Skip to content

Instantly share code, notes, and snippets.

Created November 23, 2015 21:34
Show Gist options
  • Save jankais3r/89187fde776aa57d9364 to your computer and use it in GitHub Desktop.
Save jankais3r/89187fde776aa57d9364 to your computer and use it in GitHub Desktop.
Outlook binary patching and signing

Simple shell script to quickly and easily force Outlook 2016 for Mac out of sandbox.

More info here.

See the script in action here.

echo "Patching old binary... "
cd "/Applications/Microsoft"
hexdump -ve '1/1 "%.2X"' "Microsoft Outlook" | \
sed "s/73616E64626F783C2F6B65793E0A093C747275652F3E/73616E64626F783C2F6B65793E0A093C66616C732F3E/g" | \
xxd -r -p > "Microsoft Outlook.patched"
# hexdump -> creates hex dump of the binary executable
# sed -> replaces 'sandbox</key><true/>' with 'sandbox</key><fals/>' in the hex dump
# xxd -> rebuilds the edited hex dump back into executable binary
chmod `stat -f %A "Microsoft Outlook"` "Microsoft Outlook.patched"
# copies permissions from the original binary to the patched binary
mv "Microsoft Outlook" ~/Desktop/Microsoft\ Outlook.bak
# backs up the original executable
mv "Microsoft Outlook.patched" "Microsoft Outlook"
echo "Done!"
echo ""
echo "Proceed with signing the new binary:"
echo "sudo codesign -f -s \"CERIFICATE NAME HERE\" /Applications/Microsoft\"
# After the binary is successfully patched, sign it with the above command
echo ""
echo "Then verify that signing finished properly:"
echo "sudo codesign -v /Applications/Microsoft\"
# Verify the signature. If everything went smoothly, you won't get any output from the above command
# More info: https://ツ.sh/move-profile-folder-location-in-outlook-2016-for-mac/
# @jansoucek 2015
Copy link

ynelin commented Oct 11, 2017

Hi all
I have made all changes through instruction and all works fine except one thing - search function by letters. When you do seeking in outlook there is always one result - "No data"

My files for Outlook are located in the dmg file that connected as device. Maybe problem with that?

Copy link

Hi Jan and everybody,
This stopped working for me with Office 16.21 (I'm running macOS Mojave 10.14.2). It's a shame because it was really really useful.
I ended up uninstalling Office 16.21, installing Office 16.20, ran the script here and everything worked again as before. However I hope the procedure can be updated to work with future versions of Office.

Copy link

Hi @BourneLoser, sorry for late reply. What exactly stopped working? The script that makes Outlook non-sandboxed, or moving the folder and creating symlink?

Copy link

BourneLoser commented Mar 28, 2019

@jankais3r, If I recall correctly, it was signing the app. The resulting binary wouldn't run as if it had become corrupt. I had detailed notes and screenshots but they were accidentally deleted when I was trying to learn how to delete things in AppleScript :/
For the record, I have not tried the unsandbox process on subsequent releases.

Copy link

I found the problem, but I haven't found a solution yet. The moment we sign Outlook binary with our own certificate it stops working. Even if no other change was done to the executable. If there is just a problem with the signing process, we might be able to make it work. But if Microsoft decided to start checking the certificate the app was signed with, then there is nothing we can do.

Copy link

jankais3r commented Apr 19, 2019

If I just modify the binary, I get the following crash:

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x1

If I make my changes and re-sign the app, I get a different one:

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    DYLD, [0x5] Code Signature

Application Specific Information:
dyld: launch, loading dependent libraries

Dyld Error Message:
  Library not loaded: @rpath/OPF.framework/Resources/OPF_Common.dylib
  Referenced from: /Applications/Microsoft Outlook
  Reason: no suitable image found.  Did find:
	/Applications/Microsoft code signature in (/Applications/Microsoft not valid for use in process using Library Validation: mapping process has no Team ID and is not a platform binary
	/Applications/Microsoft stat() failed with errno=1

I also tried to disable Gatekeeper (sudo spctl --master-disable) and sign the app with --deep parameter, neither did help. I am out of ideas.

Copy link

Ok. Thanks for looking into it

Copy link

rengui commented Aug 27, 2019

@BourneLoser , @jankais3r,
I'm using Office 16.25 (macOS Mojave 10.14.5), by remove signature, I still can move profile folder location to other volume . (I'm using only one account, so, not re-sign is not a problem for me.)

  • disable Gatekeeper (sudo spctl --master-disable)
  • sudo codesign --remove-signature /Volumes/tfData/macInstalledSW/Microsoft\

Copy link

Hello any update for Office 16.30 ?

Copy link

I did the test with Outlook 2019. There is a crash like you described on April 2019.

Copy link

Dear Jan, while I managed to follow your instructions (moving the Outlook-folder to an external SSD and creating a SymLink instead of the Alias, that I did at first), when I open Outlook for Mac, it does not show me any of my accounts, meaning, I would have to start from Zero. And when I open the Outlook Profile Manager, it does not show me any of my profiles, neither "Main" nor the one, that I created and used ... and are now sitting on my external SSD. I do appreciate your work and thank you for it, but maybe there is/was something missing in your instructions? Kind regards, Alexander.

Copy link

Addendum, just FYI, if that helps: I just checked, that when I opened Outlook for Mac, there were two new files created in my (original) UBF8......Office-Folder: MicrosoftRegistrationDB.reg and OutlookProfile.plist. Maybe that helps you to let me know, what I might have done wrong or what might be missing in your instructions. Thanks again, Alexander.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment