0x00 Background Reference: Technical Note TN2459: Secure Kernel Extension Loading In macOS High Sierra, Apple introduced Secure Kernel Extension Loading (aka Kext User Consent) feature to require user confirmation before loading a signed kext. Note that this restriction only apply to valid signed kexts. Unsigned kexts would be taken care… Read more
OS X El Capitan introduced lots of changes, most of them are not easy to be found since they are not on the GUI level. Well, SIP can be one of them but this post will not talk about it once again. Here are some changes/hacks I found. 1. Hibernate… Read more
Begin with OS X 10.11 El Capitan, a set of security mechanism, System Integrity Protection(SIP), has been enforced and it can only be configured or turned off in the recovery environment like “Recovery HD”. In the “normal environment”, SIP configuration will not be permitted even with root privilege. If so,… Read more
This is a simple tool play with ASCII to encrypt or decrypt input text. Wrote this for a demo purpose and fun. How to “Encryption”? -> Start with a plaintext character, followed by the ascii value in hex of the next character. The code is kind of self-explain and there… Read more
09/18 Update: Begin with 10.11.1, the Apple Internal flag won’t allowed to be set. This Apple Internal status provided by csrutil tool shall always be “Disabled” even if you set this bit in your csr-active-config. 08/19 Update: An updated csrutil tool has been released with the DP7 of 10.11 El… Read more
The newly released Windows 10 introduced a new feature called Compact OS. This technology is the evolution of WIMBoot in Windows 8.1. In short, the Compact OS allow the system files compressed like wim file and transparent to the upper level in order to reduce the size of the system files… Read more
About SIP/Rootless: SIP/Rooless Internal in El Capitan In order to check the status of all security mechanisms provided by SIP/Rootless, a tiny little kext was built. WARNING: This kext is for testing purpose ONLY. Download: SIPCheck.command.zip Requirements: 1. OS X 10.11 for the SIP status check; bootargs flags check would be… Read more
As many people already found out, the next OS X El Capitan introduced a new mechanism of system security policy called “Rootless”, which officially named “System Integrity Protection” (SIP). According to the security session in WWDC2015, the rootless is a complete infrastructure built for the OS X security and it contains three… Read more
For many years(since 10.6.8 maybe), the IOAHCIBlockStorage.kext driver in the OS X only allow TRIM to be enabled on Apple SSD. Such behavior denied all those 3rd party SSD to enable this essential technology while running OS X. Although it was possible to hex edit the binary IOAHCIBlockStorage file(manually or by some… Read more
I always hate those PC manufacturers who put so called hardware whitelist in the BIOS, I understand they did this for the benefits of the company by blocking “unauthorized” devices. However, as customer, I believed that at least I have the rights to study and control my own machine, just like the jailbreak on the Apple… Read more