 +178,7 @@ UINTN SearchAndCount(const UINT8 *Source, UINT64 SourceSize, const UINT8 *Search
|
|||||||
BOOLEAN CompareMemMask(const UINT8 *Source, const UINT8 *Search, UINTN SearchSize, const UINT8 *Mask, UINTN MaskSize);
|
BOOLEAN CompareMemMask(const UINT8 *Source, const UINT8 *Search, UINTN SearchSize, const UINT8 *Mask, UINTN MaskSize);
|
||||||
VOID CopyMemMask(UINT8 *Dest, const UINT8 *Replace, const UINT8 *Mask, UINTN SearchSize);
|
VOID CopyMemMask(UINT8 *Dest, const UINT8 *Replace, const UINT8 *Mask, UINTN SearchSize);
|
||||||
UINTN FindMemMask(const UINT8 *Source, UINTN SourceSize, const UINT8 *Search, UINTN SearchSize, const UINT8 *MaskSearch, UINTN MaskSize);
|
UINTN FindMemMask(const UINT8 *Source, UINTN SourceSize, const UINT8 *Search, UINTN SearchSize, const UINT8 *MaskSearch, UINTN MaskSize);
|
||||||
|
UINTN FindRelative32(const UINT8 *Source, UINTN Start, UINTN SourceSize, UINTN taskLocation);
|
||||||
//
|
//
|
||||||
// Searches Source for Search pattern of size SearchSize
|
// Searches Source for Search pattern of size SearchSize
|
||||||
// and replaces it with Replace up to MaxReplaces times.
|
// and replaces it with Replace up to MaxReplaces times.
|
||||||
|
@ -1074,14 +1074,15 @@ VOID EFIAPI LOADER_ENTRY::KernelBooterExtensionsPatch(IN UINT8 *Kernel)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
bool otherSys = false;
|
// bool otherSys = false;
|
||||||
procLocation = searchProc(Kernel, "IOTaskHasEntitlement", &procLen);
|
// UINTN procLocation = searchProc(Kernel, "IOTaskHasEntitlement", &procLen);
|
||||||
//Catalina
|
//Catalina
|
||||||
const UINT8 find2[] = {0x45, 0x31, 0xF6, 0x48, 0x85, 0xC0 };
|
// const UINT8 find2[] = {0x45, 0x31, 0xF6, 0x48, 0x85, 0xC0 };
|
||||||
const UINT8 mask2[] = {0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF };
|
// const UINT8 mask2[] = {0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF };
|
||||||
//older systems
|
//older systems
|
||||||
const UINT8 find3[] = {0x48, 0x85, 00, 0x74, 00, 0x48, 00, 00, 0x48 };
|
const UINT8 find3[] = {0x48, 0x85, 00, 0x74, 00, 0x48, 00, 00, 0x48 };
|
||||||
const UINT8 mask3[] = {0xFF, 0xFF, 00, 0xFF, 00, 0xFF, 00, 00, 0xFF };
|
const UINT8 mask3[] = {0xFF, 0xFF, 00, 0xFF, 00, 0xFF, 00, 00, 0xFF };
|
||||||
|
/*
|
||||||
patchLocation2 = FindMemMask(&Kernel[procLocation], 0x30, find2, sizeof(find2), mask2, sizeof(mask2));
|
patchLocation2 = FindMemMask(&Kernel[procLocation], 0x30, find2, sizeof(find2), mask2, sizeof(mask2));
|
||||||
if (patchLocation2 == KERNEL_MAX_SIZE) {
|
if (patchLocation2 == KERNEL_MAX_SIZE) {
|
||||||
//other systems
|
//other systems
|
||||||
@ -1091,7 +1092,7 @@ VOID EFIAPI LOADER_ENTRY::KernelBooterExtensionsPatch(IN UINT8 *Kernel)
|
|||||||
if (patchLocation2 != KERNEL_MAX_SIZE) {
|
if (patchLocation2 != KERNEL_MAX_SIZE) {
|
||||||
patchLocation2 += procLocation;
|
patchLocation2 += procLocation;
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
procLocation = searchProc(Kernel, "loadExecutable", &procLen);
|
procLocation = searchProc(Kernel, "loadExecutable", &procLen);
|
||||||
@ -1132,6 +1133,7 @@ VOID EFIAPI LOADER_ENTRY::KernelBooterExtensionsPatch(IN UINT8 *Kernel)
|
|||||||
*/
|
*/
|
||||||
#endif
|
#endif
|
||||||
// Stall(9000000);
|
// Stall(9000000);
|
||||||
|
/*
|
||||||
if (!patchLocation2 || patchLocation2 == KERNEL_MAX_SIZE) {
|
if (!patchLocation2 || patchLocation2 == KERNEL_MAX_SIZE) {
|
||||||
DBG_RT("==> can't find SIP (10.11 - recent macOS), kernel patch aborted.\n");
|
DBG_RT("==> can't find SIP (10.11 - recent macOS), kernel patch aborted.\n");
|
||||||
for (UINTN j=procLocation; j<procLocation+0x20; ++j) {
|
for (UINTN j=procLocation; j<procLocation+0x20; ++j) {
|
||||||
@ -1164,14 +1166,18 @@ VOID EFIAPI LOADER_ENTRY::KernelBooterExtensionsPatch(IN UINT8 *Kernel)
|
|||||||
DBG_RT("\n");
|
DBG_RT("\n");
|
||||||
Stall(10000000);
|
Stall(10000000);
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
//But older systems like Capitan has no call to IOTaskHasEntitlement
|
//ffffff80009a2267 488D35970D2400 lea rsi, qword [ds:0xffffff8000be3005] ; "com.apple.private.security.kext-management"
|
||||||
// having same codes in loadExecutable.
