Snake&Apple IX — TCC
MAJOR
- Added
SnakeIXclass - Added
sip_check.candsip_check.pyscripts - Added System Intigrity Protection article
- Added
uuid_manager.py - Added
uuid_checker.sh - Added Apple UUID Finder article
- Added
get_uuid.py - Added
app_UUID_finder_v1.shandapp_UUID_finder_v2.sh - Added
UUIDFinder.py - Big changes for
MachOFileFinder- faster and more error resistance - Added Optimizing Mach-O Detection
- Added Fixing an Infinite Loop article
MINOR
- Bug fix - file_path was missing self ()
❯ CrimsonUroboros -b /Applications/Safari.app --checksec
<==== CHECKSEC ======
PIE: True
ARC: False
STRIPPED: True
CANARY: False
NX STACK: True
NX HEAP: False
Traceback (most recent call last):
File "/Users/karmaz/.local/bin/CrimsonUroboros", line 3664, in <module>
checksec_processor.process(args)
File "/Users/karmaz/.local/bin/CrimsonUroboros", line 1203, in process
print("XN:".ljust(16) + str(snake_instance.hasXN()))
^^^^^^^^^^^^^^^^^^^^^^
File "/Users/karmaz/.local/bin/CrimsonUroboros", line 1325, in hasXN
if self.hasAllowJITentitlement(self.file_path) or self.checkIfCompiledForOtherThanARM():
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/karmaz/.local/bin/CrimsonUroboros", line 1319, in checkIfCompiledForOtherThanARM
print(f"[INFO -> XN]: {os.path.basename(file_path)} is compiled for other CPUs than ARM or ARM64.")
^^^^^^^^^
NameError: name 'file_path' is not defined. Did you mean: 'self.file_path'?- Bug fix - LIEF in version 0.15.0 re-scoped
CPU_TYPESintolief.MachO.Header.CPU_TYPE.
File "/Users/karmaz/.local/bin/CrimsonUroboros", line 510, in extractArm64MachOFromUniversalBinary
if binary.header.cpu_type == lief.MachO.CPU_TYPES.ARM64:
- Bug fix - LIEF Re-scope
HEADER_FLAGSintolief.MachO.Header.FLAGS
File "/Users/karmaz/.local/bin/CrimsonUroboros", line 1255, in hasNXstack
return not bool(self.binary.header.flags & lief.MachO.HEADER_FLAGS.ALLOW_STACK_EXECUTION.value
- Other similar issues patched according to
lief15.0.1changelog changes and some modification intest_CrimsonUroboros.py - Set stable versions of the dependant pip libraries in
requirements.txtso the tool can be stable:
lief=0.15.1
uuid=1.30
argparse=1.4.0
asn1crypto=1.5.1
pyimg4=0.8
treelib=1.7.0
xattr=1.1.0
python-magic=0.4.27- Adding
sip_entitlements.txtlist of SIP-specific entitlements. - Uploaded all
kTCCService*constants inkTCCService_constants.txtfrom macOS 15. - Modify the
MachOFileFinderso it works with lief 15.0.1. Moreover,parse_fat_binaryfunction check for any architecture by default but allow filtering for ARM64 when the--only_arm64option is specified. - Added
uuid_checker.shthat takes a UUID as the first argument and a path to a file list as the second argument. The script will iterate through each file path in the list, usingdwarfdump --uuidto check for the specified UUID. If a match is found, it prints the file path. - Bug fix in
MachOFileFinder.pyto make it work with lief15.0.1 - Updated
Readme.md MachOFileFinder.pyoptimization changes, output is still the same:
❯ MachOFileFinder .
BUNDLE:/Users/karmaz/snake_apple/macho_files/samples/BUNDLE_type
DSYM:/Users/karmaz/snake_apple/macho_files/samples/DSYM_type
PRELOAD:/Users/karmaz/snake_apple/macho_files/samples/PRELOAD_type
FVMLIB:/Users/karmaz/snake_apple/macho_files/samples/FVMLIB_type
DYLINKER:/Users/karmaz/snake_apple/macho_files/samples/DYLINKER_type
DYLIB:/Users/karmaz/snake_apple/macho_files/samples/DYLIB_STUB_type
BUNDLE:/Users/karmaz/snake_apple/macho_files/samples/KEXT_BUNDLE_type
DYLIB:/Users/karmaz/snake_apple/macho_files/samples/DYLIB_type
UNKNOWN:/Users/karmaz/snake_apple/macho_files/samples/UNKNOWN_type
CORE:/Users/karmaz/snake_apple/macho_files/samples/CORE_type
OBJECT:/Users/karmaz/snake_apple/macho_files/samples/OBJECT_type
EXECUTE:/Users/karmaz/snake_apple/macho_files/samples/EXECUTE_type
- Added
create_macho_samples.pytemplate for creating macho headers samples. - Added
python-magic=0.4.27torequirements.txt - Further
MachOFileFinder.pypatches (output is still the same).
Full Changelog: v0.9...v1.0