Last active
May 3, 2023 14:41
-
-
Save tahadraidia/67edc953ec2a724bdce35ba025c2c4bc to your computer and use it in GitHub Desktop.
Snippets part of DWSec blog:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uint32_t get_sip(void) { | |
| const char *sip_path = "/usr/lib/libSystem.dylib"; | |
| const char *sip_function = "csr_get_active_config"; | |
| void *libSystem = dlopen(sip_path, RTLD_LAZY); | |
| if (!libSystem) { | |
| printf("get_sip: Error loading libSystem.dylib\n"); | |
| return -1; | |
| }; | |
| void *csr_get_active_config = dlsym(libSystem, sip_function); | |
| if (!csr_get_active_config) { | |
| printf("get_sip: Error loading csr_get_active_config\n"); | |
| return -1; | |
| }; | |
| int (*csr_get_active_config_ptr)(uint32_t *) = (int (*)(uint32_t *))csr_get_active_config; | |
| uint32_t sip = 0; | |
| int err = csr_get_active_config_ptr(&sip); | |
| if (err) { | |
| printf("get_sip: Error calling csr_get_active_config\n"); | |
| return -1; | |
| }; | |
| dlclose(libSystem); | |
| return sip; | |
| } | |
| bool is_sip_enabled(uint32_t sip){ | |
| return sip ? false : true; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* CSR configuration flags */ | |
| #define CSR_ALLOW_UNTRUSTED_KEXTS (1 << 0) | |
| #define CSR_ALLOW_UNRESTRICTED_FS (1 << 1) | |
| #define CSR_ALLOW_TASK_FOR_PID (1 << 2) | |
| #define CSR_ALLOW_KERNEL_DEBUGGER (1 << 3) | |
| #define CSR_ALLOW_APPLE_INTERNAL (1 << 4) | |
| #define CSR_ALLOW_DESTRUCTIVE_DTRACE (1 << 5) /* name deprecated */ | |
| #define CSR_ALLOW_UNRESTRICTED_DTRACE (1 << 5) | |
| #define CSR_ALLOW_UNRESTRICTED_NVRAM (1 << 6) | |
| #define CSR_ALLOW_DEVICE_CONFIGURATION (1 << 7) | |
| #define CSR_ALLOW_ANY_RECOVERY_OS (1 << 8) | |
| #define CSR_ALLOW_UNAPPROVED_KEXTS (1 << 9) | |
| #define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE (1 << 10) | |
| #define CSR_ALLOW_UNAUTHENTICATED_ROOT (1 << 11) | |
| #define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \ | |
| CSR_ALLOW_UNRESTRICTED_FS | \ | |
| CSR_ALLOW_TASK_FOR_PID | \ | |
| CSR_ALLOW_KERNEL_DEBUGGER | \ | |
| CSR_ALLOW_APPLE_INTERNAL | \ | |
| CSR_ALLOW_UNRESTRICTED_DTRACE | \ | |
| CSR_ALLOW_UNRESTRICTED_NVRAM | \ | |
| CSR_ALLOW_DEVICE_CONFIGURATION | \ | |
| CSR_ALLOW_ANY_RECOVERY_OS | \ | |
| CSR_ALLOW_UNAPPROVED_KEXTS | \ | |
| CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE | \ | |
| CSR_ALLOW_UNAUTHENTICATED_ROOT) | |
| #define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS) | |
| /* Flags set by `csrutil disable`. */ | |
| #define CSR_DISABLE_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \ | |
| CSR_ALLOW_UNRESTRICTED_FS | \ | |
| CSR_ALLOW_TASK_FOR_PID | \ | |
| CSR_ALLOW_KERNEL_DEBUGGER | \ | |
| CSR_ALLOW_APPLE_INTERNAL | \ | |
| CSR_ALLOW_UNRESTRICTED_DTRACE | \ | |
| CSR_ALLOW_UNRESTRICTED_NVRAM) | |
| /* CSR capabilities that a booter can give to the system */ | |
| #define CSR_CAPABILITY_UNLIMITED (1 << 0) | |
| #define CSR_CAPABILITY_CONFIG (1 << 1) | |
| #define CSR_CAPABILITY_APPLE_INTERNAL (1 << 2) | |
| #define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment