├── Ostiarius ├── en.lproj │ ├── InfoPlist.strings │ └── Credits.rtf ├── images │ ├── icon.png │ └── ostiarius.png ├── Images.xcassets │ ├── Contents.json │ └── AppIcon.appiconset │ │ ├── icon_16x16.png │ │ ├── icon_32x32.png │ │ ├── icon_128x128.png │ │ ├── icon_256x256.png │ │ ├── icon_32x32@2x.png │ │ ├── icon_512x512.png │ │ ├── icon_128x128@2x.png │ │ ├── icon_256x256@2x.png │ │ ├── icon_512x512@2x.png │ │ └── Contents.json ├── Ostiarius-Prefix.pch ├── Logging.h ├── Exception.h ├── Configure.h ├── AppDelegate.h ├── Utilities.h ├── ErrorWindowController.h ├── Base.lproj │ └── MainMenu.xib ├── Logging.m ├── ConfigureWindowController.h ├── Ostiarius-Info.plist ├── Consts.h ├── main.m ├── AppDelegate.m ├── ErrorWindowController.m ├── Exception.m ├── UI │ ├── ErrorWindowController.xib │ └── ConfigureWindowController.xib ├── Configure.m ├── Utilities.m └── ConfigureWindowController.m ├── Ostiarius.xcworkspace ├── xcuserdata │ └── patrickw.xcuserdatad │ │ └── UserInterfaceState.xcuserstate └── contents.xcworkspacedata ├── Ostiarius.xcodeproj ├── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcuserdata │ │ └── patrickw.xcuserdatad │ │ └── UserInterfaceState.xcuserstate ├── xcuserdata │ └── patrickw.xcuserdatad │ │ └── xcschemes │ │ ├── xcschememanagement.plist │ │ └── Ostiarius.xcscheme └── project.pbxproj ├── OstiariusKext.xcodeproj ├── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcuserdata │ │ └── patrickw.xcuserdatad │ │ └── UserInterfaceState.xcuserstate ├── xcuserdata │ └── patrickw.xcuserdatad │ │ └── xcschemes │ │ ├── xcschememanagement.plist │ │ └── OstiariusKext.xcscheme └── project.pbxproj ├── OstiariusKext ├── Info.plist ├── OstiariusKext.hpp └── OstiariusKext.cpp └── LICENSE /Ostiarius/en.lproj/InfoPlist.strings: -------------------------------------------------------------------------------- 1 | /* Localized versions of Info.plist keys */ 2 | 3 | -------------------------------------------------------------------------------- /Ostiarius/images/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/images/icon.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "info" : { 3 | "version" : 1, 4 | "author" : "xcode" 5 | } 6 | } -------------------------------------------------------------------------------- /Ostiarius/images/ostiarius.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/images/ostiarius.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_16x16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_16x16.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_32x32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_32x32.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_128x128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_128x128.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_256x256.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_256x256.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_32x32@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_32x32@2x.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_512x512.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_512x512.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_128x128@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_128x128@2x.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_256x256@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_256x256@2x.png -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/icon_512x512@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius/Images.xcassets/AppIcon.appiconset/icon_512x512@2x.png -------------------------------------------------------------------------------- /Ostiarius.xcworkspace/xcuserdata/patrickw.xcuserdatad/UserInterfaceState.xcuserstate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius.xcworkspace/xcuserdata/patrickw.xcuserdatad/UserInterfaceState.xcuserstate -------------------------------------------------------------------------------- /Ostiarius.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /Ostiarius/Ostiarius-Prefix.pch: -------------------------------------------------------------------------------- 1 | // 2 | // Prefix header 3 | // 4 | // The contents of this file are implicitly included at the beginning of every source file. 5 | // 6 | 7 | #ifdef __OBJC__ 8 | #import 9 | #endif 10 | -------------------------------------------------------------------------------- /OstiariusKext.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /Ostiarius.xcodeproj/project.xcworkspace/xcuserdata/patrickw.xcuserdatad/UserInterfaceState.xcuserstate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/Ostiarius.xcodeproj/project.xcworkspace/xcuserdata/patrickw.xcuserdatad/UserInterfaceState.xcuserstate -------------------------------------------------------------------------------- /OstiariusKext.xcodeproj/project.xcworkspace/xcuserdata/patrickw.xcuserdatad/UserInterfaceState.xcuserstate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/Ostiarius/HEAD/OstiariusKext.xcodeproj/project.xcworkspace/xcuserdata/patrickw.xcuserdatad/UserInterfaceState.xcuserstate -------------------------------------------------------------------------------- /Ostiarius.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /Ostiarius/Logging.h: -------------------------------------------------------------------------------- 1 | // 2 | // Logging.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #ifndef __Ostiarius__Logging__ 10 | #define __Ostiarius__Logging__ 11 | 12 | #import 13 | 14 | //log a msg to syslog 15 | // ->also disk, if error 16 | void logMsg(int level, NSString* msg); 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /Ostiarius/Exception.h: -------------------------------------------------------------------------------- 1 | // 2 | // Exception.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import 10 | #import 11 | 12 | //install exception/signal handlers 13 | void installExceptionHandlers(); 14 | 15 | //exception handler for Obj-C exceptions 16 | void exceptionHandler(NSException *exception); 17 | 18 | //signal handler for *nix style exceptions 19 | void signalHandler(int signal, siginfo_t *info, void *context); 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /Ostiarius/en.lproj/Credits.rtf: -------------------------------------------------------------------------------- 1 | {\rtf0\ansi{\fonttbl\f0\fswiss Helvetica;} 2 | {\colortbl;\red255\green255\blue255;} 3 | \paperw9840\paperh8400 4 | \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural 5 | 6 | \f0\b\fs24 \cf0 Engineering: 7 | \b0 \ 8 | Some people\ 9 | \ 10 | 11 | \b Human Interface Design: 12 | \b0 \ 13 | Some other people\ 14 | \ 15 | 16 | \b Testing: 17 | \b0 \ 18 | Hopefully not nobody\ 19 | \ 20 | 21 | \b Documentation: 22 | \b0 \ 23 | Whoever\ 24 | \ 25 | 26 | \b With special thanks to: 27 | \b0 \ 28 | Mom\ 29 | } 30 | -------------------------------------------------------------------------------- /Ostiarius.xcodeproj/xcuserdata/patrickw.xcuserdatad/xcschemes/xcschememanagement.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | SchemeUserState 6 | 7 | Ostiarius.xcscheme 8 | 9 | orderHint 10 | 0 11 | 12 | 13 | SuppressBuildableAutocreation 14 | 15 | CD7F088719AE6DCA00FF00FC 16 | 17 | primary 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /OstiariusKext.xcodeproj/xcuserdata/patrickw.xcuserdatad/xcschemes/xcschememanagement.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | SchemeUserState 6 | 7 | OstiariusKext.xcscheme 8 | 9 | orderHint 10 | 0 11 | 12 | 13 | SuppressBuildableAutocreation 14 | 15 | 7DFB27681C332ADD00F68885 16 | 17 | primary 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /Ostiarius/Configure.h: -------------------------------------------------------------------------------- 1 | // 2 | // Configure.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #ifndef __Ostiarius_Configure_h 10 | #define __Ostiarius_Configure_h 11 | 12 | @interface Configure : NSObject 13 | { 14 | 15 | } 16 | 17 | 18 | /* METHODS */ 19 | 20 | //performs install || uninstall logic 21 | -(BOOL)configure:(NSUInteger)parameter; 22 | 23 | //install kext 24 | // ->copy kext (bundle) to /Library/Extensions and set permissions 25 | -(BOOL)installKext; 26 | 27 | //start kext 28 | -(BOOL)startKext; 29 | 30 | //stop kext 31 | -(BOOL)stopKext; 32 | 33 | //unload and remove kext 34 | -(BOOL)uninstallKext; 35 | 36 | @end 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /Ostiarius/AppDelegate.h: -------------------------------------------------------------------------------- 1 | // 2 | // AppDelegate.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 8/27/14. 6 | // Copyright (c) 2015 Objective-See. All rights reserved. 