├── .github └── workflows │ └── main.yml ├── .gitignore ├── Changelog.md ├── CryptexFixup.xcodeproj └── project.pbxproj ├── CryptexFixup ├── Info.plist └── kern_start.cpp ├── LICENSE.txt └── README.md /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | pull_request: 6 | workflow_dispatch: 7 | release: 8 | types: [published] 9 | 10 | env: 11 | PROJECT_TYPE: KEXT 12 | 13 | jobs: 14 | build: 15 | name: Build 16 | runs-on: macos-latest 17 | env: 18 | JOB_TYPE: BUILD 19 | steps: 20 | - uses: actions/checkout@v4 21 | - uses: actions/checkout@v4 22 | with: 23 | repository: acidanthera/MacKernelSDK 24 | path: MacKernelSDK 25 | - name: CI Bootstrap 26 | run: | 27 | src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/ci-bootstrap.sh) && eval "$src" || exit 1 28 | - name: Lilu Bootstrap 29 | run: | 30 | src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/Lilu/master/Lilu/Scripts/bootstrap.sh) && eval "$src" || exit 1 31 | 32 | - run: xcodebuild -jobs 1 -configuration Debug 33 | - run: xcodebuild -jobs 1 -configuration Release 34 | 35 | - name: Upload to Artifacts 36 | uses: actions/upload-artifact@v4 37 | with: 38 | name: Artifacts 39 | path: build/*/*.zip 40 | - name: Upload to Release 41 | if: github.event_name == 'release' 42 | uses: svenstaro/upload-release-action@v2 43 | with: 44 | repo_token: ${{ secrets.GITHUB_TOKEN }} 45 | file: build/*/*.zip 46 | tag: ${{ github.ref }} 47 | file_glob: true 48 | 49 | analyze-clang: 50 | name: Analyze Clang 51 | runs-on: macos-latest 52 | env: 53 | JOB_TYPE: ANALYZE 54 | steps: 55 | - uses: actions/checkout@v4 56 | - uses: actions/checkout@v4 57 | with: 58 | repository: acidanthera/MacKernelSDK 59 | path: MacKernelSDK 60 | - name: CI Bootstrap 61 | run: | 62 | src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/ci-bootstrap.sh) && eval "$src" || exit 1 63 | - name: Lilu Bootstrap 64 | run: | 65 | src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/Lilu/master/Lilu/Scripts/bootstrap.sh) && eval "$src" || exit 1 66 | 67 | - run: xcodebuild analyze -quiet -scheme CryptexFixup -configuration Debug CLANG_ANALYZER_OUTPUT=plist-html CLANG_ANALYZER_OUTPUT_DIR="$(pwd)/clang-analyze" && [ "$(find clang-analyze -name "*.html")" = "" ] 68 | - run: xcodebuild analyze -quiet -scheme CryptexFixup -configuration Release CLANG_ANALYZER_OUTPUT=plist-html CLANG_ANALYZER_OUTPUT_DIR="$(pwd)/clang-analyze" && [ "$(find clang-analyze -name "*.html")" = "" ] 69 | 70 | analyze-coverity: 71 | name: Analyze Coverity 72 | runs-on: macos-latest 73 | env: 74 | JOB_TYPE: COVERITY 75 | if: github.repository_owner == 'acidanthera' && github.event_name != 'pull_request' 76 | steps: 77 | - uses: actions/checkout@v4 78 | - uses: actions/checkout@v4 79 | with: 80 | repository: acidanthera/MacKernelSDK 81 | path: MacKernelSDK 82 | - name: CI Bootstrap 83 | run: | 84 | src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/ci-bootstrap.sh) && eval "$src" || exit 1 85 | - name: Lilu Bootstrap 86 | run: | 87 | src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/Lilu/master/Lilu/Scripts/bootstrap.sh) && eval "$src" || exit 1 88 | 89 | - name: Run Coverity 90 | run: | 91 | src=$(/usr/bin/curl -Lfs https://raw.githubusercontent.com/acidanthera/ocbuild/master/coverity/covstrap.sh) && eval "$src" || exit 1 92 | env: 93 | COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} 94 | COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} 95 | COVERITY_BUILD_COMMAND: xcodebuild -configuration Release 96 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | DerivedData 3 | Lilu.kext 4 | xcuserdata 5 | project.xcworkspace 6 | build 7 | xcshareddata 8 | /MacKernelSDK 9 | -------------------------------------------------------------------------------- /Changelog.md: -------------------------------------------------------------------------------- 1 | CryptexFixup Changelog 2 | ====================== 3 | #### v1.0.5 4 | - Added constants for macOS 26 support 5 | 6 | #### v1.0.4 7 | - Fixed loading on macOS 10.10 and older due to a MacKernelSDK regression 8 | 9 | #### v1.0.3 10 | - Added constants for macOS 15 support 11 | 12 | #### v1.0.2 13 | - Added constants for macOS 14 support 14 | 15 | #### v1.0.1 16 | - Allow in-OS Install macOS.app usage on Big Sur and newer 17 | 18 | #### v1.0.0 19 | - Initial release 20 | -------------------------------------------------------------------------------- /CryptexFixup.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 50; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | CEDE8D7B22984F8F00C73034 /* libkmod.a in Frameworks */ = {isa = PBXBuildFile; fileRef = CEDE8D6E22984F7700C73034 /* libkmod.a */; }; 11 | CEDE8D7C22984FE600C73034 /* plugin_start.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CEDE8D7822984F7700C73034 /* plugin_start.cpp */; }; 12 | CEDE8D7E2298501600C73034 /* kern_start.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CEDE8D7D2298501600C73034 /* kern_start.cpp */; }; 13 | /* End PBXBuildFile section */ 14 | 15 | /* Begin PBXFileReference section */ 16 | CEB32296265A3F4B001F646A /* Changelog.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = Changelog.md; sourceTree = ""; }; 17 | CEB32297265A3F4B001F646A /* README.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = README.md; sourceTree = ""; }; 18 | CEDE8CE522984C0800C73034 /* CryptexFixup.kext */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = CryptexFixup.kext; sourceTree = BUILT_PRODUCTS_DIR; }; 19 | CEDE8CEC22984C0800C73034 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 20 | CEDE8D4D22984F7600C73034 /* kern_config.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_config.hpp; sourceTree = ""; }; 21 | CEDE8D4E22984F7600C73034 /* kern_atomic.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_atomic.hpp; sourceTree = ""; }; 22 | CEDE8D4F22984F7600C73034 /* kern_time.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_time.hpp; sourceTree = ""; }; 23 | CEDE8D5022984F7600C73034 /* kern_nvram.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_nvram.hpp; sourceTree = ""; }; 24 | CEDE8D5122984F7600C73034 /* kern_cpu.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_cpu.hpp; sourceTree = ""; }; 25 | CEDE8D5222984F7600C73034 /* kern_devinfo.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_devinfo.hpp; sourceTree = ""; }; 26 | CEDE8D5322984F7600C73034 /* kern_efi.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_efi.hpp; sourceTree = ""; }; 27 | CEDE8D5422984F7600C73034 /* kern_policy.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_policy.hpp; sourceTree = ""; }; 28 | CEDE8D5522984F7600C73034 /* kern_user.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_user.hpp; sourceTree = ""; }; 29 | CEDE8D5622984F7600C73034 /* plugin_start.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = plugin_start.hpp; sourceTree = ""; }; 30 | CEDE8D5722984F7600C73034 /* kern_iokit.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_iokit.hpp; sourceTree = ""; }; 31 | CEDE8D5822984F7600C73034 /* kern_crypto.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_crypto.hpp; sourceTree = ""; }; 32 | CEDE8D5922984F7600C73034 /* kern_mach.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_mach.hpp; sourceTree = ""; }; 33 | CEDE8D5A22984F7600C73034 /* kern_compression.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_compression.hpp; sourceTree = ""; }; 34 | CEDE8D5B22984F7600C73034 /* kern_file.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_file.hpp; sourceTree = ""; }; 35 | CEDE8D5C22984F7600C73034 /* kern_rtc.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_rtc.hpp; sourceTree = ""; }; 36 | CEDE8D5D22984F7700C73034 /* kern_disasm.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_disasm.hpp; sourceTree = ""; }; 37 | CEDE8D5F22984F7700C73034 /* capstone.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = capstone.h; sourceTree = ""; }; 38 | CEDE8D6022984F7700C73034 /* mips.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mips.h; sourceTree = ""; }; 39 | CEDE8D6122984F7700C73034 /* sparc.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sparc.h; sourceTree = ""; }; 40 | CEDE8D6222984F7700C73034 /* systemz.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = systemz.h; sourceTree = ""; }; 41 | CEDE8D6322984F7700C73034 /* arm.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = arm.h; sourceTree = ""; }; 42 | CEDE8D6422984F7700C73034 /* x86.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = x86.h; sourceTree = ""; }; 43 | CEDE8D6522984F7700C73034 /* ppc.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ppc.h; sourceTree = ""; }; 44 | CEDE8D6622984F7700C73034 /* arm64.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = arm64.h; sourceTree = ""; }; 45 | CEDE8D6722984F7700C73034 /* xcore.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = xcore.h; sourceTree = ""; }; 46 | CEDE8D6822984F7700C73034 /* platform.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = platform.h; sourceTree = ""; }; 47 | CEDE8D6922984F7700C73034 /* kern_patcher.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_patcher.hpp; sourceTree = ""; }; 48 | CEDE8D6A22984F7700C73034 /* kern_compat.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_compat.hpp; sourceTree = ""; }; 49 | CEDE8D6B22984F7700C73034 /* kern_api.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_api.hpp; sourceTree = ""; }; 50 | CEDE8D6C22984F7700C73034 /* kern_util.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_util.hpp; sourceTree = ""; }; 51 | CEDE8D6E22984F7700C73034 /* libkmod.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libkmod.a; sourceTree = ""; }; 52 | CEDE8D7022984F7700C73034 /* entry64.S */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.asm; path = entry64.S; sourceTree = ""; }; 53 | CEDE8D7122984F7700C73034 /* build.tool */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = build.tool; sourceTree = ""; }; 54 | CEDE8D7222984F7700C73034 /* entry32.S */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.asm; path = entry32.S; sourceTree = ""; }; 55 | CEDE8D7322984F7700C73034 /* wrappers.inc */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.pascal; path = wrappers.inc; sourceTree = ""; }; 56 | CEDE8D7522984F7700C73034 /* mac_framework.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mac_framework.h; sourceTree = ""; }; 57 | CEDE8D7622984F7700C73034 /* mac_policy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = mac_policy.h; sourceTree = ""; }; 58 | CEDE8D7722984F7700C73034 /* _label.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = _label.h; sourceTree = ""; }; 59 | CEDE8D7822984F7700C73034 /* plugin_start.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = plugin_start.cpp; sourceTree = ""; }; 60 | CEDE8D7922984F7700C73034 /* LegacyIOService.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = LegacyIOService.h; sourceTree = ""; }; 61 | CEDE8D7D2298501600C73034 /* kern_start.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = kern_start.cpp; sourceTree = ""; }; 62 | /* End PBXFileReference section */ 63 | 64 | /* Begin PBXFrameworksBuildPhase section */ 65 | CEDE8CE222984C0800C73034 /* Frameworks */ = { 66 | isa = PBXFrameworksBuildPhase; 67 | buildActionMask = 2147483647; 68 | files = ( 69 | CEDE8D7B22984F8F00C73034 /* libkmod.a in Frameworks */, 70 | ); 71 | runOnlyForDeploymentPostprocessing = 0; 72 | }; 73 | /* End PBXFrameworksBuildPhase section */ 74 | 75 | /* Begin PBXGroup section */ 76 | CEDE8CDB22984C0800C73034 = { 77 | isa = PBXGroup; 78 | children = ( 79 | CEB32296265A3F4B001F646A /* Changelog.md */, 80 | CEB32297265A3F4B001F646A /* README.md */, 81 | CEDE8D4B22984F5B00C73034 /* SDK */, 82 | CEDE8CE722984C0800C73034 /* CryptexFixup */, 83 | CEDE8CE622984C0800C73034 /* Products */, 84 | ); 85 | sourceTree = ""; 86 | }; 87 | CEDE8CE622984C0800C73034 /* Products */ = { 88 | isa = PBXGroup; 89 | children = ( 90 | CEDE8CE522984C0800C73034 /* CryptexFixup.kext */, 91 | ); 92 | name = Products; 93 | sourceTree = ""; 94 | }; 95 | CEDE8CE722984C0800C73034 /* CryptexFixup */ = { 96 | isa = PBXGroup; 97 | children = ( 98 | CEDE8CEC22984C0800C73034 /* Info.plist */, 99 | CEDE8D7D2298501600C73034 /* kern_start.cpp */, 100 | ); 101 | path = CryptexFixup; 102 | sourceTree = ""; 103 | }; 104 | CEDE8D4B22984F5B00C73034 /* SDK */ = { 105 | isa = PBXGroup; 106 | children = ( 107 | CEDE8D4C22984F7600C73034 /* Headers */, 108 | CEDE8D6D22984F7700C73034 /* Library */, 109 | ); 110 | name = SDK; 111 | sourceTree = ""; 112 | }; 113 | CEDE8D4C22984F7600C73034 /* Headers */ = { 114 | isa = PBXGroup; 115 | children = ( 116 | CEDE8D4D22984F7600C73034 /* kern_config.hpp */, 117 | CEDE8D4E22984F7600C73034 /* kern_atomic.hpp */, 118 | CEDE8D4F22984F7600C73034 /* kern_time.hpp */, 119 | CEDE8D5022984F7600C73034 /* kern_nvram.hpp */, 120 | CEDE8D5122984F7600C73034 /* kern_cpu.hpp */, 121 | CEDE8D5222984F7600C73034 /* kern_devinfo.hpp */, 122 | CEDE8D5322984F7600C73034 /* kern_efi.hpp */, 123 | CEDE8D5422984F7600C73034 /* kern_policy.hpp */, 124 | CEDE8D5522984F7600C73034 /* kern_user.hpp */, 125 | CEDE8D5622984F7600C73034 /* plugin_start.hpp */, 126 | CEDE8D5722984F7600C73034 /* kern_iokit.hpp */, 127 | CEDE8D5822984F7600C73034 /* kern_crypto.hpp */, 128 | CEDE8D5922984F7600C73034 /* kern_mach.hpp */, 129 | CEDE8D5A22984F7600C73034 /* kern_compression.hpp */, 130 | CEDE8D5B22984F7600C73034 /* kern_file.hpp */, 131 | CEDE8D5C22984F7600C73034 /* kern_rtc.hpp */, 132 | CEDE8D5D22984F7700C73034 /* kern_disasm.hpp */, 133 | CEDE8D5E22984F7700C73034 /* capstone */, 134 | CEDE8D6922984F7700C73034 /* kern_patcher.hpp */, 135 | CEDE8D6A22984F7700C73034 /* kern_compat.hpp */, 136 | CEDE8D6B22984F7700C73034 /* kern_api.hpp */, 137 | CEDE8D6C22984F7700C73034 /* kern_util.hpp */, 138 | ); 139 | name = Headers; 140 | path = Lilu.kext/Contents/Resources/Headers; 141 | sourceTree = ""; 142 | }; 143 | CEDE8D5E22984F7700C73034 /* capstone */ = { 144 | isa = PBXGroup; 145 | children = ( 146 | CEDE8D5F22984F7700C73034 /* capstone.h */, 147 | CEDE8D6022984F7700C73034 /* mips.h */, 148 | CEDE8D6122984F7700C73034 /* sparc.h */, 149 | CEDE8D6222984F7700C73034 /* systemz.h */, 150 | CEDE8D6322984F7700C73034 /* arm.h */, 151 | CEDE8D6422984F7700C73034 /* x86.h */, 152 | CEDE8D6522984F7700C73034 /* ppc.h */, 153 | CEDE8D6622984F7700C73034 /* arm64.h */, 154 | CEDE8D6722984F7700C73034 /* xcore.h */, 155 | CEDE8D6822984F7700C73034 /* platform.h */, 156 | ); 157 | path = capstone; 158 | sourceTree = ""; 159 | }; 160 | CEDE8D6D22984F7700C73034 /* Library */ = { 161 | isa = PBXGroup; 162 | children = ( 163 | CEDE8D6E22984F7700C73034 /* libkmod.a */, 164 | CEDE8D6F22984F7700C73034 /* wrappers */, 165 | CEDE8D7422984F7700C73034 /* security */, 166 | CEDE8D7822984F7700C73034 /* plugin_start.cpp */, 167 | CEDE8D7922984F7700C73034 /* LegacyIOService.h */, 168 | ); 169 | name = Library; 170 | path = Lilu.kext/Contents/Resources/Library; 171 | sourceTree = ""; 172 | }; 173 | CEDE8D6F22984F7700C73034 /* wrappers */ = { 174 | isa = PBXGroup; 175 | children = ( 176 | CEDE8D7022984F7700C73034 /* entry64.S */, 177 | CEDE8D7122984F7700C73034 /* build.tool */, 178 | CEDE8D7222984F7700C73034 /* entry32.S */, 179 | CEDE8D7322984F7700C73034 /* wrappers.inc */, 180 | ); 181 | path = wrappers; 182 | sourceTree = ""; 183 | }; 184 | CEDE8D7422984F7700C73034 /* security */ = { 185 | isa = PBXGroup; 186 | children = ( 187 | CEDE8D7522984F7700C73034 /* mac_framework.h */, 188 | CEDE8D7622984F7700C73034 /* mac_policy.h */, 189 | CEDE8D7722984F7700C73034 /* _label.h */, 190 | ); 191 | path = security; 192 | sourceTree = ""; 193 | }; 194 | /* End PBXGroup section */ 195 | 196 | /* Begin PBXHeadersBuildPhase section */ 197 | CEDE8CE022984C0800C73034 /* Headers */ = { 198 | isa = PBXHeadersBuildPhase; 199 | buildActionMask = 2147483647; 200 | files = ( 201 | ); 202 | runOnlyForDeploymentPostprocessing = 0; 203 | }; 204 | /* End PBXHeadersBuildPhase section */ 205 | 206 | /* Begin PBXNativeTarget section */ 207 | CEDE8CE422984C0800C73034 /* CryptexFixup */ = { 208 | isa = PBXNativeTarget; 209 | buildConfigurationList = CEDE8CEF22984C0800C73034 /* Build configuration list for PBXNativeTarget "CryptexFixup" */; 210 | buildPhases = ( 211 | CEDE8CE022984C0800C73034 /* Headers */, 212 | CEDE8CE122984C0800C73034 /* Sources */, 213 | CEDE8CE222984C0800C73034 /* Frameworks */, 214 | CEDE8CE322984C0800C73034 /* Resources */, 215 | CEDE8CE922984C0800C73034 /* Archive */, 216 | ); 217 | buildRules = ( 218 | ); 219 | dependencies = ( 220 | ); 221 | name = CryptexFixup; 222 | productName = CryptexFixup; 223 | productReference = CEDE8CE522984C0800C73034 /* CryptexFixup.kext */; 224 | productType = "com.apple.product-type.kernel-extension"; 225 | }; 226 | /* End PBXNativeTarget section */ 227 | 228 | /* Begin PBXProject section */ 229 | CEDE8CDC22984C0800C73034 /* Project object */ = { 230 | isa = PBXProject; 231 | attributes = { 232 | LastUpgradeCheck = 1250; 233 | ORGANIZATIONNAME = Khronokernel; 234 | TargetAttributes = { 235 | CEDE8CE422984C0800C73034 = { 236 | CreatedOnToolsVersion = 10.2.1; 237 | }; 238 | }; 239 | }; 240 | buildConfigurationList = CEDE8CDF22984C0800C73034 /* Build configuration list for PBXProject "CryptexFixup" */; 241 | compatibilityVersion = "Xcode 9.3"; 242 | developmentRegion = en; 243 | hasScannedForEncodings = 0; 244 | knownRegions = ( 245 | en, 246 | Base, 247 | ); 248 | mainGroup = CEDE8CDB22984C0800C73034; 249 | productRefGroup = CEDE8CE622984C0800C73034 /* Products */; 250 | projectDirPath = ""; 251 | projectRoot = ""; 252 | targets = ( 253 | CEDE8CE422984C0800C73034 /* CryptexFixup */, 254 | ); 255 | }; 256 | /* End PBXProject section */ 257 | 258 | /* Begin PBXResourcesBuildPhase section */ 259 | CEDE8CE322984C0800C73034 /* Resources */ = { 260 | isa = PBXResourcesBuildPhase; 261 | buildActionMask = 2147483647; 262 | files = ( 263 | ); 264 | runOnlyForDeploymentPostprocessing = 0; 265 | }; 266 | /* End PBXResourcesBuildPhase section */ 267 | 268 | /* Begin PBXShellScriptBuildPhase section */ 269 | CEDE8CE922984C0800C73034 /* Archive */ = { 270 | isa = PBXShellScriptBuildPhase; 271 | buildActionMask = 2147483647; 272 | files = ( 273 | ); 274 | inputFileListPaths = ( 275 | ); 276 | inputPaths = ( 277 | ); 278 | name = Archive; 279 | outputFileListPaths = ( 280 | ); 281 | outputPaths = ( 282 | ); 283 | runOnlyForDeploymentPostprocessing = 0; 284 | shellPath = /bin/sh; 285 | shellScript = "cd \"${TARGET_BUILD_DIR}\"\n\ndist=(\"$FULL_PRODUCT_NAME\")\nif [ -d \"$DWARF_DSYM_FILE_NAME\" ]; then dist+=(\"$DWARF_DSYM_FILE_NAME\"); fi\n\narchive=\"${PRODUCT_NAME}-${MODULE_VERSION}-$(echo $CONFIGURATION | tr /a-z/ /A-Z/).zip\"\nrm -rf *.zip\nif [ \"$CONFIGURATION\" == \"Release\" ]; then strip -x -T \"${EXECUTABLE_PATH}\"; fi\nzip -qry -FS \"${archive}\" \"${dist[@]}\"\n"; 286 | }; 287 | /* End PBXShellScriptBuildPhase section */ 288 | 289 | /* Begin PBXSourcesBuildPhase section */ 290 | CEDE8CE122984C0800C73034 /* Sources */ = { 291 | isa = PBXSourcesBuildPhase; 292 | buildActionMask = 2147483647; 293 | files = ( 294 | CEDE8D7C22984FE600C73034 /* plugin_start.cpp in Sources */, 295 | CEDE8D7E2298501600C73034 /* kern_start.cpp in Sources */, 296 | ); 297 | runOnlyForDeploymentPostprocessing = 0; 298 | }; 299 | /* End PBXSourcesBuildPhase section */ 300 | 301 | /* Begin XCBuildConfiguration section */ 302 | CEDE8CED22984C0800C73034 /* Debug */ = { 303 | isa = XCBuildConfiguration; 304 | buildSettings = { 305 | ALWAYS_SEARCH_USER_PATHS = NO; 306 | ARCHS = x86_64; 307 | CLANG_ANALYZER_NONNULL = YES; 308 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 309 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 310 | CLANG_CXX_LIBRARY = "libc++"; 311 | CLANG_ENABLE_MODULES = YES; 312 | CLANG_ENABLE_OBJC_ARC = YES; 313 | CLANG_ENABLE_OBJC_WEAK = YES; 314 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 315 | CLANG_WARN_BOOL_CONVERSION = YES; 316 | CLANG_WARN_COMMA = YES; 317 | CLANG_WARN_CONSTANT_CONVERSION = YES; 318 | CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; 319 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 320 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 321 | CLANG_WARN_EMPTY_BODY = YES; 322 | CLANG_WARN_ENUM_CONVERSION = YES; 323 | CLANG_WARN_INFINITE_RECURSION = YES; 324 | CLANG_WARN_INT_CONVERSION = YES; 325 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 326 | CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; 327 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 328 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 329 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 330 | CLANG_WARN_STRICT_PROTOTYPES = YES; 331 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 332 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 333 | CLANG_WARN_UNREACHABLE_CODE = YES; 334 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 335 | CODE_SIGN_IDENTITY = "-"; 336 | COPY_PHASE_STRIP = NO; 337 | DEBUG_INFORMATION_FORMAT = dwarf; 338 | ENABLE_STRICT_OBJC_MSGSEND = YES; 339 | ENABLE_TESTABILITY = YES; 340 | GCC_C_LANGUAGE_STANDARD = gnu11; 341 | GCC_DYNAMIC_NO_PIC = NO; 342 | GCC_NO_COMMON_BLOCKS = YES; 343 | GCC_OPTIMIZATION_LEVEL = 0; 344 | GCC_PREPROCESSOR_DEFINITIONS = ( 345 | "DEBUG=1", 346 | "$(inherited)", 347 | ); 348 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 349 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 350 | GCC_WARN_UNDECLARED_SELECTOR = YES; 351 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 352 | GCC_WARN_UNUSED_FUNCTION = YES; 353 | GCC_WARN_UNUSED_VARIABLE = YES; 354 | KERNEL_EXTENSION_HEADER_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Headers"; 355 | KERNEL_FRAMEWORK_HEADERS = "$(PROJECT_DIR)/MacKernelSDK/Headers"; 356 | MACOSX_DEPLOYMENT_TARGET = 10.14; 357 | MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; 358 | MTL_FAST_MATH = YES; 359 | ONLY_ACTIVE_ARCH = YES; 360 | SDKROOT = macosx; 361 | }; 362 | name = Debug; 363 | }; 364 | CEDE8CEE22984C0800C73034 /* Release */ = { 365 | isa = XCBuildConfiguration; 366 | buildSettings = { 367 | ALWAYS_SEARCH_USER_PATHS = NO; 368 | ARCHS = x86_64; 369 | CLANG_ANALYZER_NONNULL = YES; 370 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 371 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 372 | CLANG_CXX_LIBRARY = "libc++"; 373 | CLANG_ENABLE_MODULES = YES; 374 | CLANG_ENABLE_OBJC_ARC = YES; 375 | CLANG_ENABLE_OBJC_WEAK = YES; 376 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 377 | CLANG_WARN_BOOL_CONVERSION = YES; 378 | CLANG_WARN_COMMA = YES; 379 | CLANG_WARN_CONSTANT_CONVERSION = YES; 380 | CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; 381 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 382 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 383 | CLANG_WARN_EMPTY_BODY = YES; 384 | CLANG_WARN_ENUM_CONVERSION = YES; 385 | CLANG_WARN_INFINITE_RECURSION = YES; 386 | CLANG_WARN_INT_CONVERSION = YES; 387 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 388 | CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; 389 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 390 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 391 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 392 | CLANG_WARN_STRICT_PROTOTYPES = YES; 393 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 394 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 395 | CLANG_WARN_UNREACHABLE_CODE = YES; 396 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 397 | CODE_SIGN_IDENTITY = "-"; 398 | COPY_PHASE_STRIP = NO; 399 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 400 | ENABLE_NS_ASSERTIONS = NO; 401 | ENABLE_STRICT_OBJC_MSGSEND = YES; 402 | GCC_C_LANGUAGE_STANDARD = gnu11; 403 | GCC_NO_COMMON_BLOCKS = YES; 404 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 405 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 406 | GCC_WARN_UNDECLARED_SELECTOR = YES; 407 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 408 | GCC_WARN_UNUSED_FUNCTION = YES; 409 | GCC_WARN_UNUSED_VARIABLE = YES; 410 | KERNEL_EXTENSION_HEADER_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Headers"; 411 | KERNEL_FRAMEWORK_HEADERS = "$(PROJECT_DIR)/MacKernelSDK/Headers"; 412 | MACOSX_DEPLOYMENT_TARGET = 10.14; 413 | MTL_ENABLE_DEBUG_INFO = NO; 414 | MTL_FAST_MATH = YES; 415 | SDKROOT = macosx; 416 | }; 417 | name = Release; 418 | }; 419 | CEDE8CF022984C0800C73034 /* Debug */ = { 420 | isa = XCBuildConfiguration; 421 | buildSettings = { 422 | CLANG_WARN_DOCUMENTATION_COMMENTS = NO; 423 | CODE_SIGN_STYLE = Automatic; 424 | COMBINE_HIDPI_IMAGES = YES; 425 | CURRENT_PROJECT_VERSION = 1.0.6; 426 | GCC_PREPROCESSOR_DEFINITIONS = ( 427 | "$(inherited)", 428 | "MODULE_VERSION=$(MODULE_VERSION)", 429 | "PRODUCT_NAME=$(PRODUCT_NAME)", 430 | ); 431 | HEADER_SEARCH_PATHS = "${PROJECT_DIR}/Lilu.kext/Contents/Resources"; 432 | INFOPLIST_FILE = "$(SRCROOT)/CryptexFixup/Info.plist"; 433 | LIBRARY_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Library/x86_64"; 434 | MARKETING_VERSION = 1.0.6; 435 | MODULE_NAME = com.Khronokernel.CryptexFixup; 436 | MODULE_START = "$(PRODUCT_NAME)_kern_start"; 437 | MODULE_STOP = "$(PRODUCT_NAME)_kern_stop"; 438 | MODULE_VERSION = 1.0.6; 439 | PRODUCT_BUNDLE_IDENTIFIER = com.khronokernel.CryptexFixup; 440 | PRODUCT_NAME = "$(TARGET_NAME)"; 441 | WRAPPER_EXTENSION = kext; 442 | }; 443 | name = Debug; 444 | }; 445 | CEDE8CF122984C0800C73034 /* Release */ = { 446 | isa = XCBuildConfiguration; 447 | buildSettings = { 448 | CLANG_WARN_DOCUMENTATION_COMMENTS = NO; 449 | CODE_SIGN_STYLE = Automatic; 450 | COMBINE_HIDPI_IMAGES = YES; 451 | CURRENT_PROJECT_VERSION = 1.0.6; 452 | GCC_PREPROCESSOR_DEFINITIONS = ( 453 | "$(inherited)", 454 | "MODULE_VERSION=$(MODULE_VERSION)", 455 | "PRODUCT_NAME=$(PRODUCT_NAME)", 456 | ); 457 | HEADER_SEARCH_PATHS = "${PROJECT_DIR}/Lilu.kext/Contents/Resources"; 458 | INFOPLIST_FILE = "$(SRCROOT)/CryptexFixup/Info.plist"; 459 | LIBRARY_SEARCH_PATHS = "$(PROJECT_DIR)/MacKernelSDK/Library/x86_64"; 460 | MARKETING_VERSION = 1.0.6; 461 | MODULE_NAME = com.Khronokernel.CryptexFixup; 462 | MODULE_START = "$(PRODUCT_NAME)_kern_start"; 463 | MODULE_STOP = "$(PRODUCT_NAME)_kern_stop"; 464 | MODULE_VERSION = 1.0.6; 465 | PRODUCT_BUNDLE_IDENTIFIER = com.khronokernel.CryptexFixup; 466 | PRODUCT_NAME = "$(TARGET_NAME)"; 467 | WRAPPER_EXTENSION = kext; 468 | }; 469 | name = Release; 470 | }; 471 | /* End XCBuildConfiguration section */ 472 | 473 | /* Begin XCConfigurationList section */ 474 | CEDE8CDF22984C0800C73034 /* Build configuration list for PBXProject "CryptexFixup" */ = { 475 | isa = XCConfigurationList; 476 | buildConfigurations = ( 477 | CEDE8CED22984C0800C73034 /* Debug */, 478 | CEDE8CEE22984C0800C73034 /* Release */, 479 | ); 480 | defaultConfigurationIsVisible = 0; 481 | defaultConfigurationName = Release; 482 | }; 483 | CEDE8CEF22984C0800C73034 /* Build configuration list for PBXNativeTarget "CryptexFixup" */ = { 484 | isa = XCConfigurationList; 485 | buildConfigurations = ( 486 | CEDE8CF022984C0800C73034 /* Debug */, 487 | CEDE8CF122984C0800C73034 /* Release */, 488 | ); 489 | defaultConfigurationIsVisible = 0; 490 | defaultConfigurationName = Release; 491 | }; 492 | /* End XCConfigurationList section */ 493 | }; 494 | rootObject = CEDE8CDC22984C0800C73034 /* Project object */; 495 | } 496 | -------------------------------------------------------------------------------- /CryptexFixup/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | $(DEVELOPMENT_LANGUAGE) 7 | CFBundleExecutable 8 | $(EXECUTABLE_NAME) 9 | CFBundleIdentifier 10 | $(PRODUCT_BUNDLE_IDENTIFIER) 11 | CFBundleInfoDictionaryVersion 12 | 6.0 13 | CFBundleName 14 | $(PRODUCT_NAME) 15 | CFBundlePackageType 16 | KEXT 17 | CFBundleShortVersionString 18 | $(MARKETING_VERSION) 19 | CFBundleVersion 20 | $(CURRENT_PROJECT_VERSION) 21 | IOKitPersonalities 22 | 23 | CryptexFixup 24 | 25 | CFBundleIdentifier 26 | $(PRODUCT_BUNDLE_IDENTIFIER) 27 | IOClass 28 | $(PRODUCT_NAME:rfc1034identifier) 29 | IOMatchCategory 30 | $(PRODUCT_NAME:rfc1034identifier) 31 | IOProviderClass 32 | IOResources 33 | IOResourceMatch 34 | IOKit 35 | 36 | 37 | NSHumanReadableCopyright 38 | Copyright © 2021 Khronokernel. All rights reserved. 39 | OSBundleLibraries 40 | 41 | as.vit9696.Lilu 42 | 1.4.7 43 | com.apple.kpi.bsd 44 | 12.0.0 45 | com.apple.kpi.dsep 46 | 12.0.0 47 | com.apple.kpi.iokit 48 | 12.0.0 49 | com.apple.kpi.libkern 50 | 12.0.0 51 | com.apple.kpi.mach 52 | 12.0.0 53 | com.apple.kpi.unsupported 54 | 12.0.0 55 | 56 | OSBundleRequired 57 | Root 58 | 59 | 60 | -------------------------------------------------------------------------------- /CryptexFixup/kern_start.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // kern_start.cpp 3 | // CryptexFixup.kext 4 | // 5 | // Copyright © 2022 Mykola Grymalyuk. All rights reserved. 6 | // 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | #define MODULE_SHORT "crypt_fix" 14 | 15 | static mach_vm_address_t orig_cs_validate {}; 16 | static mach_vm_address_t orig_authenticate_root_hash {}; 17 | 18 | // ramrod is stored inside a larger binary, UpdateBrainLibary 19 | // When inspecting the RAM Disk, ramrod's path is '/usr/libexec/ramrod/ramrod' 20 | static const char *ramrodPath = "UpdateBrainLibrary"; 21 | 22 | static const uint8_t kCryptexFind[] = { 23 | // cryptex-system-x86_64 24 | 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x78, 0x2D, 25 | 0x73, 0x79, 0x73, 0x74, 0x65, 0x6D, 0x2D, 26 | 0x78, 0x38, 0x36, 0x5F, 0x36, 0x34 27 | }; 28 | 29 | static const uint8_t kCryptexReplace[] = { 30 | // cryptex-system-arm64e 31 | 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x78, 0x2D, 32 | 0x73, 0x79, 0x73, 0x74, 0x65, 0x6D, 0x2D, 33 | 0x61, 0x72, 0x6D, 0x36, 0x34, 0x65 34 | }; 35 | 36 | static const char *kextAPFS[] { 37 | "/System/Library/Extensions/apfs.kext/Contents/MacOS/apfs" 38 | }; 39 | 40 | static KernelPatcher::KextInfo kextList[] { 41 | {"com.apple.filesystems.apfs", kextAPFS, arrsize(kextAPFS), {true}, {}, KernelPatcher::KextInfo::Unloaded }, 42 | }; 43 | 44 | static const char *kextAuthHashSymbol[] { 45 | "_authenticate_root_hash" 46 | }; 47 | 48 | 49 | #pragma mark - Kernel patching code 50 | 51 | template 52 | static inline void searchAndPatch(const void *haystack, size_t haystackSize, const char *path, const uint8_t (&needle)[findSize], const uint8_t (&patch)[replaceSize], const char *name) { 53 | if (UNLIKELY(KernelPatcher::findAndReplace(const_cast(haystack), haystackSize, needle, findSize, patch, replaceSize))) { 54 | DBGLOG(MODULE_SHORT, "found function %s to patch at %s!", name, path); 55 | } 56 | } 57 | 58 | static int patched_authenticate_root_hash(int arg0, int arg1, int arg2, int arg3, int arg4, int arg5) { 59 | return 0; 60 | }; 61 | 62 | static void processKext(KernelPatcher &patcher, size_t index, mach_vm_address_t address, size_t size) { 63 | // Check apfs.kext is loaded 64 | if (index != kextList[0].loadIndex) { 65 | return; 66 | } 67 | 68 | // Force '_authenticate_root_hash' to return 0 69 | KernelPatcher::RouteRequest request (kextAuthHashSymbol[0], patched_authenticate_root_hash, orig_authenticate_root_hash); 70 | if (!patcher.routeMultiple(index, &request, 1, address , size)) { 71 | SYSLOG(MODULE_SHORT, "patcher.routeMultiple for %s failed with error %d", request.symbol, patcher.getError()); 72 | patcher.clearError(); 73 | } 74 | } 75 | 76 | 77 | #pragma mark - Patched functions 78 | 79 | static void patched_cs_validate_page(vnode_t vp, memory_object_t pager, memory_object_offset_t page_offset, const void *data, int *validated_p, int *tainted_p, int *nx_p) { 80 | char path[PATH_MAX]; 81 | int pathlen = PATH_MAX; 82 | FunctionCast(patched_cs_validate_page, orig_cs_validate)(vp, pager, page_offset, data, validated_p, tainted_p, nx_p); 83 | 84 | if (vn_getpath(vp, path, &pathlen) == 0) { 85 | // Binary is copied into a tmp location, thus partial match 86 | if (UNLIKELY(strstr(path, ramrodPath) != NULL)) { 87 | searchAndPatch(data, PAGE_SIZE, path, kCryptexFind, kCryptexReplace, "Cryptex Disk Image"); 88 | } 89 | } 90 | } 91 | 92 | #pragma mark - Patches on start/stop 93 | 94 | static void pluginStart() { 95 | DBGLOG(MODULE_SHORT, "start"); 96 | if (BaseDeviceInfo::get().cpuHasAvx2) { 97 | if (checkKernelArgument("-crypt_force_avx")) { 98 | SYSLOG(MODULE_SHORT, "system natively support AVX2.0, but forcing AVX patch upon user request"); 99 | } else { 100 | SYSLOG(MODULE_SHORT, "system natively support AVX2.0, skipping"); 101 | return; 102 | } 103 | } 104 | 105 | // Userspace Patcher (ramrod) 106 | // Support Big Sur and newer for in-place Install macOS.app usage 107 | if (getKernelVersion() >= KernelVersion::BigSur) { 108 | lilu.onPatcherLoadForce([](void *user, KernelPatcher &patcher) { 109 | KernelPatcher::RouteRequest csRoute = KernelPatcher::RouteRequest("_cs_validate_page", patched_cs_validate_page, orig_cs_validate); 110 | if (!patcher.routeMultipleLong(KernelPatcher::KernelID, &csRoute, 1)) 111 | SYSLOG(MODULE_SHORT, "failed to route cs validation pages"); 112 | }); 113 | } 114 | 115 | // Kernel Space Patcher (APFS.kext) 116 | if (getKernelVersion() >= KernelVersion::Ventura) { 117 | if (checkKernelArgument("-crypt_allow_hash_validation")) { 118 | SYSLOG(MODULE_SHORT, "disabling APFS.kext patching upon user request"); 119 | } else { 120 | lilu.onKextLoadForce(kextList, arrsize(kextList), 121 | [](void *user, KernelPatcher &patcher, size_t index, mach_vm_address_t address, size_t size) { 122 | processKext(patcher, index, address, size); 123 | }, nullptr); 124 | } 125 | } 126 | } 127 | 128 | // Boot args. 129 | static const char *bootargOff[] { 130 | "-cryptoff" 131 | }; 132 | static const char *bootargDebug[] { 133 | "-cryptdbg" 134 | }; 135 | static const char *bootargBeta[] { 136 | "-cryptbeta" 137 | }; 138 | 139 | // Plugin configuration. 140 | PluginConfiguration ADDPR(config) { 141 | xStringify(PRODUCT_NAME), 142 | parseModuleVersion(xStringify(MODULE_VERSION)), 143 | LiluAPI::AllowNormal | LiluAPI::AllowInstallerRecovery | LiluAPI::AllowSafeMode, 144 | bootargOff, 145 | arrsize(bootargOff), 146 | bootargDebug, 147 | arrsize(bootargDebug), 148 | bootargBeta, 149 | arrsize(bootargBeta), 150 | KernelVersion::BigSur, 151 | KernelVersion::Tahoe, 152 | pluginStart 153 | }; 154 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2022, Mykola Grymalyuk 2 | 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 8 | 9 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 10 | 11 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 12 | 13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | CryptexFixup 2 | ============== 3 | 4 | [![Build Status](https://github.com/acidanthera/CryptexFixup/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/acidanthera/CryptexFixup/actions) [![Scan Status](https://scan.coverity.com/projects/26230/badge.svg?flat=1)](https://scan.coverity.com/projects/26230) 5 | 6 | [Lilu](https://github.com/acidanthera/Lilu) Kernel extension for installing Rosetta Cryptex in macOS Ventura. Applicable for both OS installation and updates. 7 | 8 | ---------- 9 | 10 | With macOS Ventura, Apple finally dropped the last Mac that lacked the [AVX2.0 CPU instruction](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions#Advanced_Vector_Extensions_2), the 2013 Trash Can Mac Pro (MacPro6,1). With this, systems lacking AVX2.0 can no longer boot Ventura natively as Apple has stripped the legacy non-AVX2.0 dyld shared caches from the OS. However due to compatibility issues with Rosetta 2, Apple is forced to retain a pre-AVX2.0 dyld shared cache on Apple Silicon systems. 11 | 12 | Thus to support older machines, this kext will force the macOS installer/updater to install the Apple Silicon Cryptex (OS.dmg) instead of the stock Intel variant. More information can be found under [macOS Ventura and OpenCore Legacy Patcher Support: Issue 998](https://github.com/dortania/OpenCore-Legacy-Patcher/issues/998). Additionally, this kext will disable Cryptex hash verification in APFS.kext. 13 | 14 | 15 | #### Additional notes: 16 | 17 | - Delta Updates will not be supported with patched Cryptexes, Full Updates will be requested instead. 18 | - Delta: 1-3GB~ 19 | - Full Update: 12GB 20 | - [Rapid Security Response Updates](https://support.apple.com/guide/deployment/dep93ff7ea78/web) are currently not supported at this time. 21 | - macOS only distributes `x86_64h`-based deltas on x86 machines, which are incompatible with the Rosetta Cryptex. 22 | - If CryptexFixup determines your system already supports AVX2.0, it will not do anything (unless explicitly requested). 23 | - Systems supporting AVX2.0 natively: 24 | - Intel Haswell and newer 25 | - AMD Excavator/Ryzen and newer 26 | - Systems lacking AVX2.0: 27 | - Intel Ivy Bridge and older 28 | - AMD Bulldozer/Piledriver/Steamroller and older 29 | - This kext does not drop the requirement for AVX2.0 in some of Ventura's Graphics Stack 30 | - AMD Polaris, Vega and Navi Drivers in Ventura will not function without AVX2.0 support, end users will need to find alternative ways to achieve graphics acceleration 31 | - Apple's Paravirtualized Graphics Stack still supports pre-AVX2.0 systems 32 | - ex. VMware Fusion on Monterey host lacking AVX2.0, guest VM running Ventura 33 | 34 | 35 | #### Boot arguments 36 | 37 | - `-cryptoff` (or `-liluoff`) to disable 38 | - `-cryptdbg` (or `-liludbgall`) to enable verbose logging (in DEBUG builds) 39 | - `-cryptbeta` (or `-lilubetaall`) to enable on macOS newer than 26 40 | - `-crypt_allow_hash_validation` to disable APFS.kext patching 41 | - `-crypt_force_avx` to force install the Rosetta Cryptex on AVX2.0 systems 42 | 43 | 44 | #### Credits 45 | 46 | - [Apple](https://www.apple.com) for macOS 47 | - [vit9696](https://github.com/vit9696) for [Lilu.kext](https://github.com/vit9696/Lilu) 48 | - [DhinakG](https://github.com/dhinakg) for research and development 49 | - [khronokernel](https://github.com/khronokernel) for research and development 50 | --------------------------------------------------------------------------------