├── .gitignore ├── DisableLibraryValidation.xcodeproj ├── project.pbxproj └── project.xcworkspace │ └── contents.xcworkspacedata ├── DisableLibraryValidation ├── DisableLibraryValidation.cpp ├── DisableLibraryValidation.h ├── Info.plist └── main.c ├── LICENSE ├── README.md ├── install.sh └── package.sh /.gitignore: -------------------------------------------------------------------------------- 1 | DerivedData/ 2 | build/ 3 | xcuserdata 4 | -------------------------------------------------------------------------------- /DisableLibraryValidation.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 46; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | A7126A4D1F1A4034008339E0 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = A7126A4C1F1A4034008339E0 /* main.c */; }; 11 | A79F43621F1A6F8300942985 /* DisableLibraryValidation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A79F43601F1A6F8300942985 /* DisableLibraryValidation.cpp */; }; 12 | A79F43631F1A6F8300942985 /* DisableLibraryValidation.h in Headers */ = {isa = PBXBuildFile; fileRef = A79F43611F1A6F8300942985 /* DisableLibraryValidation.h */; }; 13 | /* End PBXBuildFile section */ 14 | 15 | /* Begin PBXFileReference section */ 16 | A7126A491F1A4034008339E0 /* DisableLibraryValidation.kext */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = DisableLibraryValidation.kext; sourceTree = BUILT_PRODUCTS_DIR; }; 17 | A7126A4C1F1A4034008339E0 /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; 18 | A7126A4E1F1A4034008339E0 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 19 | A79F43601F1A6F8300942985 /* DisableLibraryValidation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DisableLibraryValidation.cpp; sourceTree = ""; }; 20 | A79F43611F1A6F8300942985 /* DisableLibraryValidation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DisableLibraryValidation.h; sourceTree = ""; }; 21 | /* End PBXFileReference section */ 22 | 23 | /* Begin PBXFrameworksBuildPhase section */ 24 | A7126A451F1A4034008339E0 /* Frameworks */ = { 25 | isa = PBXFrameworksBuildPhase; 26 | buildActionMask = 2147483647; 27 | files = ( 28 | ); 29 | runOnlyForDeploymentPostprocessing = 0; 30 | }; 31 | /* End PBXFrameworksBuildPhase section */ 32 | 33 | /* Begin PBXGroup section */ 34 | A7126A3F1F1A4034008339E0 = { 35 | isa = PBXGroup; 36 | children = ( 37 | A7126A4B1F1A4034008339E0 /* DisableLibraryValidation */, 38 | A7126A4A1F1A4034008339E0 /* Products */, 39 | ); 40 | sourceTree = ""; 41 | }; 42 | A7126A4A1F1A4034008339E0 /* Products */ = { 43 | isa = PBXGroup; 44 | children = ( 45 | A7126A491F1A4034008339E0 /* DisableLibraryValidation.kext */, 46 | ); 47 | name = Products; 48 | sourceTree = ""; 49 | }; 50 | A7126A4B1F1A4034008339E0 /* DisableLibraryValidation */ = { 51 | isa = PBXGroup; 52 | children = ( 53 | A79F43601F1A6F8300942985 /* DisableLibraryValidation.cpp */, 54 | A79F43611F1A6F8300942985 /* DisableLibraryValidation.h */, 55 | A7126A4C1F1A4034008339E0 /* main.c */, 56 | A7126A4E1F1A4034008339E0 /* Info.plist */, 57 | ); 58 | path = DisableLibraryValidation; 59 | sourceTree = ""; 60 | }; 61 | /* End PBXGroup section */ 62 | 63 | /* Begin PBXHeadersBuildPhase section */ 64 | A7126A461F1A4034008339E0 /* Headers */ = { 65 | isa = PBXHeadersBuildPhase; 66 | buildActionMask = 2147483647; 67 | files = ( 68 | A79F43631F1A6F8300942985 /* DisableLibraryValidation.h in Headers */, 69 | ); 70 | runOnlyForDeploymentPostprocessing = 0; 71 | }; 72 | /* End PBXHeadersBuildPhase section */ 73 | 74 | /* Begin PBXNativeTarget section */ 75 | A7126A481F1A4034008339E0 /* DisableLibraryValidation */ = { 76 | isa = PBXNativeTarget; 77 | buildConfigurationList = A7126A511F1A4034008339E0 /* Build configuration list for PBXNativeTarget "DisableLibraryValidation" */; 78 | buildPhases = ( 79 | A7126A441F1A4034008339E0 /* Sources */, 80 | A7126A451F1A4034008339E0 /* Frameworks */, 81 | A7126A461F1A4034008339E0 /* Headers */, 82 | A7126A471F1A4034008339E0 /* Resources */, 83 | ); 84 | buildRules = ( 85 | ); 86 | dependencies = ( 87 | ); 88 | name = DisableLibraryValidation; 89 | productName = DisableLibraryValidation; 90 | productReference = A7126A491F1A4034008339E0 /* DisableLibraryValidation.kext */; 91 | productType = "com.apple.product-type.kernel-extension"; 92 | }; 93 | /* End PBXNativeTarget section */ 94 | 95 | /* Begin PBXProject section */ 96 | A7126A401F1A4034008339E0 /* Project object */ = { 97 | isa = PBXProject; 98 | attributes = { 99 | LastUpgradeCheck = 0830; 100 | TargetAttributes = { 101 | A7126A481F1A4034008339E0 = { 102 | CreatedOnToolsVersion = 8.3.3; 103 | ProvisioningStyle = Manual; 104 | }; 105 | }; 106 | }; 107 | buildConfigurationList = A7126A431F1A4034008339E0 /* Build configuration list for PBXProject "DisableLibraryValidation" */; 108 | compatibilityVersion = "Xcode 3.2"; 109 | developmentRegion = English; 110 | hasScannedForEncodings = 0; 111 | knownRegions = ( 112 | en, 113 | ); 114 | mainGroup = A7126A3F1F1A4034008339E0; 115 | productRefGroup = A7126A4A1F1A4034008339E0 /* Products */; 116 | projectDirPath = ""; 117 | projectRoot = ""; 118 | targets = ( 119 | A7126A481F1A4034008339E0 /* DisableLibraryValidation */, 120 | ); 121 | }; 122 | /* End PBXProject section */ 123 | 124 | /* Begin PBXResourcesBuildPhase section */ 125 | A7126A471F1A4034008339E0 /* Resources */ = { 126 | isa = PBXResourcesBuildPhase; 127 | buildActionMask = 2147483647; 128 | files = ( 129 | ); 130 | runOnlyForDeploymentPostprocessing = 0; 131 | }; 132 | /* End PBXResourcesBuildPhase section */ 133 | 134 | /* Begin PBXSourcesBuildPhase section */ 135 | A7126A441F1A4034008339E0 /* Sources */ = { 136 | isa = PBXSourcesBuildPhase; 137 | buildActionMask = 2147483647; 138 | files = ( 139 | A7126A4D1F1A4034008339E0 /* main.c in Sources */, 140 | A79F43621F1A6F8300942985 /* DisableLibraryValidation.cpp in Sources */, 141 | ); 142 | runOnlyForDeploymentPostprocessing = 0; 143 | }; 144 | /* End PBXSourcesBuildPhase section */ 145 | 146 | /* Begin XCBuildConfiguration section */ 147 | A7126A4F1F1A4034008339E0 /* Debug */ = { 148 | isa = XCBuildConfiguration; 149 | buildSettings = { 150 | ALWAYS_SEARCH_USER_PATHS = NO; 151 | CLANG_ANALYZER_NONNULL = YES; 152 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 153 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 154 | CLANG_CXX_LIBRARY = "libc++"; 155 | CLANG_ENABLE_MODULES = YES; 156 | CLANG_ENABLE_OBJC_ARC = YES; 157 | CLANG_WARN_BOOL_CONVERSION = YES; 158 | CLANG_WARN_CONSTANT_CONVERSION = YES; 159 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 160 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 161 | CLANG_WARN_EMPTY_BODY = YES; 162 | CLANG_WARN_ENUM_CONVERSION = YES; 163 | CLANG_WARN_INFINITE_RECURSION = YES; 164 | CLANG_WARN_INT_CONVERSION = YES; 165 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 166 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 167 | CLANG_WARN_UNREACHABLE_CODE = YES; 168 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 169 | CODE_SIGN_IDENTITY = "-"; 170 | COPY_PHASE_STRIP = NO; 171 | DEBUG_INFORMATION_FORMAT = dwarf; 172 | ENABLE_STRICT_OBJC_MSGSEND = YES; 173 | ENABLE_TESTABILITY = YES; 174 | GCC_C_LANGUAGE_STANDARD = gnu99; 175 | GCC_DYNAMIC_NO_PIC = NO; 176 | GCC_NO_COMMON_BLOCKS = YES; 177 | GCC_OPTIMIZATION_LEVEL = 0; 178 | GCC_PREPROCESSOR_DEFINITIONS = ( 179 | "DEBUG=1", 180 | "$(inherited)", 181 | ); 182 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 183 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 184 | GCC_WARN_UNDECLARED_SELECTOR = YES; 185 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 186 | GCC_WARN_UNUSED_FUNCTION = YES; 187 | GCC_WARN_UNUSED_VARIABLE = YES; 188 | MACOSX_DEPLOYMENT_TARGET = 10.12; 189 | MTL_ENABLE_DEBUG_INFO = YES; 190 | ONLY_ACTIVE_ARCH = YES; 191 | SDKROOT = macosx; 192 | }; 193 | name = Debug; 194 | }; 195 | A7126A501F1A4034008339E0 /* Release */ = { 196 | isa = XCBuildConfiguration; 197 | buildSettings = { 198 | ALWAYS_SEARCH_USER_PATHS = NO; 199 | CLANG_ANALYZER_NONNULL = YES; 200 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 201 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 202 | CLANG_CXX_LIBRARY = "libc++"; 203 | CLANG_ENABLE_MODULES = YES; 204 | CLANG_ENABLE_OBJC_ARC = YES; 205 | CLANG_WARN_BOOL_CONVERSION = YES; 206 | CLANG_WARN_CONSTANT_CONVERSION = YES; 207 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 208 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 209 | CLANG_WARN_EMPTY_BODY = YES; 210 | CLANG_WARN_ENUM_CONVERSION = YES; 211 | CLANG_WARN_INFINITE_RECURSION = YES; 212 | CLANG_WARN_INT_CONVERSION = YES; 213 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 214 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 215 | CLANG_WARN_UNREACHABLE_CODE = YES; 216 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 217 | CODE_SIGN_IDENTITY = "-"; 218 | COPY_PHASE_STRIP = NO; 219 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 220 | ENABLE_NS_ASSERTIONS = NO; 221 | ENABLE_STRICT_OBJC_MSGSEND = YES; 222 | GCC_C_LANGUAGE_STANDARD = gnu99; 223 | GCC_NO_COMMON_BLOCKS = YES; 224 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 225 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 226 | GCC_WARN_UNDECLARED_SELECTOR = YES; 227 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 228 | GCC_WARN_UNUSED_FUNCTION = YES; 229 | GCC_WARN_UNUSED_VARIABLE = YES; 230 | MACOSX_DEPLOYMENT_TARGET = 10.12; 231 | MTL_ENABLE_DEBUG_INFO = NO; 232 | SDKROOT = macosx; 233 | }; 234 | name = Release; 235 | }; 236 | A7126A521F1A4034008339E0 /* Debug */ = { 237 | isa = XCBuildConfiguration; 238 | buildSettings = { 239 | CODE_SIGN_IDENTITY = ""; 240 | INFOPLIST_FILE = DisableLibraryValidation/Info.plist; 241 | MACOSX_DEPLOYMENT_TARGET = 10.12; 242 | MODULE_NAME = com.mologie.DisableLibraryValidation; 243 | MODULE_START = DisableLibraryValidation_start; 244 | MODULE_STOP = DisableLibraryValidation_stop; 245 | MODULE_VERSION = 1.0.0d1; 246 | PRODUCT_BUNDLE_IDENTIFIER = com.apple.kext.mologie.DisableLibraryValidation; 247 | PRODUCT_NAME = "$(TARGET_NAME)"; 248 | WRAPPER_EXTENSION = kext; 249 | }; 250 | name = Debug; 251 | }; 252 | A7126A531F1A4034008339E0 /* Release */ = { 253 | isa = XCBuildConfiguration; 254 | buildSettings = { 255 | CODE_SIGN_IDENTITY = ""; 256 | INFOPLIST_FILE = DisableLibraryValidation/Info.plist; 257 | MACOSX_DEPLOYMENT_TARGET = 10.12; 258 | MODULE_NAME = com.mologie.DisableLibraryValidation; 259 | MODULE_START = DisableLibraryValidation_start; 260 | MODULE_STOP = DisableLibraryValidation_stop; 261 | MODULE_VERSION = 1.0.0d1; 262 | PRODUCT_BUNDLE_IDENTIFIER = com.apple.kext.mologie.DisableLibraryValidation; 263 | PRODUCT_NAME = "$(TARGET_NAME)"; 264 | WRAPPER_EXTENSION = kext; 265 | }; 266 | name = Release; 267 | }; 268 | /* End XCBuildConfiguration section */ 269 | 270 | /* Begin XCConfigurationList section */ 271 | A7126A431F1A4034008339E0 /* Build configuration list for PBXProject "DisableLibraryValidation" */ = { 272 | isa = XCConfigurationList; 273 | buildConfigurations = ( 274 | A7126A4F1F1A4034008339E0 /* Debug */, 275 | A7126A501F1A4034008339E0 /* Release */, 276 | ); 277 | defaultConfigurationIsVisible = 0; 278 | defaultConfigurationName = Release; 279 | }; 280 | A7126A511F1A4034008339E0 /* Build configuration list for PBXNativeTarget "DisableLibraryValidation" */ = { 281 | isa = XCConfigurationList; 282 | buildConfigurations = ( 283 | A7126A521F1A4034008339E0 /* Debug */, 284 | A7126A531F1A4034008339E0 /* Release */, 285 | ); 286 | defaultConfigurationIsVisible = 0; 287 | defaultConfigurationName = Release; 288 | }; 289 | /* End XCConfigurationList section */ 290 | }; 291 | rootObject = A7126A401F1A4034008339E0 /* Project object */; 292 | } 293 | -------------------------------------------------------------------------------- /DisableLibraryValidation.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /DisableLibraryValidation/DisableLibraryValidation.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // DisableLibraryValidation.cpp 3 | // DisableLibraryValidation 4 | // 5 | // Created by Oliver Kuckertz on 15.07.17. 6 | // Copyright © 2017 Oliver Kuckertz. All rights reserved. 7 | // 8 | 9 | #include 10 | #include "DisableLibraryValidation.h" 11 | 12 | OSDefineMetaClassAndStructors(com_mologie_DisableLibraryValidation, IOService) 13 | 14 | // This service does not implement any methods. Its sole purpose is to have IOKit load our driver on boot. 15 | -------------------------------------------------------------------------------- /DisableLibraryValidation/DisableLibraryValidation.h: -------------------------------------------------------------------------------- 1 | // 2 | // DisableLibraryValidation.h 3 | // DisableLibraryValidation 4 | // 5 | // Created by Oliver Kuckertz on 15.07.17. 6 | // Copyright © 2017 Oliver Kuckertz. All rights reserved. 7 | // 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | class com_mologie_DisableLibraryValidation : public IOService 14 | { 15 | OSDeclareDefaultStructors(com_mologie_DisableLibraryValidation) 16 | }; 17 | -------------------------------------------------------------------------------- /DisableLibraryValidation/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | en 7 | CFBundleExecutable 8 | $(EXECUTABLE_NAME) 9 | CFBundleIdentifier 10 | $(PRODUCT_BUNDLE_IDENTIFIER) 11 | CFBundleInfoDictionaryVersion 12 | 6.0 13 | CFBundleName 14 | $(PRODUCT_NAME) 15 | CFBundlePackageType 16 | KEXT 17 | CFBundleShortVersionString 18 | 1.0.0 19 | CFBundleVersion 20 | 1 21 | IOKitPersonalities 22 | 23 | com.mologie.DisableLibraryValidation 24 | 25 | CFBundleIdentifier 26 | $(PRODUCT_BUNDLE_IDENTIFIER) 27 | IOClass 28 | com_mologie_DisableLibraryValidation 29 | IOMatchCategory 30 | com_mologie_DisableLibraryValidation 31 | IOProviderClass 32 | IOResources 33 | IOResourceMatch 34 | IOBSD 35 | 36 | 37 | NSHumanReadableCopyright 38 | Definitely Not Copyright © 2017 Apple Inc. All rights reserved... for petty technical reasons. Please load me, kextutil? 39 | OSBundleLibraries 40 | 41 | com.apple.kpi.iokit 42 | 16.6 43 | com.apple.kpi.libkern 44 | 16.6 45 | com.apple.kpi.private 46 | 16.6 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /DisableLibraryValidation/main.c: -------------------------------------------------------------------------------- 1 | // 2 | // DisableLibraryValidation.c 3 | // DisableLibraryValidation 4 | // 5 | // Created by Oliver Kuckertz on 15.07.17. 6 | // Copyright © 2017 Oliver Kuckertz. All rights reserved. 7 | // 8 | 9 | #include 10 | #include 11 | #include 12 | #include // for IOLog 13 | #include // for get_cr0/set_cr0 14 | 15 | #define dbgprintf(STR, ...) \ 16 | IOLog("DisableLibraryValidation: " STR "\n", ## __VA_ARGS__); 17 | 18 | kern_return_t DisableLibraryValidation_start(kmod_info_t * ki, void *d); 19 | kern_return_t DisableLibraryValidation_stop(kmod_info_t *ki, void *d); 20 | 21 | int cs_require_lv(struct proc *); 22 | 23 | static const uint8_t patch[] = { 0x48, 0x31, 0xC0 /* XOR RAX,RAX */, 0xC3 /* RET */ }; 24 | static uint8_t backup[sizeof(patch)]; 25 | 26 | static 27 | int cli(void) 28 | { 29 | unsigned long flags; 30 | asm volatile ("pushf; pop %0; cli;" : "=r" (flags)); 31 | return !!(flags & EFL_IF); 32 | } 33 | 34 | static 35 | void sti(void) 36 | { 37 | asm volatile ("sti; nop;"); 38 | } 39 | 40 | kern_return_t DisableLibraryValidation_start(kmod_info_t * ki, void *d) 41 | { 42 | dbgprintf("disabling library validation"); 43 | 44 | // disable interrupts and kernel write protection 45 | int intrflag = cli(); 46 | uintptr_t cr0 = get_cr0(); 47 | set_cr0(cr0 & ~CR0_WP); 48 | 49 | // replace code 50 | memcpy(backup, (void *)cs_require_lv, sizeof(patch)); 51 | memcpy((void *)cs_require_lv, patch, sizeof(patch)); 52 | 53 | // enable kernel write protection and interrupts 54 | set_cr0(cr0); 55 | if (intrflag) 56 | sti(); 57 | 58 | // validate result 59 | if (cs_require_lv(NULL) == 0) { 60 | return KERN_SUCCESS; 61 | } 62 | else { 63 | dbgprintf("validation failed (and it's a wonder that your machine has not panicked)"); 64 | return KERN_FAILURE; 65 | } 66 | } 67 | 68 | kern_return_t DisableLibraryValidation_stop(kmod_info_t *ki, void *d) 69 | { 70 | dbgprintf("enabling library validation (unload)"); 71 | 72 | // disable interrupts and kernel write protection 73 | int intrflag = cli(); 74 | uintptr_t cr0 = get_cr0(); 75 | set_cr0(cr0 & ~CR0_WP); 76 | 77 | // replace code 78 | memcpy((void *)cs_require_lv, backup, sizeof(patch)); 79 | 80 | // enable kernel write protection and interrupts 81 | set_cr0(cr0); 82 | if (intrflag) 83 | sti(); 84 | 85 | return KERN_SUCCESS; 86 | } 87 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2017 Oliver Kuckertz 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | DisableLibraryValidation 3 | ======================== 4 | 5 | If you are here, because you wish to fix issues with your NVIDIA web driver, please head over to [the new NVWebDriverLibValFix page](https://github.com/mologie/NVWebDriverLibValFix/releases). This software is obsolete for fixing NVIDIA web driver issues. 6 | 7 | **Beware:** This software intentionally weakens the security of your Mac and may turn your machine into a fire-breathing dragon. You should not install it. 8 | 9 | With that out of the way: This software installs a small kernel patch at boot-time, which disables [Library Validation](https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW9). Library Validation exists independently of SIP and cannot be disabled without a kernel patch. 10 | 11 | You don't want Library Validation to be disabled on your Mac. However, if it were to be disabled: 12 | 13 | * Processes can load arbitrary libraries 14 | * root becomes more powerful (may load arbitrary libraries into any process depending on SIP status) 15 | * Security is weakened, because some user processes could be fooled to run additional code without root's explicit request, which may grant access to daemons that depend on Library Validation for secure validation of code identity. 16 | 17 | Installation 18 | ------------ 19 | 20 | The latest release and installation instructions are available on the [Releases Page](https://github.com/mologie/macos-disable-library-validation/releases). 21 | 22 | All releases are unsigned and require kernel code signing to be disabled (`csrutil enable --without kext`). 23 | 24 | Installation (from source) 25 | -------------------------- 26 | 27 | Install Xcode, then `./install.sh`. 28 | 29 | On success, you should see a message from 'DisableLibraryValidation' in the output of `sudo dmesg` and find 'com.apple.kext.mologie.DisableLibraryValidation' in the output of `kextstat`. 30 | 31 | The patches take effect immediately, but you might have to restart processes that are broken by Library Validation (such as iBooks with the NVIDIA Web Drivers.) 32 | 33 | Removal 34 | ------- 35 | 36 | `sudo ./install.sh uninstall`, which runs `kextunload` to unload the extension and deletes it from disk. 37 | 38 | Bug Reports 39 | ----------- 40 | 41 | This software comes with no support or implied warrenty. I do not accept bug reports, but I welcome pull requests that fix bugs should you have found any. You may also submit pull requests for adding information to this readme file, or contact my privately via the email address on my GitHub profile. 42 | 43 | Legal 44 | ----- 45 | 46 | Copyright 2017 Oliver Kuckertz; released under the [MIT license](LICENSE). 47 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | KEXT=DisableLibraryValidation.kext 5 | KEXTDPREFIX= 6 | 7 | cd "$(dirname $0)" 8 | 9 | case "$1" in 10 | "") 11 | if [ "$(id -u)" -eq 0 ]; then 12 | echo "Please don't run me as root. I want to build as normal user." 13 | exit 1 14 | fi 15 | rm -rf build 16 | xcodebuild -configuration Release build 17 | echo "Done building. I'll now ask for your user password to install the kernel extension." 18 | sudo $0 install 19 | ;; 20 | install) 21 | if [ ! "$(id -u)" -eq 0 ]; then 22 | echo "The install action must be run as root." 23 | exit 1 24 | fi 25 | ditto build/Release/$KEXT /tmp/$KEXT 26 | chown -R root:wheel /tmp/$KEXT 27 | $0 uninstall 28 | ditto /tmp/$KEXT $KEXTDPREFIX/Library/Extensions/$KEXT 29 | rm -rf /tmp/$KEXT 30 | kextutil $KEXTDPREFIX/Library/Extensions/$KEXT 31 | echo "\033[0;32mSuccess! $KEXT has been built, installed and loaded.\033[0m" 32 | ;; 33 | uninstall) 34 | if [ ! "$(id -u)" -eq 0 ]; then 35 | echo "The uninstall action must be run as root." 36 | exit 1 37 | fi 38 | if [ -d $KEXTDPREFIX/Library/Extensions/$KEXT ]; then 39 | kextunload $KEXTDPREFIX/Library/Extensions/$KEXT || ( 40 | echo "Couldn't unload kernel extension; I'll assume that it's already gone." 41 | ) 42 | rm -rf $KEXTDPREFIX/Library/Extensions/$KEXT 43 | echo "Previous version of $KEXT has been removed." 44 | else 45 | echo "$KEXT has not yet been installed." 46 | fi 47 | ;; 48 | *) 49 | echo "Unknown action $1" 50 | exit 1 51 | ;; 52 | esac 53 | -------------------------------------------------------------------------------- /package.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Note that this script requires xcpretty and GNU tar. 3 | 4 | set -e 5 | set -o pipefail 6 | 7 | cd "$(dirname $0)" 8 | 9 | rm -rf build 10 | xcodebuild -configuration Release build | xcpretty 11 | 12 | KEXT=DisableLibraryValidation.kext 13 | KEXTVERSION=$(/usr/libexec/PlistBuddy -c "Print :CFBundleShortVersionString" build/Release/$KEXT/Contents/Info.plist) 14 | 15 | (set -e && cd build/Release/ && COPYFILE_DISABLE=1 gtar -c --owner=0 --group=0 -z -f $KEXT.$KEXTVERSION.tar.gz $KEXT) 16 | 17 | echo "▸ Done, your archive file is under build/Release/" 18 | --------------------------------------------------------------------------------