7 | // 8 | #import 9 | 10 | #import "ErrorWindowController.h" 11 | #import "ConfigureWindowController.h" 12 | 13 | @interface AppDelegate : NSObject 14 | { 15 | 16 | } 17 | 18 | /* PROPERTIES */ 19 | 20 | //configure window controller 21 | @property(nonatomic, retain)ConfigureWindowController* configureWindowController; 22 | 23 | //error window controller 24 | @property(nonatomic, retain)ErrorWindowController* errorWindowController; 25 | 26 | 27 | /* METHODS */ 28 | 29 | //display configuration window w/ 'install' || 'uninstall' button 30 | -(void)displayConfigureWindow:(BOOL)isInstalled; 31 | 32 | //display error window 33 | -(void)displayErrorWindow:(NSDictionary*)errorInfo; 34 | 35 | @end 36 | -------------------------------------------------------------------------------- /Ostiarius/Utilities.h: -------------------------------------------------------------------------------- 1 | // 2 | // Utilities.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #ifndef __Ostiarius__Utilities__ 10 | #define __Ostiarius__Utilities__ 11 | 12 | //check if kext is installed 13 | // ->just checks permenant location of kext 14 | BOOL isInstalled(); 15 | 16 | //return path to kext 17 | NSString* kextPath(); 18 | 19 | //start an NSTask 20 | NSUInteger execTask(NSString* path, NSArray* arguments); 21 | 22 | //get current version 23 | NSString* getVersion(); 24 | 25 | //is current OS version supported? 26 | // ->for now, just OS X 10.11.* (El Capitan) 27 | BOOL isSupportedOS(); 28 | 29 | //get OS version 30 | NSDictionary* getOSVersion(); 31 | 32 | //get app's version 33 | // ->extracted from Info.plist 34 | NSString* getAppVersion(); 35 | 36 | //set dir's|file's group/owner 37 | BOOL setFileOwner(NSString* path, NSNumber* groupID, NSNumber* ownerID, BOOL recursive); 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /Ostiarius/ErrorWindowController.h: -------------------------------------------------------------------------------- 1 | // 2 | // ErrorWindowController.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface ErrorWindowController : NSWindowController 12 | { 13 | 14 | } 15 | 16 | //main msg in window 17 | @property (weak) IBOutlet NSTextField *errMsg; 18 | 19 | //sub msg in window 20 | @property (weak) IBOutlet NSTextField *errSubMsg; 21 | 22 | //info/help/fix button 23 | @property (weak) IBOutlet NSButton *infoButton; 24 | 25 | //close button 26 | @property (weak) IBOutlet NSButton *closeButton; 27 | 28 | //(optional) url for 'Info' button 29 | @property(nonatomic, retain)NSURL* errorURL; 30 | 31 | //flag indicating close button should exit app 32 | @property BOOL shouldExit; 33 | 34 | /* METHODS */ 35 | 36 | //configure the object/window 37 | -(void)configure:(NSDictionary*)errorInfo; 38 | 39 | //display (show) window 40 | -(void)display; 41 | 42 | @end 43 | -------------------------------------------------------------------------------- /Ostiarius/Base.lproj/MainMenu.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /Ostiarius/Logging.m: -------------------------------------------------------------------------------- 1 | // 2 | // Logging.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import "Consts.h" 10 | #import "Logging.h" 11 | #import "Utilities.h" 12 | 13 | //log a msg 14 | void logMsg(int level, NSString* msg) 15 | { 16 | //log prefix 17 | NSMutableString* logPrefix = nil; 18 | 19 | //alloc/init 20 | // ->always start w/ 'OSTIARIUS' + pid 21 | logPrefix = [NSMutableString stringWithFormat:@"OSTIARIUS(%d)", getpid()]; 22 | 23 | //if its error, add error to prefix 24 | if(LOG_ERR == level) 25 | { 26 | //add 27 | [logPrefix appendString:@" ERROR"]; 28 | } 29 | 30 | //debug mode logic 31 | #ifdef DEBUG 32 | 33 | //in debug mode promote debug msgs to LOG_NOTICE 34 | // ->OS X only shows LOG_NOTICE and above 35 | if(LOG_DEBUG == level) 36 | { 37 | //promote 38 | level = LOG_NOTICE; 39 | } 40 | 41 | #endif 42 | 43 | //log to syslog 44 | syslog(level, "%s: %s", [logPrefix UTF8String], [msg UTF8String]); 45 | 46 | return; 47 | } 48 | -------------------------------------------------------------------------------- /Ostiarius/ConfigureWindowController.h: -------------------------------------------------------------------------------- 1 | // 2 | // ConfigureWindowController.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 11/23/14. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface ConfigureWindowController : NSWindowController 12 | { 13 | 14 | } 15 | 16 | /* PROPERTIES */ 17 | 18 | //title for window 19 | //@property (nonatomic, retain)NSString* windowTitle; 20 | 21 | //action 22 | //@property NSUInteger action; 23 | 24 | @property (weak) IBOutlet NSProgressIndicator *activityIndicator; 25 | @property (weak) IBOutlet NSTextField *statusMsg; 26 | @property (weak) IBOutlet NSButton *installButton; 27 | @property (weak) IBOutlet NSButton *uninstallButton; 28 | @property (weak) IBOutlet NSButton *moreInfoButton; 29 | 30 | 31 | /* METHODS */ 32 | 33 | //install/uninstall button handler 34 | -(IBAction)buttonHandler:(id)sender; 35 | 36 | //(more) info button handler 37 | -(IBAction)info:(id)sender; 38 | 39 | //configure window/buttons 40 | // ->also brings to front 41 | -(void)configure:(BOOL)isInstalled; 42 | 43 | //display (show) window 44 | -(void)display; 45 | 46 | 47 | @end 48 | -------------------------------------------------------------------------------- /Ostiarius/Ostiarius-Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | en 7 | CFBundleExecutable 8 | ${EXECUTABLE_NAME} 9 | CFBundleIdentifier 10 | $(PRODUCT_BUNDLE_IDENTIFIER) 11 | CFBundleInfoDictionaryVersion 12 | 6.0 13 | CFBundleName 14 | ${PRODUCT_NAME} 15 | CFBundlePackageType 16 | APPL 17 | CFBundleShortVersionString 18 | 1.2.0 19 | CFBundleSignature 20 | ???? 21 | CFBundleVersion 22 | 1.2.0 23 | LSMinimumSystemVersion 24 | ${MACOSX_DEPLOYMENT_TARGET} 25 | NSHumanReadableCopyright 26 | Copyright © 2016 Objective See. All rights reserved. 27 | NSMainNibFile 28 | MainMenu 29 | NSPrincipalClass 30 | NSApplication 31 | 32 | 33 | -------------------------------------------------------------------------------- /Ostiarius/Consts.h: -------------------------------------------------------------------------------- 1 | // 2 | // Const.h 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #ifndef __Ostiarius_Consts_h 10 | #define __Ostiarius_Consts_h 11 | 12 | //general error URL 13 | #define FATAL_ERROR_URL @"https://objective-see.com/errors.html" 14 | 15 | //kext bundle name 16 | #define KEXT_NAME @"Ostiarius.kext" 17 | 18 | //kext label 19 | #define KEXT_LABEL @"com.objective-see.OstiariusKext" 20 | 21 | //path to kextload 22 | #define KEXT_LOAD @"/sbin/kextload" 23 | 24 | //path to kextunload 25 | #define KEXT_UNLOAD @"/sbin/kextunload" 26 | 27 | //action to install 28 | // ->also button title 29 | #define ACTION_INSTALL @"Install" 30 | 31 | //action to uninstall 32 | // ->also button title 33 | #define ACTION_UNINSTALL @"Uninstall" 34 | 35 | //action to kick off UI installer 36 | #define ACTION_UNINSTALL_UI @"Uninstall_UI" 37 | 38 | //button title 39 | // ->Close 40 | #define ACTION_CLOSE @"Close" 41 | 42 | //flag to uninstall 43 | #define ACTION_UNINSTALL_FLAG 0 44 | 45 | //flag to install 46 | #define ACTION_INSTALL_FLAG 1 47 | 48 | //frame shift 49 | // ->for status msg to avoid activity indicator 50 | #define FRAME_SHIFT 45 51 | 52 | //status OK 53 | #define STATUS_SUCCESS 0 54 | 55 | //error msg 56 | #define KEY_ERROR_MSG @"errorMsg" 57 | 58 | //sub msg 59 | #define KEY_ERROR_SUB_MSG @"errorSubMsg" 60 | 61 | //error URL 62 | #define KEY_ERROR_URL @"errorURL" 63 | 64 | //flag for error popup 65 | #define KEY_ERROR_SHOULD_EXIT @"shouldExit" 66 | 67 | #endif 68 | -------------------------------------------------------------------------------- /Ostiarius/Images.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "size" : "16x16", 5 | "idiom" : "mac", 6 | "filename" : "icon_16x16.png", 7 | "scale" : "1x" 8 | }, 9 | { 10 | "idiom" : "mac", 11 | "size" : "16x16", 12 | "scale" : "2x" 13 | }, 14 | { 15 | "size" : "32x32", 16 | "idiom" : "mac", 17 | "filename" : "icon_32x32.png", 18 | "scale" : "1x" 19 | }, 20 | { 21 | "size" : "32x32", 22 | "idiom" : "mac", 23 | "filename" : "icon_32x32@2x.png", 24 | "scale" : "2x" 25 | }, 26 | { 27 | "size" : "128x128", 28 | "idiom" : "mac", 29 | "filename" : "icon_128x128.png", 30 | "scale" : "1x" 31 | }, 32 | { 33 | "size" : "128x128", 34 | "idiom" : "mac", 35 | "filename" : "icon_128x128@2x.png", 36 | "scale" : "2x" 37 | }, 38 | { 39 | "size" : "256x256", 40 | "idiom" : "mac", 41 | "filename" : "icon_256x256.png", 42 | "scale" : "1x" 43 | }, 44 | { 45 | "size" : "256x256", 46 | "idiom" : "mac", 47 | "filename" : "icon_256x256@2x.png", 48 | "scale" : "2x" 49 | }, 50 | { 51 | "size" : "512x512", 52 | "idiom" : "mac", 53 | "filename" : "icon_512x512.png", 54 | "scale" : "1x" 55 | }, 56 | { 57 | "size" : "512x512", 58 | "idiom" : "mac", 59 | "filename" : "icon_512x512@2x.png", 60 | "scale" : "2x" 61 | } 62 | ], 63 | "info" : { 64 | "version" : 1, 65 | "author" : "xcode" 66 | } 67 | } -------------------------------------------------------------------------------- /OstiariusKext/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | en 7 | CFBundleExecutable 8 | $(EXECUTABLE_NAME) 9 | CFBundleIdentifier 10 | $(PRODUCT_BUNDLE_IDENTIFIER) 11 | CFBundleInfoDictionaryVersion 12 | 6.0 13 | CFBundleName 14 | $(PRODUCT_NAME) 15 | CFBundlePackageType 16 | KEXT 17 | CFBundleShortVersionString 18 | 1.2.0 19 | CFBundleSignature 20 | ???? 21 | CFBundleVersion 22 | 1.2.0 23 | IOKitPersonalities 24 | 25 | OstiariusKext 26 | 27 | CFBundleIdentifier 28 | $(PRODUCT_BUNDLE_IDENTIFIER) 29 | IOClass 30 | com_objectiveSee_OstiariusKext 31 | IOMatchCategory 32 | com_objectiveSee_OstiariusKext 33 | IOProviderClass 34 | IOResources 35 | IOResourceMatch 36 | IOKit 37 | 38 | 39 | NSHumanReadableCopyright 40 | Copyright © 2016 Objective-See. All rights reserved. 41 | OSBundleLibraries 42 | 43 | com.apple.kpi.bsd 44 | 10.0.0 45 | com.apple.kpi.dsep 46 | 10.0.0 47 | com.apple.kpi.libkern 48 | 10.0.0 49 | com.apple.kpi.iokit 50 | 10.0.0 51 | com.apple.kpi.mach 52 | 10.0.0 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /OstiariusKext/OstiariusKext.hpp: -------------------------------------------------------------------------------- 1 | // 2 | // OstiariusKext.hpp 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #include 10 | #include 11 | 12 | extern "C" 13 | { 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | } 26 | 27 | /* DEFINES */ 28 | 29 | //kext's superclass 30 | #define super IOService 31 | 32 | /* GLOBALS */ 33 | 34 | //kauth listener 35 | // ->scope KAUTH_SCOPE_FILEOP 36 | kauth_listener_t kauthListener = NULL; 37 | 38 | //alloc tag 39 | OSMallocTag allocTag = NULL; 40 | 41 | //buffer size for quarantine attributes 42 | // ->value extracted from '_quarantine_get_flags' disassembly in Quarantine.kext 43 | #define QATTR_SIZE 0x1001 44 | 45 | //quarantine flag identifier 46 | #define QFLAGS_STRING_ID "com.apple.quarantine" 47 | 48 | //print macros 49 | #ifdef DEBUG 50 | # define DEBUG_PRINT(x) IOLog x 51 | #else 52 | # define DEBUG_PRINT(x) do {} while (0) 53 | #endif 54 | 55 | /* METHODS */ 56 | 57 | //given a vnode 58 | // ->get it's quarantine attribute flags 59 | unsigned int getQAttrFlags(vnode_t vnode); 60 | 61 | //given a 'BSD name' for a mounted filesystem (ex: '/dev/disk1s2') 62 | // ->find the orginal disk image (dmg) that was mounted at this location 63 | void findDMG(char* mountFrom, char* diskImage); 64 | 65 | //given a parent 66 | // ->finds (first) child that matches specified class name 67 | IORegistryEntry* findChild(IORegistryEntry* parent, const char* name); 68 | 69 | //class declaration 70 | class com_objectiveSee_OstiariusKext : public IOService 71 | { 72 | //structs 73 | OSDeclareDefaultStructors(com_objectiveSee_OstiariusKext) 74 | 75 | public: 76 | 77 | //start 78 | virtual bool start(IOService *provider) override; 79 | 80 | //stop 81 | virtual void stop(IOService *provider) override; 82 | }; 83 | 84 | 85 | -------------------------------------------------------------------------------- /OstiariusKext.xcodeproj/xcuserdata/patrickw.xcuserdatad/xcschemes/OstiariusKext.xcscheme: -------------------------------------------------------------------------------- 1 | 2 | 5 | 8 | 9 | 15 | 21 | 22 | 23 | 24 | 25 | 30 | 31 | 32 | 33 | 34 | 35 | 45 | 46 | 52 | 53 | 54 | 55 | 56 | 57 | 63 | 64 | 70 | 71 | 72 | 73 | 75 | 76 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /Ostiarius/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import 10 | #import 11 | 12 | /* METHODS DECLARATIONS */ 13 | 14 | //spawn self as root 15 | BOOL spawnAsRoot(char* path2Self); 16 | 17 | /*CODE */ 18 | 19 | //main 20 | int main(int argc, char *argv[]) 21 | { 22 | //return var 23 | int retVar = -1; 24 | 25 | //check for r00t 26 | // ->then spawn self via auth exec 27 | if(0 != geteuid()) 28 | { 29 | //err msg 30 | syslog(LOG_ERR, "OSTIARIUS: non-root instance (%d)\n", getpid()); 31 | 32 | //spawn as root 33 | if(YES != spawnAsRoot(argv[0])) 34 | { 35 | //err msg 36 | syslog(LOG_ERR, "OSTIARIUS ERROR: failed to spawn self as r00t\n"); 37 | 38 | //bail 39 | goto bail; 40 | } 41 | 42 | //happy 43 | retVar = 0; 44 | } 45 | 46 | //otherwise 47 | // ->just kick off app, as we're root now 48 | else 49 | { 50 | //app away 51 | retVar = NSApplicationMain(argc, (const char **)argv); 52 | } 53 | 54 | //bail 55 | bail: 56 | 57 | return retVar; 58 | } 59 | 60 | 61 | //spawn self as root 62 | BOOL spawnAsRoot(char* path2Self) 63 | { 64 | //return/status var 65 | BOOL bRet = NO; 66 | 67 | //authorization ref 68 | AuthorizationRef authorizatioRef = {0}; 69 | 70 | //args 71 | const char* args[0x10] = {0}; 72 | 73 | //1st arg: pid of self 74 | // ->brute-forcing fails on this pid, so need to pass & record it 75 | args[0] = [[[NSNumber numberWithInt:getpid()] description] UTF8String]; 76 | 77 | //end args with NULL 78 | args[1] = NULL; 79 | 80 | //flag indicating auth ref was created 81 | BOOL authRefCreated = NO; 82 | 83 | //status code 84 | OSStatus osStatus = -1; 85 | 86 | //create authorization ref 87 | // ->and check 88 | osStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizatioRef); 89 | if(errAuthorizationSuccess != osStatus) 90 | { 91 | //err msg 92 | syslog(LOG_ERR, "OSTIARIUS ERROR: AuthorizationCreate() failed with %d", osStatus); 93 | 94 | //bail 95 | goto bail; 96 | } 97 | 98 | //set flag indicating auth ref was created 99 | authRefCreated = YES; 100 | 101 | //spawn self as r00t w/ install flag (will ask user for password) 102 | // ->and check 103 | osStatus = AuthorizationExecuteWithPrivileges(authorizatioRef, path2Self, 0, (char* const*)&args, NULL); 104 | 105 | //check 106 | if(errAuthorizationSuccess != osStatus) 107 | { 108 | //err msg 109 | syslog(LOG_ERR, "OSTIARIUS ERROR: AuthorizationExecuteWithPrivileges() failed with %d", osStatus); 110 | 111 | //bail 112 | goto bail; 113 | } 114 | 115 | //no errors 116 | bRet = YES; 117 | 118 | //bail 119 | bail: 120 | 121 | //free auth ref 122 | if(YES == authRefCreated) 123 | { 124 | //free 125 | AuthorizationFree(authorizatioRef, kAuthorizationFlagDefaults); 126 | } 127 | 128 | return bRet; 129 | } 130 | -------------------------------------------------------------------------------- /Ostiarius.xcodeproj/xcuserdata/patrickw.xcuserdatad/xcschemes/Ostiarius.xcscheme: -------------------------------------------------------------------------------- 1 | 2 | 5 | 8 | 9 | 15 | 21 | 22 | 23 | 24 | 25 | 30 | 31 | 32 | 33 | 39 | 40 | 41 | 42 | 43 | 44 | 54 | 56 | 62 | 63 | 64 | 65 | 66 | 67 | 73 | 75 | 81 | 82 | 83 | 84 | 86 | 87 | 90 | 91 | 92 | -------------------------------------------------------------------------------- /Ostiarius/AppDelegate.m: -------------------------------------------------------------------------------- 1 | // 2 | // AppDelegate.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import "Consts.h" 10 | #import "Logging.h" 11 | #import "Configure.h" 12 | #import "Exception.h" 13 | #import "Utilities.h" 14 | #import "AppDelegate.h" 15 | 16 | @implementation AppDelegate 17 | 18 | @synthesize errorWindowController; 19 | @synthesize configureWindowController; 20 | 21 | //automatically invoked when app is loaded 22 | // ->check OS version, then show configure (install/uninstall) popup 23 | -(void)applicationDidFinishLaunching:(NSNotification *)aNotification 24 | { 25 | //first thing... 26 | // ->install exception handlers 27 | installExceptionHandlers(); 28 | 29 | //check if OS is supported 30 | if(YES != isSupportedOS()) 31 | { 32 | //show error popup 33 | [self displayErrorWindow: @{KEY_ERROR_MSG:@"ERROR: unsupported OS", KEY_ERROR_SUB_MSG: [NSString stringWithFormat:@"OS X %@ is not supported", [[NSProcessInfo processInfo] operatingSystemVersionString]], KEY_ERROR_SHOULD_EXIT:@YES}]; 34 | 35 | //bail 36 | goto bail; 37 | } 38 | 39 | //show window 40 | [self displayConfigureWindow:isInstalled()]; 41 | 42 | //bail 43 | bail: 44 | 45 | return; 46 | } 47 | 48 | //display configuration window w/ 'install' || 'uninstall' button 49 | -(void)displayConfigureWindow:(BOOL)isInstalled 50 | { 51 | //alloc/init 52 | configureWindowController = [[ConfigureWindowController alloc] initWithWindowNibName:@"ConfigureWindowController"]; 53 | 54 | //display it 55 | // ->call this first to so that outlets are connected 56 | [self.configureWindowController display]; 57 | 58 | //configure it 59 | [self.configureWindowController configure:isInstalled]; 60 | 61 | return; 62 | } 63 | 64 | //display error window 65 | -(void)displayErrorWindow:(NSDictionary*)errorInfo 66 | { 67 | //alloc error window 68 | errorWindowController = [[ErrorWindowController alloc] initWithWindowNibName:@"ErrorWindowController"]; 69 | 70 | //main thread 71 | // ->just show UI alert, unless its fatal (then load URL) 72 | if(YES == [NSThread isMainThread]) 73 | { 74 | //non-fatal errors 75 | // ->show error error popup 76 | if(YES != [errorInfo[KEY_ERROR_URL] isEqualToString:FATAL_ERROR_URL]) 77 | { 78 | //display it 79 | // ->call this first to so that outlets are connected 80 | [self.errorWindowController display]; 81 | 82 | //configure it 83 | [self.errorWindowController configure:errorInfo]; 84 | } 85 | //fatal error 86 | // ->launch browser to go to fatal error page, then exit 87 | else 88 | { 89 | //launch browser 90 | [[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:errorInfo[KEY_ERROR_URL]]]; 91 | 92 | //then exit 93 | [NSApp terminate:self]; 94 | } 95 | } 96 | //background thread 97 | // ->have to show error window on main thread 98 | else 99 | { 100 | //show alert 101 | // ->in main UI thread 102 | dispatch_sync(dispatch_get_main_queue(), ^{ 103 | 104 | //display it 105 | // ->call this first to so that outlets are connected 106 | [self.errorWindowController display]; 107 | 108 | //configure it 109 | [self.errorWindowController configure:errorInfo]; 110 | 111 | }); 112 | } 113 | 114 | return; 115 | } 116 | 117 | @end 118 | -------------------------------------------------------------------------------- /Ostiarius/ErrorWindowController.m: -------------------------------------------------------------------------------- 1 | // 2 | // ErrorWindowController.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import "Consts.h" 10 | #import "Logging.h" 11 | #import "ErrorWindowController.h" 12 | 13 | @interface ErrorWindowController () 14 | 15 | @end 16 | 17 | @implementation ErrorWindowController 18 | 19 | @synthesize errorURL; 20 | @synthesize shouldExit; 21 | @synthesize closeButton; 22 | 23 | //automatically called when nib is loaded 24 | // ->center window 25 | -(void)awakeFromNib 26 | { 27 | //center 28 | [self.window center]; 29 | 30 | return; 31 | } 32 | 33 | //configure the object/window 34 | -(void)configure:(NSDictionary*)errorInfo 35 | { 36 | //set error msg 37 | self.errMsg.stringValue = errorInfo[KEY_ERROR_MSG]; 38 | 39 | //set error sub msg 40 | self.errSubMsg.stringValue = errorInfo[KEY_ERROR_SUB_MSG]; 41 | 42 | //save exit 43 | self.shouldExit = [errorInfo[KEY_ERROR_SHOULD_EXIT] boolValue]; 44 | 45 | //grab optional error url 46 | if(nil != errorInfo[KEY_ERROR_URL]) 47 | { 48 | //extract/convert 49 | self.errorURL = [NSURL URLWithString:errorInfo[KEY_ERROR_URL]]; 50 | } 51 | 52 | //when exiting 53 | // ->change 'close' to 'exit' 54 | if(YES == self.shouldExit) 55 | { 56 | //change title 57 | self.closeButton.title = @"Exit"; 58 | } 59 | 60 | //for fatal errors 61 | // ->change 'Info' to 'help fix' 62 | if(YES == [[self.errorURL absoluteString] isEqualToString:FATAL_ERROR_URL]) 63 | { 64 | //change title 65 | self.infoButton.title = @"Help Fix"; 66 | } 67 | 68 | //set delegate 69 | [self.window setDelegate:self]; 70 | 71 | return; 72 | } 73 | 74 | //display (show) window 75 | -(void)display 76 | { 77 | //show (now configured), alert 78 | [self showWindow:self]; 79 | 80 | //make it key window 81 | [self.window makeKeyAndOrderFront:self]; 82 | 83 | //make window front 84 | [NSApp activateIgnoringOtherApps:YES]; 85 | 86 | //make close button active 87 | [self.window makeFirstResponder:closeButton]; 88 | 89 | //make white 90 | [self.window setBackgroundColor: NSColor.whiteColor]; 91 | 92 | return; 93 | } 94 | 95 | //invoked when user clicks '?' (help button) 96 | // ->open url with more info about the error(s) 97 | - (IBAction)help:(id)sender 98 | { 99 | //if a url was specified 100 | // ->use that one 101 | if(nil != self.errorURL) 102 | { 103 | //open URL 104 | // ->invokes user's default browser 105 | [[NSWorkspace sharedWorkspace] openURL:self.errorURL]; 106 | } 107 | //use default URL 108 | else 109 | { 110 | //open URL 111 | // ->invokes user's default browser 112 | [[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:FATAL_ERROR_URL]]; 113 | } 114 | 115 | //when error should cause an exit 116 | // ->close window here (to trigger exit) 117 | if(YES == self.shouldExit) 118 | { 119 | //close 120 | [self.window close]; 121 | } 122 | 123 | return; 124 | } 125 | 126 | //invoked when user clicks 'close' 127 | // ->just close window 128 | -(IBAction)close:(id)sender 129 | { 130 | //close 131 | [self.window close]; 132 | 133 | return; 134 | } 135 | 136 | //automatically invoked when window is closing 137 | // ->exit the app if specified... 138 | -(void)windowWillClose:(NSNotification *)notification 139 | { 140 | //check if should exit process 141 | // ->e.g. an error during install, etc 142 | if(YES == self.shouldExit) 143 | { 144 | //dbg msg 145 | logMsg(LOG_ERR, @"exiting application"); 146 | 147 | //exit 148 | [NSApp terminate:self]; 149 | } 150 | 151 | return; 152 | } 153 | 154 | @end 155 | -------------------------------------------------------------------------------- /Ostiarius/Exception.m: -------------------------------------------------------------------------------- 1 | // 2 | // Exception.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import "Consts.h" 10 | #import "Logging.h" 11 | #import "Exception.h" 12 | #import "Utilities.h" 13 | #import "AppDelegate.h" 14 | 15 | 16 | //global 17 | // ->only report an fatal exception once 18 | BOOL wasReported = NO; 19 | 20 | //install exception/signal handlers 21 | void installExceptionHandlers() 22 | { 23 | //sigaction struct 24 | struct sigaction sa = {0}; 25 | 26 | //init signal struct 27 | sigemptyset(&sa.sa_mask); 28 | sa.sa_flags = SA_SIGINFO; 29 | sa.sa_sigaction = signalHandler; 30 | 31 | //objective-C exception handler 32 | NSSetUncaughtExceptionHandler(&exceptionHandler); 33 | 34 | //install signal handlers 35 | sigaction(SIGILL, &sa, NULL); 36 | sigaction(SIGSEGV, &sa, NULL); 37 | sigaction(SIGBUS, &sa, NULL); 38 | sigaction(SIGABRT, &sa, NULL); 39 | sigaction(SIGTRAP, &sa, NULL); 40 | sigaction(SIGFPE, &sa, NULL); 41 | 42 | return; 43 | } 44 | 45 | //exception handler 46 | // will be invoked for Obj-C exceptions 47 | void exceptionHandler(NSException *exception) 48 | { 49 | //error info dictionary 50 | NSMutableDictionary* errorInfo = nil; 51 | 52 | //error msg 53 | NSString* errorMessage = nil; 54 | 55 | //ignore if exception was already reported 56 | if(YES == wasReported) 57 | { 58 | //bail 59 | goto bail; 60 | } 61 | 62 | //alloc 63 | errorInfo = [NSMutableDictionary dictionary]; 64 | 65 | //err msg 66 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OBJECTIVE-SEE ERROR: OS version: %@ /App version: %@", [[NSProcessInfo processInfo] operatingSystemVersionString], getAppVersion()]); 67 | 68 | //create error msg 69 | errorMessage = [NSString stringWithFormat:@"unhandled obj-c exception caught [name: %@ / reason: %@]", [exception name], [exception reason]]; 70 | 71 | //err msg 72 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OBJECTIVE-SEE ERROR: %@", errorMessage]); 73 | 74 | //err msg 75 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OBJECTIVE-SEE ERROR: %@", [[NSThread callStackSymbols] description]]); 76 | 77 | //add main error msg 78 | errorInfo[KEY_ERROR_MSG] = @"ERROR: unrecoverable fault"; 79 | 80 | //add sub msg 81 | errorInfo[KEY_ERROR_SUB_MSG] = [exception name]; 82 | 83 | //set error URL 84 | errorInfo[KEY_ERROR_URL] = FATAL_ERROR_URL; 85 | 86 | //fatal error 87 | // ->agent should exit 88 | errorInfo[KEY_ERROR_SHOULD_EXIT] = [NSNumber numberWithBool:YES]; 89 | 90 | //display error msg 91 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) displayErrorWindow:errorInfo]; 92 | 93 | //set flag 94 | wasReported = YES; 95 | 96 | //need to sleep, otherwise returning from this function will cause OS to kill agent 97 | // instead, we want error popup to be displayed (which will exit agent when closed) 98 | if(YES != [NSThread isMainThread]) 99 | { 100 | //nap 101 | while(YES) 102 | { 103 | //nap 104 | [NSThread sleepForTimeInterval:1.0f]; 105 | } 106 | } 107 | 108 | //bail 109 | bail: 110 | 111 | return; 112 | } 113 | 114 | //handler for signals 115 | // will be invoked for BSD/*nix signals 116 | void signalHandler(int signal, siginfo_t *info, void *context) 117 | { 118 | //error info dictionary 119 | NSMutableDictionary* errorInfo = nil; 120 | 121 | //error msg 122 | NSString* errorMessage = nil; 123 | 124 | //context 125 | ucontext_t *uContext = NULL; 126 | 127 | //ignore if exception was already reported 128 | if(YES == wasReported) 129 | { 130 | //bail 131 | goto bail; 132 | } 133 | 134 | //alloc 135 | errorInfo = [NSMutableDictionary dictionary]; 136 | 137 | //err msg 138 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OBJECTIVE-SEE ERROR: OS version: %@ /App version: %@", [[NSProcessInfo processInfo] operatingSystemVersionString], getAppVersion()]); 139 | 140 | //typecast context 141 | uContext = (ucontext_t *)context; 142 | 143 | //create error msg 144 | errorMessage = [NSString stringWithFormat:@"unhandled exception caught, si_signo: %d /si_code: %s /si_addr: %p /rip: %p", 145 | info->si_signo, (info->si_code == SEGV_MAPERR) ? "SEGV_MAPERR" : "SEGV_ACCERR", info->si_addr, (unsigned long*)uContext->uc_mcontext->__ss.__rip]; 146 | 147 | //err msg 148 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OBJECTIVE-SEE ERROR: %@", errorMessage]); 149 | 150 | //err msg 151 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OBJECTIVE-SEE ERROR: %@", [[NSThread callStackSymbols] description]]); 152 | 153 | //add main error msg 154 | errorInfo[KEY_ERROR_MSG] = @"ERROR: unrecoverable fault"; 155 | 156 | //add sub msg 157 | errorInfo[KEY_ERROR_SUB_MSG] = [NSString stringWithFormat:@"si_signo: %d / rip: %p", info->si_signo, (unsigned long*)uContext->uc_mcontext->__ss.__rip]; 158 | 159 | //set error URL 160 | errorInfo[KEY_ERROR_URL] = FATAL_ERROR_URL; 161 | 162 | //fatal error 163 | // ->agent should exit 164 | errorInfo[KEY_ERROR_SHOULD_EXIT] = [NSNumber numberWithBool:YES]; 165 | 166 | //display error msg 167 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) displayErrorWindow:errorInfo]; 168 | 169 | //set flag 170 | wasReported = YES; 171 | 172 | 173 | //bail 174 | bail: 175 | 176 | return; 177 | } 178 | -------------------------------------------------------------------------------- /Ostiarius/UI/ErrorWindowController.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /Ostiarius/Configure.m: -------------------------------------------------------------------------------- 1 | // 2 | // Configure.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | #import "Logging.h" 12 | #import "Consts.h" 13 | #import "Configure.h" 14 | #import "Utilities.h" 15 | 16 | @implementation Configure 17 | 18 | //performs install || uninstall logic 19 | -(BOOL)configure:(NSUInteger)parameter 20 | { 21 | //return var 22 | BOOL bRet = NO; 23 | 24 | //error flag 25 | BOOL bAnyErrors = NO; 26 | 27 | //install 28 | // ->copy kext to system directory, then start it 29 | if(ACTION_INSTALL_FLAG == parameter) 30 | { 31 | //dbg msg 32 | logMsg(LOG_DEBUG, @"installing..."); 33 | 34 | //always try stop kext 35 | [self stopKext]; 36 | 37 | //always remove kext 38 | [self uninstallKext]; 39 | 40 | //install kext 41 | if(YES != [self installKext]) 42 | { 43 | //bail 44 | goto bail; 45 | } 46 | 47 | //dbg msg 48 | logMsg(LOG_DEBUG, @"installed kext"); 49 | 50 | //start kext 51 | if(YES != [self startKext]) 52 | { 53 | //bail 54 | goto bail; 55 | } 56 | 57 | //dbg msg 58 | logMsg(LOG_DEBUG, @"started kext"); 59 | } 60 | //uninstall 61 | // ->stop & delete kext 62 | else if(ACTION_UNINSTALL_FLAG == parameter) 63 | { 64 | //dbg msg 65 | logMsg(LOG_DEBUG, @"uninstalling..."); 66 | 67 | //stop kext 68 | if(YES != [self stopKext]) 69 | { 70 | //err msg 71 | logMsg(LOG_ERR, @"failed to stop kext"); 72 | 73 | //set error flag 74 | bAnyErrors = YES; 75 | 76 | //don't bail 77 | // ->still try remove kext 78 | } 79 | //debug logic only 80 | // ->display message 81 | else 82 | { 83 | //dbg msg 84 | logMsg(LOG_DEBUG, @"stopped kext"); 85 | } 86 | 87 | //remove kext 88 | if(YES != [self uninstallKext]) 89 | { 90 | //bail 91 | goto bail; 92 | } 93 | 94 | //dbg msg 95 | logMsg(LOG_DEBUG, @"uninstalled kext"); 96 | } 97 | 98 | //no errors 99 | bRet = YES; 100 | 101 | //bail 102 | bail: 103 | 104 | //any errors? 105 | // ->set return to NO 106 | if(YES == bAnyErrors) 107 | { 108 | //unset 109 | bRet = NO; 110 | } 111 | 112 | return bRet; 113 | } 114 | 115 | //install kext 116 | // ->copy kext (bundle) to /Library/Extensions and set permissions 117 | -(BOOL)installKext 118 | { 119 | //return/status var 120 | BOOL bRet = NO; 121 | 122 | //error 123 | NSError* error = nil; 124 | 125 | //move kext into /Libary/Extensions 126 | // ->orginally stored in applications /Resource bundle 127 | if(YES != [[NSFileManager defaultManager] copyItemAtPath:[[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:KEXT_NAME] toPath:kextPath() error:&error]) 128 | { 129 | //err msg 130 | logMsg(LOG_ERR, [NSString stringWithFormat:@"ERROR: failed to copy kext into /Library/Extensions (%@)", error]); 131 | 132 | //bail 133 | goto bail; 134 | } 135 | 136 | //dbg msg 137 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"copied kext to %@", kextPath()]); 138 | 139 | //always set group/owner to root/wheel 140 | setFileOwner(kextPath(), @0, @0, YES); 141 | 142 | //no errors 143 | bRet = YES; 144 | 145 | //bail 146 | bail: 147 | 148 | return bRet; 149 | } 150 | 151 | //start kext 152 | // ->simply execs 'kextload' 153 | -(BOOL)startKext 154 | { 155 | //return var 156 | BOOL bRet = NO; 157 | 158 | //status 159 | NSUInteger status = -1; 160 | 161 | //parameter array 162 | NSMutableArray* parameters = nil; 163 | 164 | //init pararm array 165 | parameters = [NSMutableArray array]; 166 | 167 | //add kext path as first (and only) arg 168 | [parameters addObject:kextPath()]; 169 | 170 | //dbg msg 171 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"starting kext with %@", parameters]); 172 | 173 | //load kext 174 | status = execTask(KEXT_LOAD, parameters); 175 | if(STATUS_SUCCESS != status) 176 | { 177 | //err msg 178 | logMsg(LOG_ERR, [NSString stringWithFormat:@"starting kext failed with %lu", (unsigned long)status]); 179 | 180 | //bail 181 | goto bail; 182 | } 183 | 184 | //happy 185 | bRet = YES; 186 | 187 | //bail 188 | bail: 189 | 190 | return bRet; 191 | } 192 | 193 | //unload and remove kext 194 | -(BOOL)uninstallKext 195 | { 196 | //return/status var 197 | BOOL bRet = NO; 198 | 199 | //error 200 | NSError* error = nil; 201 | 202 | //path to kext 203 | NSString* path = nil; 204 | 205 | //get kext's path 206 | path = kextPath(); 207 | 208 | //dbg msg 209 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"uninstalling kext (%@)", path]); 210 | 211 | //delete kext 212 | if(YES != [[NSFileManager defaultManager] removeItemAtPath:path error:&error]) 213 | { 214 | //err msg 215 | logMsg(LOG_ERR, [NSString stringWithFormat:@"failed to delete kext (%@)", error]); 216 | 217 | //bail 218 | goto bail; 219 | } 220 | 221 | //dbg msg 222 | logMsg(LOG_DEBUG, @"deleted kext"); 223 | 224 | //no errors 225 | bRet = YES; 226 | 227 | //bail 228 | bail: 229 | 230 | return bRet; 231 | } 232 | 233 | //stop kext 234 | // ->simply execs 'kextunload' -b 235 | -(BOOL)stopKext 236 | { 237 | //return var 238 | BOOL bRet = NO; 239 | 240 | //status 241 | NSUInteger status = -1; 242 | 243 | //parameter array 244 | NSMutableArray* parameters = nil; 245 | 246 | //init pararm array 247 | parameters = [NSMutableArray array]; 248 | 249 | //add -b as first arg 250 | [parameters addObject:@"-b"]; 251 | 252 | //add kext bundle id/label as second arg 253 | [parameters addObject:KEXT_LABEL]; 254 | 255 | //dbg msg 256 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"stopping kext with %@", parameters]); 257 | 258 | //unload kext 259 | status = execTask(KEXT_UNLOAD, parameters); 260 | if(STATUS_SUCCESS != status) 261 | { 262 | //err msg 263 | logMsg(LOG_ERR, [NSString stringWithFormat:@"stopping kext failed with %lu", (unsigned long)status]); 264 | 265 | //bail 266 | goto bail; 267 | } 268 | 269 | //happy 270 | bRet = YES; 271 | 272 | //bail 273 | bail: 274 | 275 | return bRet; 276 | } 277 | 278 | 279 | @end 280 | 281 | -------------------------------------------------------------------------------- /Ostiarius/UI/ConfigureWindowController.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 32 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 64 | 65 | 66 | 67 | 68 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /Ostiarius/Utilities.m: -------------------------------------------------------------------------------- 1 | // 2 | // Utilities.