|
//ffffff80009a226e E89D780D00 call _IOTaskHasEntitlement
|
||||||
//check them
|
//ffffff80009a2273 85C0 test eax, eax =>change to eb06 -> jmp .+6
|
||||||
if (otherSys) {
|
//ffffff80009a2275 0F843C010000 je 0xffffff80009a23b7
|
||||||
|
//ffffff80009a227b
|
||||||
|
UINTN taskLocation = searchProc(Kernel, "IOTaskHasEntitlement", &procLen);
|
||||||
procLocation = searchProc(Kernel, "loadExecutable", &procLen);
|
procLocation = searchProc(Kernel, "loadExecutable", &procLen);
|
||||||
patchLocation2 = FindMemMask(&Kernel[procLocation], 0x200, find3, sizeof(find3), mask3, sizeof(mask3));
|
patchLocation2 = FindMemMask(&Kernel[procLocation], 0x500, find3, sizeof(find3), mask3, sizeof(mask3));
|
||||||
if (patchLocation2 != KERNEL_MAX_SIZE) {
|
if (patchLocation2 != KERNEL_MAX_SIZE) {
|
||||||
|
DBG_RT("=> patch SIP applied\n");
|
||||||
patchLocation2 += procLocation;
|
patchLocation2 += procLocation;
|
||||||
Kernel[patchLocation2 + 3] = 0xEB;
|
Kernel[patchLocation2 + 3] = 0xEB;
|
||||||
if (Kernel[patchLocation2 + 4] == 0x6C) {
|
if (Kernel[patchLocation2 + 4] == 0x6C) {
|
||||||
@ -1179,9 +1185,15 @@ VOID EFIAPI LOADER_ENTRY::KernelBooterExtensionsPatch(IN UINT8 *Kernel)
|
|||||||
} else {
|
} else {
|
||||||
Kernel[patchLocation2 + 4] = 0x12;
|
Kernel[patchLocation2 + 4] = 0x12;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
patchLocation2 = FindRelative32(Kernel, procLocation, 0x500, taskLocation);
|
||||||
|
if (patchLocation2 != 0) {
|
||||||
|
DBG_RT("=> patch2 SIP applied\n");
|
||||||
|
Kernel[patchLocation2] = 0xEB;
|
||||||
|
Kernel[patchLocation2 + 1] = 0x06;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Stall(10000000);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
//Capitan: 48 85 db 74 70 48 8b 03 48
|
//Capitan: 48 85 db 74 70 48 8b 03 48
|
||||||
|
@ -115,6 +115,22 @@ VOID CopyMemMask(UINT8 *Dest, const UINT8 *Replace, const UINT8 *Mask, UINTN Sea
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// search a pattern like
|
||||||
|
// call task or jmp address
|
||||||
|
//return the address next to the command
|
||||||
|
// 0 if not found
|
||||||
|
UINTN FindRelative32(const UINT8 *Source, UINTN Start, UINTN SourceSize, UINTN taskLocation)
|
||||||
|
{
|
||||||
|
UINTN Offset;
|
||||||
|
for (UINTN i = Start; i < Start + SourceSize - 4; ++i) {
|
||||||
|
Offset = Source[i] + (Source[i+1]<<8) + (Source[i+2]<<16) + (Source[i+3]<<24); //should not use *(UINT32*) because of alignment
|
||||||
|
if (taskLocation == i + Offset + 4) {
|
||||||
|
return (i+4);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
UINTN FindMemMask(const UINT8 *Source, UINTN SourceSize, const UINT8 *Search, UINTN SearchSize, const UINT8 *MaskSearch, UINTN MaskSize)
|
UINTN FindMemMask(const UINT8 *Source, UINTN SourceSize, const UINT8 *Search, UINTN SearchSize, const UINT8 *MaskSearch, UINTN MaskSize)
|
||||||
{
|
{
|
||||||
if (!Source || !Search || !SearchSize) {
|
if (!Source || !Search || !SearchSize) {
|
||||||
|
Loading…
Reference in New Issue
Block a user