sskaje's blog, study & research on technology
I need to run something on macOS, but I don’t have any dedicated Mac devices running as server/workstation.
This is a simple tutorial running macOS VM on Ubuntu with VMware workstation server.
VMware Fusion 8.5.3
macOS Sierra
Ubuntu Server 16.04
VMware workstation server 12.5.2
Continue reading “Virtualize macOS Sierra on Ubuntu (Vmware)” »
1 Download this file: http://swcatalog.apple.com/content/catalogs/others/index-windows-1.sucatalog
2 Search for AppleBcUpdate.exe, check if PostDate field below.
3 Download
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
$ sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport help Usage: airport <interface> <verb> <options> <interface> If an interface is not specified, airport will use the first AirPort interface on the system. <verb is one of the following: prefs If specified with no key value pairs, displays a subset of AirPort preferences for the specified interface. Preferences may be configured using key=value syntax. Keys and possible values are specified below. Boolean settings may be configured using 'YES' and 'NO'. DisconnectOnLogout (Boolean) JoinMode (String) Automatic Preferred Ranked Recent Strongest JoinModeFallback (String) Prompt JoinOpen KeepLooking DoNothing RememberRecentNetworks (Boolean) RequireAdmin (Boolean) RequireAdminIBSS (Boolean) RequireAdminNetworkChange (Boolean) RequireAdminPowerToggle (Boolean) WoWEnabled (Boolean) |
On my macbook pro, default values are:
|
1 2 3 4 5 6 7 8 9 10 |
AirPort preferences for en0: DisconnectOnLogout=NO Unable to retrieve JoinMode JoinModeFallback=DoNothing RememberRecentNetworks=YES RequireAdminIBSS=NO RequireAdminNetworkChange=NO RequireAdminPowerToggle=NO WoWEnabled=NO |
修改 JoinMode 为 Preferred
|
1 |
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport prefs JoinMode=Preferred |
I had my iPhone 4 jailbroken, so I can debug/crack apps on iPhone.
Server: iPhone 4 + debugserver
Client: Mac OS X + lldb
Debugserver can be found on iOS: /Developer/usr/bin/debugserver
Just follow instructions: debugserver on iPhone Wiki
|
1 2 3 |
# lipo -info /Developer/usr/bin/debugserver Architectures in the fat file: /Developer/usr/bin/debugserver are: armv7 armv7s arm64 # lipo -thin armv7 /Developer/usr/bin/debugserver -output ~/debugserver |
Save following content as a plist like dbg.plist
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.springboard.debugapplications</key> <true/> <key>get-task-allow</key> <true/> <key>task_for_pid-allow</key> <true/> <key>run-unsigned-code</key> <true/> </dict> </plist> |
Apply the entitlement
|
1 |
ldid -Sdbg.plist debugserver |
If entitlement above is not applied, debugserver won’t be able to listen to a TCP port.
|
1 2 3 4 5 6 7 |
otool -l /var/mobile/Applications/0732D587-2530-4517-A101-C46602B32628/CheMiYouHao.app/CheMiYouHao |grep LC_ENCRYPTION_INFO -A 5 cmd LC_ENCRYPTION_INFO cmdsize 20 cryptoff 16384 cryptsize 5652480 cryptid 1 Load command 13 |
Try otool -hv to your App, if you see PIE flags, you have to disable ASLR.
|
1 2 3 4 5 |
mede-iPhone:~ root# otool -hv /var/mobile/Applications/0732D587-2530-4517-A101-C46602B32628/CheMiYouHao.app/CheMiYouHao /var/mobile/Applications/0732D587-2530-4517-A101-C46602B32628/CheMiYouHao.app/CheMiYouHao: Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC ARM V7 0x00 EXECUTE 48 5084 NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE |
Make sure you have python installed on your iPhone.
Find your target app.
Copy a decrypted and de-aslr-ed app binary to your OS X and:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
$ lldb /path/to/app/binary (lldb) target create "/path/to/app/binary" Current executable set to '/path/to/app/binary' (arm64). (lldb) platform select remote-ios Platform: remote-ios Connected: no SDK Path: "/Users/sskaje/Library/Developer/Xcode/iOS DeviceSupport/9.2 (13C75)" SDK Roots: [ 0] "/Users/sskaje/Library/Developer/Xcode/iOS DeviceSupport/7.1.2 (11D257)" SDK Roots: [ 1] "/Users/sskaje/Library/Developer/Xcode/iOS DeviceSupport/8.3 (12F70)" SDK Roots: [ 2] "/Users/sskaje/Library/Developer/Xcode/iOS DeviceSupport/8.4.1 (12H321)" SDK Roots: [ 3] "/Users/sskaje/Library/Developer/Xcode/iOS DeviceSupport/9.2 (13C75)" (lldb) process connect connect://172.18.1.66:9988 |
1 Get tar ball from www.mosquitto.org
2 tar xvf
3 Add following lines to CMakeLists.txt.
|
1 2 |
include_directories(/opt/local/include) link_directories(/opt/local/lib) |
after
|
1 |
set (VERSION 1.4.5) |
4 cmake .
5 make