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import "Consts.h" 10 | #import "Logging.h" 11 | #import "Utilities.h" 12 | 13 | //check if kext is installed 14 | // ->just checks permenant location of kext 15 | BOOL isInstalled() 16 | { 17 | //flag 18 | BOOL installed = NO; 19 | 20 | //install path 21 | NSString* installPath = nil; 22 | 23 | //init install path 24 | installPath = [@"/Library/Extensions" stringByAppendingPathComponent:KEXT_NAME];//[[NSBundle mainBundle] bundleIdentifier]]; 25 | 26 | //dbg msg 27 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"checking if kext is installed at %@", installPath]); 28 | 29 | //check if kext exists 30 | // ->and set return flag 31 | installed = [[NSFileManager defaultManager] fileExistsAtPath:installPath]; 32 | 33 | return installed; 34 | } 35 | 36 | //return path to installed kext 37 | NSString* kextPath() 38 | { 39 | //build and ret 40 | return [NSString pathWithComponents:@[@"/Library/Extensions", KEXT_NAME]]; 41 | } 42 | 43 | //start an NSTask 44 | NSUInteger execTask(NSString* path, NSArray* arguments) 45 | { 46 | //task object 47 | NSTask *task = nil; 48 | 49 | //task status 50 | NSUInteger taskStatus = -1; 51 | 52 | //make sure path exists 53 | // ->otherwise NSTask will throw an NSInvalidArgumentException error 54 | if(YES != [[NSFileManager defaultManager] fileExistsAtPath:path]) 55 | { 56 | //error 57 | logMsg(LOG_ERR, [NSString stringWithFormat:@"cannot exec NSTask since %@ was not found", path]); 58 | 59 | //bail 60 | goto bail; 61 | } 62 | 63 | //create task 64 | task = [[NSTask alloc] init]; 65 | 66 | //set launch path 67 | // ->unzip binary 68 | [task setLaunchPath:path]; 69 | 70 | //set args 71 | if(nil != arguments) 72 | { 73 | //set 74 | [task setArguments:arguments]; 75 | } 76 | 77 | //exec task 78 | [task launch]; 79 | 80 | //dbg msg 81 | logMsg(LOG_DEBUG, @"waiting for task to exit"); 82 | 83 | //wait 84 | [task waitUntilExit]; 85 | 86 | //get status 87 | taskStatus = [task terminationStatus]; 88 | 89 | //dbg msg 90 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"task exited with %lu", (unsigned long)taskStatus]); 91 | 92 | //bail 93 | bail: 94 | 95 | return taskStatus; 96 | } 97 | 98 | //get version 99 | NSString* getVersion() 100 | { 101 | //version 102 | NSString* currentVersion = nil; 103 | 104 | //info dictionary 105 | NSDictionary* infoDictionary = nil; 106 | 107 | //get info dictionary 108 | infoDictionary = [[NSBundle mainBundle] infoDictionary]; 109 | 110 | //extract version string 111 | // ->'CFBundleVersion' 112 | if(nil != infoDictionary) 113 | { 114 | //extract 115 | currentVersion = infoDictionary[@"CFBundleVersion"]; 116 | } 117 | 118 | return currentVersion; 119 | } 120 | 121 | //is current OS version supported? 122 | // ->for now, up to OS X 10.11.6 (El Capitan) 123 | BOOL isSupportedOS() 124 | { 125 | //support flag 126 | BOOL isSupported = NO; 127 | 128 | //OS version info 129 | NSDictionary* osVersionInfo = nil; 130 | 131 | //get OS version info 132 | osVersionInfo = getOSVersion(); 133 | if(nil == osVersionInfo) 134 | { 135 | //bail 136 | goto bail; 137 | } 138 | 139 | //dbg msg 140 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"OS version: %@", osVersionInfo]); 141 | 142 | //gotta be OS X 143 | if(10 != [osVersionInfo[@"majorVersion"] intValue]) 144 | { 145 | //err msg 146 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OS major version %@ not supported", osVersionInfo[@"majorVersion"]]); 147 | 148 | //bail 149 | goto bail; 150 | } 151 | 152 | //gotta be OS X 11 153 | if(11 != [osVersionInfo[@"minorVersion"] intValue]) 154 | { 155 | //err msg 156 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OS minor version %@ not supported", osVersionInfo[@"minor"]]); 157 | 158 | //bail 159 | goto bail; 160 | } 161 | 162 | //got be OS X 11.0-6 163 | if([osVersionInfo[@"bugfixVersion"] intValue] > 6) 164 | { 165 | //err msg 166 | logMsg(LOG_ERR, [NSString stringWithFormat:@"OS bug fix version %@ not supported", osVersionInfo[@"bugfixVersion"]]); 167 | 168 | //bail 169 | goto bail; 170 | } 171 | 172 | //OS version is supported 173 | isSupported = YES; 174 | 175 | //bail 176 | bail: 177 | 178 | return isSupported; 179 | } 180 | 181 | //get OS version 182 | NSDictionary* getOSVersion() 183 | { 184 | //os version info 185 | NSMutableDictionary* osVersionInfo = nil; 186 | 187 | //major v 188 | SInt32 majorVersion = 0; 189 | 190 | //minor v 191 | SInt32 minorVersion = 0; 192 | 193 | //bug fix v 194 | SInt32 fixVersion = 0; 195 | 196 | //alloc dictionary 197 | osVersionInfo = [NSMutableDictionary dictionary]; 198 | 199 | //get major version 200 | if(STATUS_SUCCESS != Gestalt(gestaltSystemVersionMajor, &majorVersion)) 201 | { 202 | //reset 203 | osVersionInfo = nil; 204 | 205 | //bail 206 | goto bail; 207 | } 208 | 209 | //get minor version 210 | if(STATUS_SUCCESS != Gestalt(gestaltSystemVersionMinor, &minorVersion)) 211 | { 212 | //reset 213 | osVersionInfo = nil; 214 | 215 | //bail 216 | goto bail; 217 | } 218 | 219 | //get bug fix version 220 | if(STATUS_SUCCESS != Gestalt(gestaltSystemVersionBugFix, &fixVersion)) 221 | { 222 | //reset 223 | osVersionInfo = nil; 224 | 225 | //bail 226 | goto bail; 227 | } 228 | 229 | //set major version 230 | osVersionInfo[@"majorVersion"] = [NSNumber numberWithInteger:majorVersion]; 231 | 232 | //set minor version 233 | osVersionInfo[@"minorVersion"] = [NSNumber numberWithInteger:minorVersion]; 234 | 235 | //set bug fix version 236 | osVersionInfo[@"bugfixVersion"] = [NSNumber numberWithInteger:fixVersion]; 237 | 238 | //bail 239 | bail: 240 | 241 | return osVersionInfo; 242 | } 243 | 244 | //set dir's|file's group/owner 245 | BOOL setFileOwner(NSString* path, NSNumber* groupID, NSNumber* ownerID, BOOL recursive) 246 | { 247 | //ret var 248 | BOOL bRet = NO; 249 | 250 | //owner dictionary 251 | NSDictionary* fileOwner = nil; 252 | 253 | //sub paths 254 | NSArray *subPaths = nil; 255 | 256 | //full path 257 | // ->for recursive 258 | NSString* fullPath = nil; 259 | 260 | //init permissions dictionary 261 | fileOwner = @{NSFileGroupOwnerAccountID:groupID, NSFileOwnerAccountID:ownerID}; 262 | 263 | //set group/owner 264 | if(YES != [[NSFileManager defaultManager] setAttributes:fileOwner ofItemAtPath:path error:NULL]) 265 | { 266 | //err msg 267 | logMsg(LOG_ERR, [NSString stringWithFormat:@"failed to set ownership for %@ (%@)", path, fileOwner]); 268 | 269 | //bail 270 | goto bail; 271 | } 272 | 273 | //dbg msg 274 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"set ownership for %@ (%@)", path, fileOwner]); 275 | 276 | //do it recursively 277 | if(YES == recursive) 278 | { 279 | //sanity check 280 | // ->make sure root starts with '/' 281 | if(YES != [path hasSuffix:@"/"]) 282 | { 283 | //add '/' 284 | path = [NSString stringWithFormat:@"%@/", path]; 285 | } 286 | 287 | //get all subpaths 288 | subPaths = [[NSFileManager defaultManager] subpathsAtPath:path]; 289 | for(NSString *subPath in subPaths) 290 | { 291 | //init full path 292 | fullPath = [path stringByAppendingString:subPath]; 293 | 294 | //set group/owner 295 | if(YES != [[NSFileManager defaultManager] setAttributes:fileOwner ofItemAtPath:fullPath error:NULL]) 296 | { 297 | //err msg 298 | logMsg(LOG_ERR, [NSString stringWithFormat:@"failed to set ownership for %@ (%@)", fullPath, fileOwner]); 299 | 300 | //bail 301 | goto bail; 302 | } 303 | } 304 | } 305 | 306 | //no errors 307 | bRet = YES; 308 | 309 | //bail 310 | bail: 311 | 312 | return bRet; 313 | } 314 | 315 | //get app's version 316 | // ->extracted from Info.plist 317 | NSString* getAppVersion() 318 | { 319 | //read and return 'CFBundleVersion' from bundle 320 | return [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleVersion"]; 321 | } 322 | -------------------------------------------------------------------------------- /OstiariusKext.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 46; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | 7DFB276D1C332ADD00F68885 /* OstiariusKext.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 7DFB276C1C332ADD00F68885 /* OstiariusKext.hpp */; }; 11 | 7DFB276F1C332ADD00F68885 /* OstiariusKext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7DFB276E1C332ADD00F68885 /* OstiariusKext.cpp */; }; 12 | /* End PBXBuildFile section */ 13 | 14 | /* Begin PBXFileReference section */ 15 | 7DFB27691C332ADD00F68885 /* Ostiarius.kext */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = Ostiarius.kext; sourceTree = BUILT_PRODUCTS_DIR; }; 16 | 7DFB276C1C332ADD00F68885 /* OstiariusKext.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = OstiariusKext.hpp; sourceTree = ""; }; 17 | 7DFB276E1C332ADD00F68885 /* OstiariusKext.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = OstiariusKext.cpp; sourceTree = ""; }; 18 | 7DFB27701C332ADD00F68885 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 19 | /* End PBXFileReference section */ 20 | 21 | /* Begin PBXFrameworksBuildPhase section */ 22 | 7DFB27651C332ADD00F68885 /* Frameworks */ = { 23 | isa = PBXFrameworksBuildPhase; 24 | buildActionMask = 2147483647; 25 | files = ( 26 | ); 27 | runOnlyForDeploymentPostprocessing = 0; 28 | }; 29 | /* End PBXFrameworksBuildPhase section */ 30 | 31 | /* Begin PBXGroup section */ 32 | 7DFB275F1C332ADD00F68885 = { 33 | isa = PBXGroup; 34 | children = ( 35 | 7DFB276B1C332ADD00F68885 /* OstiariusKext */, 36 | 7DFB276A1C332ADD00F68885 /* Products */, 37 | ); 38 | sourceTree = ""; 39 | }; 40 | 7DFB276A1C332ADD00F68885 /* Products */ = { 41 | isa = PBXGroup; 42 | children = ( 43 | 7DFB27691C332ADD00F68885 /* Ostiarius.kext */, 44 | ); 45 | name = Products; 46 | sourceTree = ""; 47 | }; 48 | 7DFB276B1C332ADD00F68885 /* OstiariusKext */ = { 49 | isa = PBXGroup; 50 | children = ( 51 | 7DFB276C1C332ADD00F68885 /* OstiariusKext.hpp */, 52 | 7DFB276E1C332ADD00F68885 /* OstiariusKext.cpp */, 53 | 7DFB27701C332ADD00F68885 /* Info.plist */, 54 | ); 55 | path = OstiariusKext; 56 | sourceTree = ""; 57 | }; 58 | /* End PBXGroup section */ 59 | 60 | /* Begin PBXHeadersBuildPhase section */ 61 | 7DFB27661C332ADD00F68885 /* Headers */ = { 62 | isa = PBXHeadersBuildPhase; 63 | buildActionMask = 2147483647; 64 | files = ( 65 | 7DFB276D1C332ADD00F68885 /* OstiariusKext.hpp in Headers */, 66 | ); 67 | runOnlyForDeploymentPostprocessing = 0; 68 | }; 69 | /* End PBXHeadersBuildPhase section */ 70 | 71 | /* Begin PBXNativeTarget section */ 72 | 7DFB27681C332ADD00F68885 /* OstiariusKext */ = { 73 | isa = PBXNativeTarget; 74 | buildConfigurationList = 7DFB27731C332ADD00F68885 /* Build configuration list for PBXNativeTarget "OstiariusKext" */; 75 | buildPhases = ( 76 | 7DFB27641C332ADD00F68885 /* Sources */, 77 | 7DFB27651C332ADD00F68885 /* Frameworks */, 78 | 7DFB27661C332ADD00F68885 /* Headers */, 79 | 7DFB27671C332ADD00F68885 /* Resources */, 80 | ); 81 | buildRules = ( 82 | ); 83 | dependencies = ( 84 | ); 85 | name = OstiariusKext; 86 | productName = OstiariusKext; 87 | productReference = 7DFB27691C332ADD00F68885 /* Ostiarius.kext */; 88 | productType = "com.apple.product-type.kernel-extension"; 89 | }; 90 | /* End PBXNativeTarget section */ 91 | 92 | /* Begin PBXProject section */ 93 | 7DFB27601C332ADD00F68885 /* Project object */ = { 94 | isa = PBXProject; 95 | attributes = { 96 | LastUpgradeCheck = 0720; 97 | ORGANIZATIONNAME = "Objective-See"; 98 | TargetAttributes = { 99 | 7DFB27681C332ADD00F68885 = { 100 | CreatedOnToolsVersion = 7.2; 101 | }; 102 | }; 103 | }; 104 | buildConfigurationList = 7DFB27631C332ADD00F68885 /* Build configuration list for PBXProject "OstiariusKext" */; 105 | compatibilityVersion = "Xcode 3.2"; 106 | developmentRegion = English; 107 | hasScannedForEncodings = 0; 108 | knownRegions = ( 109 | en, 110 | ); 111 | mainGroup = 7DFB275F1C332ADD00F68885; 112 | productRefGroup = 7DFB276A1C332ADD00F68885 /* Products */; 113 | projectDirPath = ""; 114 | projectRoot = ""; 115 | targets = ( 116 | 7DFB27681C332ADD00F68885 /* OstiariusKext */, 117 | ); 118 | }; 119 | /* End PBXProject section */ 120 | 121 | /* Begin PBXResourcesBuildPhase section */ 122 | 7DFB27671C332ADD00F68885 /* Resources */ = { 123 | isa = PBXResourcesBuildPhase; 124 | buildActionMask = 2147483647; 125 | files = ( 126 | ); 127 | runOnlyForDeploymentPostprocessing = 0; 128 | }; 129 | /* End PBXResourcesBuildPhase section */ 130 | 131 | /* Begin PBXSourcesBuildPhase section */ 132 | 7DFB27641C332ADD00F68885 /* Sources */ = { 133 | isa = PBXSourcesBuildPhase; 134 | buildActionMask = 2147483647; 135 | files = ( 136 | 7DFB276F1C332ADD00F68885 /* OstiariusKext.cpp in Sources */, 137 | ); 138 | runOnlyForDeploymentPostprocessing = 0; 139 | }; 140 | /* End PBXSourcesBuildPhase section */ 141 | 142 | /* Begin XCBuildConfiguration section */ 143 | 7DFB27711C332ADD00F68885 /* Debug */ = { 144 | isa = XCBuildConfiguration; 145 | buildSettings = { 146 | ALWAYS_SEARCH_USER_PATHS = NO; 147 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 148 | CLANG_CXX_LIBRARY = "libc++"; 149 | CLANG_ENABLE_MODULES = YES; 150 | CLANG_ENABLE_OBJC_ARC = YES; 151 | CLANG_WARN_BOOL_CONVERSION = YES; 152 | CLANG_WARN_CONSTANT_CONVERSION = YES; 153 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 154 | CLANG_WARN_EMPTY_BODY = YES; 155 | CLANG_WARN_ENUM_CONVERSION = YES; 156 | CLANG_WARN_INT_CONVERSION = YES; 157 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 158 | CLANG_WARN_UNREACHABLE_CODE = YES; 159 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 160 | CODE_SIGN_IDENTITY = "-"; 161 | COPY_PHASE_STRIP = NO; 162 | DEBUG_INFORMATION_FORMAT = dwarf; 163 | ENABLE_STRICT_OBJC_MSGSEND = YES; 164 | ENABLE_TESTABILITY = YES; 165 | GCC_C_LANGUAGE_STANDARD = gnu99; 166 | GCC_DYNAMIC_NO_PIC = NO; 167 | GCC_NO_COMMON_BLOCKS = YES; 168 | GCC_OPTIMIZATION_LEVEL = 0; 169 | GCC_PREPROCESSOR_DEFINITIONS = ( 170 | "DEBUG=1", 171 | "$(inherited)", 172 | ); 173 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 174 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 175 | GCC_WARN_UNDECLARED_SELECTOR = YES; 176 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 177 | GCC_WARN_UNUSED_FUNCTION = YES; 178 | GCC_WARN_UNUSED_VARIABLE = YES; 179 | MACOSX_DEPLOYMENT_TARGET = 10.11; 180 | MTL_ENABLE_DEBUG_INFO = YES; 181 | ONLY_ACTIVE_ARCH = YES; 182 | SDKROOT = macosx; 183 | }; 184 | name = Debug; 185 | }; 186 | 7DFB27721C332ADD00F68885 /* Release */ = { 187 | isa = XCBuildConfiguration; 188 | buildSettings = { 189 | ALWAYS_SEARCH_USER_PATHS = NO; 190 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 191 | CLANG_CXX_LIBRARY = "libc++"; 192 | CLANG_ENABLE_MODULES = YES; 193 | CLANG_ENABLE_OBJC_ARC = YES; 194 | CLANG_WARN_BOOL_CONVERSION = YES; 195 | CLANG_WARN_CONSTANT_CONVERSION = YES; 196 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 197 | CLANG_WARN_EMPTY_BODY = YES; 198 | CLANG_WARN_ENUM_CONVERSION = YES; 199 | CLANG_WARN_INT_CONVERSION = YES; 200 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 201 | CLANG_WARN_UNREACHABLE_CODE = YES; 202 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 203 | CODE_SIGN_IDENTITY = "-"; 204 | COPY_PHASE_STRIP = NO; 205 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 206 | ENABLE_NS_ASSERTIONS = NO; 207 | ENABLE_STRICT_OBJC_MSGSEND = YES; 208 | GCC_C_LANGUAGE_STANDARD = gnu99; 209 | GCC_NO_COMMON_BLOCKS = YES; 210 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 211 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 212 | GCC_WARN_UNDECLARED_SELECTOR = YES; 213 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 214 | GCC_WARN_UNUSED_FUNCTION = YES; 215 | GCC_WARN_UNUSED_VARIABLE = YES; 216 | MACOSX_DEPLOYMENT_TARGET = 10.11; 217 | MTL_ENABLE_DEBUG_INFO = NO; 218 | SDKROOT = macosx; 219 | }; 220 | name = Release; 221 | }; 222 | 7DFB27741C332ADD00F68885 /* Debug */ = { 223 | isa = XCBuildConfiguration; 224 | buildSettings = { 225 | CODE_SIGN_IDENTITY = "Developer ID Application: Objective-See, LLC (VBG97UB4TA)"; 226 | COMBINE_HIDPI_IMAGES = YES; 227 | CURRENT_PROJECT_VERSION = 1.0.0d1; 228 | INFOPLIST_FILE = OstiariusKext/Info.plist; 229 | MODULE_NAME = "com.objective-see.OstiariusKext"; 230 | MODULE_VERSION = 1.0.0d1; 231 | PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.OstiariusKext"; 232 | PRODUCT_NAME = Ostiarius; 233 | WRAPPER_EXTENSION = kext; 234 | }; 235 | name = Debug; 236 | }; 237 | 7DFB27751C332ADD00F68885 /* Release */ = { 238 | isa = XCBuildConfiguration; 239 | buildSettings = { 240 | CODE_SIGN_IDENTITY = "Developer ID Application: Objective-See, LLC (VBG97UB4TA)"; 241 | COMBINE_HIDPI_IMAGES = YES; 242 | CURRENT_PROJECT_VERSION = 1.0.0d1; 243 | INFOPLIST_FILE = OstiariusKext/Info.plist; 244 | MODULE_NAME = "com.objective-see.OstiariusKext"; 245 | MODULE_VERSION = 1.0.0d1; 246 | PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.OstiariusKext"; 247 | PRODUCT_NAME = Ostiarius; 248 | WRAPPER_EXTENSION = kext; 249 | }; 250 | name = Release; 251 | }; 252 | /* End XCBuildConfiguration section */ 253 | 254 | /* Begin XCConfigurationList section */ 255 | 7DFB27631C332ADD00F68885 /* Build configuration list for PBXProject "OstiariusKext" */ = { 256 | isa = XCConfigurationList; 257 | buildConfigurations = ( 258 | 7DFB27711C332ADD00F68885 /* Debug */, 259 | 7DFB27721C332ADD00F68885 /* Release */, 260 | ); 261 | defaultConfigurationIsVisible = 0; 262 | defaultConfigurationName = Release; 263 | }; 264 | 7DFB27731C332ADD00F68885 /* Build configuration list for PBXNativeTarget "OstiariusKext" */ = { 265 | isa = XCConfigurationList; 266 | buildConfigurations = ( 267 | 7DFB27741C332ADD00F68885 /* Debug */, 268 | 7DFB27751C332ADD00F68885 /* Release */, 269 | ); 270 | defaultConfigurationIsVisible = 0; 271 | defaultConfigurationName = Release; 272 | }; 273 | /* End XCConfigurationList section */ 274 | }; 275 | rootObject = 7DFB27601C332ADD00F68885 /* Project object */; 276 | } 277 | -------------------------------------------------------------------------------- /Ostiarius/ConfigureWindowController.m: -------------------------------------------------------------------------------- 1 | // 2 | // Utilities.m 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #import "Consts.h" 10 | #import "Logging.h" 11 | #import "Configure.h" 12 | #import "Utilities.h" 13 | #import "ConfigureWindowController.h" 14 | 15 | @implementation ConfigureWindowController 16 | 17 | @synthesize statusMsg; 18 | @synthesize moreInfoButton; 19 | 20 | //automatically called when nib is loaded 21 | // ->just center window 22 | -(void)awakeFromNib 23 | { 24 | //center 25 | [self.window center]; 26 | 27 | return; 28 | } 29 | 30 | //configure window/buttons 31 | // ->also brings window to front 32 | -(void)configure:(BOOL)isInstalled 