rainyx/bypass64.sh

## bypass64.sh
#/bin/bash
echo Please type an input file path. \(e.g. "/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib"\)
read input_file
#input_file='/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib'
sym_addr=$(nm -a -P -t d $input_file | grep -m 1 '__ZN12tls_stream_t18verify_certificateEv' | awk '{print $3}')
if [ ! $sym_addr ]
then
  echo Symbol \"tls_stream_t::verify_certificate\" can not found in the input file.
  exit
fi
bytes=$(xxd -p -l 3 -s $sym_addr $input_file)
if [ $bytes == 'c20000' ] # c20000 means retn 0 for x64.
then
  echo The input file has already been patched!
  exit
fi

echo Symbol \"tls_stream_t::verify_certificate\" address is $(printf "0x%016x" $sym_addr), start patching.
backup_file=$input_file"_bak"

cp $input_file $backup_file

printf '\xc2\x00\x00' | dd of=$input_file bs=1 count=3 seek=$sym_addr conv=notrunc

echo Done, backup file created at \"$backup_file\".
	#/bin/bash
	echo Please type an input file path. \(e.g. "/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib"\)
	read input_file
	#input_file='/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib'
	sym_addr=$(nm -a -P -t d $input_file \| grep -m 1 '__ZN12tls_stream_t18verify_certificateEv' \| awk '{print $3}')
	if [ ! $sym_addr ]
	then
	echo Symbol \"tls_stream_t::verify_certificate\" can not found in the input file.
	exit
	fi
	bytes=$(xxd -p -l 3 -s $sym_addr $input_file)
	if [ $bytes == 'c20000' ] # c20000 means retn 0 for x64.
	then
	echo The input file has already been patched!
	exit
	fi

	echo Symbol \"tls_stream_t::verify_certificate\" address is $(printf "0x%016x" $sym_addr), start patching.
	backup_file=$input_file"_bak"

	cp $input_file $backup_file

	printf '\xc2\x00\x00' \| dd of=$input_file bs=1 count=3 seek=$sym_addr conv=notrunc

	echo Done, backup file created at \"$backup_file\".