From 9a2b6262cfeda34efa5e1a0a750182c1cf52b627 Mon Sep 17 00:00:00 2001 From: Derek Date: Mon, 30 Sep 2024 09:35:49 -0600 Subject: [PATCH] c'mon, Apple --- symbol interposing.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/symbol interposing.md b/symbol interposing.md index 5fe8d42..e3446f6 100644 --- a/symbol interposing.md +++ b/symbol interposing.md @@ -1,3 +1,5 @@ +> **NOTE:** At some point Apple being the party poopers that they are, slapped entitlement restrictions on the `thread_set_state(...)` API making it no longer usable in normal macOS machines (short of adding Apple entitlements and telling AMFI to get our of the way). This blocks my writeup's technique to create a breakpoint, but you can still get around this via the `[mach_]vm_protect()` APIs and making a breakpoint. This technique would require the process to be debugged, or not codesigned, or having something along the lines of `com.apple.security.cs.disable-executable-page-protection` (macOS) to create a breakpoint and modify executable code (like what lldb does). Maybe I'll update this one day... + # Chapter 16: Symbol Interposing & Hooking Shenanigans Let's play a game: A series of code snippets and how they are compiled will be presented. In each code snippet, a challenge is given to execute a certain function that should be inaccessible unless you know the password. In order to execute this privileged function, you're not allowed to alter the source code nor how it's compiled in any way. Fortunately, you can assume that you have code execution in a dynamic library running in the same address space and loaded in via the `DYLD_INSERT_LIBRARIES` environment variable.