Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Outlook binary patching and signing

Simple shell script to quickly and easily force Outlook 2016 for Mac out of sandbox.

More info here.

See the script in action here.

#!/bin/bash
echo "Patching old binary... "
cd "/Applications/Microsoft Outlook.app/Contents/MacOS/"
hexdump -ve '1/1 "%.2X"' "Microsoft Outlook" | \
sed "s/73616E64626F783C2F6B65793E0A093C747275652F3E/73616E64626F783C2F6B65793E0A093C66616C732F3E/g" | \
xxd -r -p > "Microsoft Outlook.patched"
# hexdump -> creates hex dump of the binary executable
# sed -> replaces 'sandbox</key><true/>' with 'sandbox</key><fals/>' in the hex dump
# xxd -> rebuilds the edited hex dump back into executable binary
chmod `stat -f %A "Microsoft Outlook"` "Microsoft Outlook.patched"
# copies permissions from the original binary to the patched binary
mv "Microsoft Outlook" ~/Desktop/Microsoft\ Outlook.bak
# backs up the original executable
mv "Microsoft Outlook.patched" "Microsoft Outlook"
echo "Done!"
echo ""
echo "Proceed with signing the new binary:"
echo "sudo codesign -f -s \"CERIFICATE NAME HERE\" /Applications/Microsoft\ Outlook.app/"
# After the binary is successfully patched, sign it with the above command
echo ""
echo "Then verify that signing finished properly:"
echo "sudo codesign -v /Applications/Microsoft\ Outlook.app/"
# Verify the signature. If everything went smoothly, you won't get any output from the above command
# More info: https://ツ.sh/move-profile-folder-location-in-outlook-2016-for-mac/
# @jansoucek 2015
@hatausa

This comment has been minimized.

Copy link

@hatausa hatausa commented Mar 2, 2016

Hi,

I have followed everything through by your HexFriend change status to "fals" way. After I have successfully created Alias, whenever I try to open the outlook, it shows the following error::

An error occurred while launching

The “Outlook Temp” folder could not be found. It is likely that you have a file with the same name or an alias that doesn’t point to a folder

Can you teach me what and how I can fix this?

Thanks

@george-vlahakis

This comment has been minimized.

Copy link

@george-vlahakis george-vlahakis commented Oct 5, 2016

I had the same issue hatausa. You need to create a symbolic link, not an alias.

@ynelin

This comment has been minimized.

Copy link

@ynelin ynelin commented Oct 11, 2017

Hi all
I have made all changes through instruction and all works fine except one thing - search function by letters. When you do seeking in outlook there is always one result - "No data"

My files for Outlook are located in the dmg file that connected as device. Maybe problem with that?

@BourneLoser

This comment has been minimized.

Copy link

@BourneLoser BourneLoser commented Jan 22, 2019

Hi Jan and everybody,
This stopped working for me with Office 16.21 (I'm running macOS Mojave 10.14.2). It's a shame because it was really really useful.
I ended up uninstalling Office 16.21, installing Office 16.20, ran the patch.sh script here and everything worked again as before. However I hope the procedure can be updated to work with future versions of Office.

@jankais3r

This comment has been minimized.

Copy link
Owner Author

@jankais3r jankais3r commented Mar 26, 2019

Hi @BourneLoser, sorry for late reply. What exactly stopped working? The script that makes Outlook non-sandboxed, or moving the folder and creating symlink?

@BourneLoser

This comment has been minimized.

Copy link

@BourneLoser BourneLoser commented Mar 28, 2019

@jankais3r, If I recall correctly, it was signing the app. The resulting binary wouldn't run as if it had become corrupt. I had detailed notes and screenshots but they were accidentally deleted when I was trying to learn how to delete things in AppleScript :/
For the record, I have not tried the unsandbox process on subsequent releases.

@jankais3r

This comment has been minimized.

Copy link
Owner Author

@jankais3r jankais3r commented Apr 19, 2019

I found the problem, but I haven't found a solution yet. The moment we sign Outlook binary with our own certificate it stops working. Even if no other change was done to the executable. If there is just a problem with the signing process, we might be able to make it work. But if Microsoft decided to start checking the certificate the app was signed with, then there is nothing we can do.

@jankais3r

This comment has been minimized.

Copy link
Owner Author

@jankais3r jankais3r commented Apr 19, 2019

If I just modify the binary, I get the following crash:

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x1

If I make my changes and re-sign the app, I get a different one:

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    DYLD, [0x5] Code Signature

Application Specific Information:
dyld: launch, loading dependent libraries

Dyld Error Message:
  Library not loaded: @rpath/OPF.framework/Resources/OPF_Common.dylib
  Referenced from: /Applications/Microsoft Outlook.app/Contents/MacOS/Microsoft Outlook
  Reason: no suitable image found.  Did find:
	/Applications/Microsoft Outlook.app/Contents/MacOS/../Frameworks/OPF.framework/Resources/OPF_Common.dylib: code signature in (/Applications/Microsoft Outlook.app/Contents/MacOS/../Frameworks/OPF.framework/Resources/OPF_Common.dylib) not valid for use in process using Library Validation: mapping process has no Team ID and is not a platform binary
	/Applications/Microsoft Outlook.app/Contents/MacOS/../Frameworks/OPF.framework/Resources/OPF_Common.dylib: stat() failed with errno=1

I also tried to disable Gatekeeper (sudo spctl --master-disable) and sign the app with --deep parameter, neither did help. I am out of ideas.

@BourneLoser

This comment has been minimized.

Copy link

@BourneLoser BourneLoser commented May 6, 2019

Ok. Thanks for looking into it

@rengui

This comment has been minimized.

Copy link

@rengui rengui commented Aug 27, 2019

@BourneLoser , @jankais3r,
I'm using Office 16.25 (macOS Mojave 10.14.5), by remove signature, I still can move profile folder location to other volume . (I'm using only one account, so, not re-sign is not a problem for me.)

  • disable Gatekeeper (sudo spctl --master-disable)
  • sudo codesign --remove-signature /Volumes/tfData/macInstalledSW/Microsoft\ Outlook.app/
@Lux-WorldPC

This comment has been minimized.

Copy link

@Lux-WorldPC Lux-WorldPC commented Mar 22, 2020

Hello any update for Office 16.30 ?

@JanRobert60

This comment has been minimized.

Copy link

@JanRobert60 JanRobert60 commented Jun 6, 2020

Hi,
I did the test with Outlook 2019. There is a crash like you described on April 2019.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.