33 | { 34 | //set window title 35 | [self window].title = [NSString stringWithFormat:@"version %@", getAppVersion()]; 36 | 37 | //dbg msg 38 | logMsg(LOG_DEBUG, @"configuring install/uninstall window"); 39 | 40 | //init status msg 41 | [self.statusMsg setStringValue:@"blocks unsigned internet binaries"]; 42 | 43 | //enable 'uninstall' button when app is installed already 44 | if(YES == isInstalled) 45 | { 46 | //enable 47 | self.uninstallButton.enabled = YES; 48 | } 49 | //otherwise disable 50 | else 51 | { 52 | //disable 53 | self.uninstallButton.enabled = NO; 54 | } 55 | 56 | //make 'install' have focus 57 | // ->more likely they'll be upgrading 58 | [self.window makeFirstResponder:self.installButton]; 59 | 60 | //set delegate 61 | [self.window setDelegate:self]; 62 | 63 | return; 64 | } 65 | 66 | //display (show) window 67 | // ->center, make front, set bg to white, etc 68 | -(void)display 69 | { 70 | //center window 71 | [[self window] center]; 72 | 73 | //show (now configured) windows 74 | [self showWindow:self]; 75 | 76 | //make it key window 77 | [self.window makeKeyAndOrderFront:self]; 78 | 79 | //make window front 80 | [NSApp activateIgnoringOtherApps:YES]; 81 | 82 | //make white 83 | [self.window setBackgroundColor: NSColor.whiteColor]; 84 | 85 | return; 86 | } 87 | 88 | //button handler for uninstall/install 89 | -(IBAction)buttonHandler:(id)sender 90 | { 91 | //button title 92 | NSString* buttonTitle = nil; 93 | 94 | //extact button title 95 | buttonTitle = ((NSButton*)sender).title; 96 | 97 | //action 98 | NSUInteger action = 0; 99 | 100 | //dbg msg 101 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"handling action click: %@", buttonTitle]); 102 | 103 | //hide 'get more info' button 104 | self.moreInfoButton.hidden = YES; 105 | 106 | //set action 107 | // ->install daemon 108 | if(YES == [buttonTitle isEqualToString:ACTION_INSTALL]) 109 | { 110 | //set 111 | action = ACTION_INSTALL_FLAG; 112 | } 113 | //set action 114 | // ->uninstall daemon 115 | else 116 | { 117 | //set 118 | action = ACTION_UNINSTALL_FLAG; 119 | } 120 | 121 | //disable 'x' button 122 | // ->don't want user killing app during install/upgrade 123 | [[self.window standardWindowButton:NSWindowCloseButton] setEnabled:NO]; 124 | 125 | //clear status msg 126 | [self.statusMsg setStringValue:@""]; 127 | 128 | //force redraw of status msg 129 | // ->sometime doesn't refresh (e.g. slow VM) 130 | [self.statusMsg setNeedsDisplay:YES]; 131 | 132 | //dbg msg 133 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"%@'ing Ostiarius", buttonTitle]); 134 | 135 | //invoke logic to install/uninstall 136 | // ->do in background so UI doesn't block 137 | dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), 138 | ^{ 139 | //install/uninstall 140 | [self lifeCycleEvent:action]; 141 | 142 | //dbg msg 143 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"done %@'ing Ostiarius", buttonTitle]); 144 | }); 145 | 146 | //bail 147 | bail: 148 | 149 | return; 150 | } 151 | 152 | //button handler for '?' button (on an error) 153 | // ->load objective-see's documentation for error(s) in default browser 154 | -(IBAction)info:(id)sender 155 | { 156 | //url 157 | NSURL *helpURL = nil; 158 | 159 | //build help URL 160 | helpURL = [NSURL URLWithString:FATAL_ERROR_URL]; 161 | 162 | //open URL 163 | // ->invokes user's default browser 164 | [[NSWorkspace sharedWorkspace] openURL:helpURL]; 165 | 166 | return; 167 | } 168 | 169 | //perform install | uninstall via Control obj 170 | // ->invoked on background thread so that UI doesn't block 171 | -(void)lifeCycleEvent:(NSUInteger)event 172 | { 173 | //status var 174 | BOOL status = NO; 175 | 176 | //configure object 177 | Configure* configureObj = nil; 178 | 179 | //dbg msg 180 | logMsg(LOG_DEBUG, [NSString stringWithFormat:@"handling life cycle event, %lu", (unsigned long)event]); 181 | 182 | //alloc control object 183 | configureObj = [[Configure alloc] init]; 184 | 185 | //begin event 186 | // ->updates ui on main thread 187 | dispatch_sync(dispatch_get_main_queue(), 188 | ^{ 189 | //complete 190 | [self beginEvent:event]; 191 | }); 192 | 193 | //sleep 194 | // ->allow 'install' || 'uninstall' msg to show up 195 | sleep(1); 196 | 197 | //perform action (install | uninstall) 198 | // ->perform background actions 199 | if(YES == [configureObj configure:event]) 200 | { 201 | //set flag 202 | status = YES; 203 | } 204 | 205 | //error occurred 206 | else 207 | { 208 | //err msg 209 | logMsg(LOG_ERR, @"ERROR: failed to perform life cycle event"); 210 | 211 | //set flag 212 | status = NO; 213 | } 214 | 215 | //complet event 216 | // ->updates ui on main thread 217 | dispatch_async(dispatch_get_main_queue(), 218 | ^{ 219 | //complete 220 | [self completeEvent:status event:event]; 221 | }); 222 | 223 | return; 224 | } 225 | 226 | //begin event 227 | // ->basically just update UI 228 | -(void)beginEvent:(NSUInteger)event 229 | { 230 | //status msg frame 231 | CGRect statusMsgFrame = {0}; 232 | 233 | //grab exiting frame 234 | statusMsgFrame = self.statusMsg.frame; 235 | 236 | //avoid activity indicator 237 | // ->shift frame shift delta 238 | statusMsgFrame.origin.x += FRAME_SHIFT; 239 | 240 | //update frame to align 241 | self.statusMsg.frame = statusMsgFrame; 242 | 243 | //align text left 244 | [self.statusMsg setAlignment:NSLeftTextAlignment]; 245 | 246 | //install msg 247 | if(ACTION_INSTALL_FLAG == event) 248 | { 249 | //update status msg 250 | [self.statusMsg setStringValue:@"Installing..."]; 251 | } 252 | //uninstall msg 253 | else 254 | { 255 | //update status msg 256 | [self.statusMsg setStringValue:@"Uninstalling..."]; 257 | } 258 | 259 | //disable action button 260 | self.uninstallButton.enabled = NO; 261 | 262 | //disable cancel button 263 | self.installButton.enabled = NO; 264 | 265 | //show spinner 266 | [self.activityIndicator setHidden:NO]; 267 | 268 | //start spinner 269 | [self.activityIndicator startAnimation:nil]; 270 | 271 | return; 272 | } 273 | 274 | //complete event 275 | // ->update UI after background event has finished 276 | -(void)completeEvent:(BOOL)success event:(NSUInteger)event 277 | { 278 | //status msg frame 279 | CGRect statusMsgFrame = {0}; 280 | 281 | //action 282 | NSString* action = nil; 283 | 284 | //result msg 285 | NSString* resultMsg = nil; 286 | 287 | //msg font 288 | NSColor* resultMsgColor = nil; 289 | 290 | //generally want centered text 291 | [self.statusMsg setAlignment:NSCenterTextAlignment]; 292 | 293 | //set action msg for install 294 | if(ACTION_INSTALL_FLAG == event) 295 | { 296 | //set msg 297 | action = @"install"; 298 | 299 | //set result msg 300 | resultMsg = [NSString stringWithFormat:@"Ostiarius %@ed (note: on OS upgrade new version may be required)", action]; 301 | 302 | } 303 | //set action msg for uninstall 304 | else 305 | { 306 | //set msg 307 | action = @"uninstall"; 308 | 309 | //set result msg 310 | resultMsg = [NSString stringWithFormat:@"Ostiarius %@ed", action]; 311 | } 312 | 313 | //success 314 | if(YES == success) 315 | { 316 | //set font to black 317 | resultMsgColor = [NSColor blackColor]; 318 | } 319 | //failure 320 | else 321 | { 322 | //set result msg 323 | resultMsg = [NSString stringWithFormat:@"error: %@ failed", action]; 324 | 325 | //set font to red 326 | resultMsgColor = [NSColor redColor]; 327 | 328 | //show 'get more info' button 329 | self.moreInfoButton.hidden = NO; 330 | } 331 | 332 | //stop/hide spinner 333 | [self.activityIndicator stopAnimation:nil]; 334 | 335 | //hide spinner 336 | [self.activityIndicator setHidden:YES]; 337 | 338 | //grab exiting frame 339 | statusMsgFrame = self.statusMsg.frame; 340 | 341 | //shift back since activity indicator is gone 342 | statusMsgFrame.origin.x -= FRAME_SHIFT; 343 | 344 | //update frame to align 345 | self.statusMsg.frame = statusMsgFrame; 346 | 347 | //set font to bold 348 | [self.statusMsg setFont:[NSFont fontWithName:@"Menlo-Bold" size:13]]; 349 | 350 | //set msg color 351 | [self.statusMsg setTextColor:resultMsgColor]; 352 | 353 | //set status msg 354 | [self.statusMsg setStringValue:resultMsg]; 355 | 356 | //toggle buttons 357 | // ->after install turn on 'uninstall' and off 'install' 358 | if(ACTION_INSTALL_FLAG == event) 359 | { 360 | //enable uninstall 361 | self.uninstallButton.enabled = YES; 362 | 363 | //disable install 364 | self.installButton.enabled = NO; 365 | } 366 | //toggle buttons 367 | // ->after uninstall turn off 'uninstall' and on 'install' 368 | else 369 | { 370 | //disable 371 | self.uninstallButton.enabled = NO; 372 | 373 | //enable close button 374 | self.installButton.enabled = YES; 375 | } 376 | 377 | //ok to re-enable 'x' button 378 | [[self.window standardWindowButton:NSWindowCloseButton] setEnabled:YES]; 379 | 380 | //(re)make window window key 381 | [self.window makeKeyAndOrderFront:self]; 382 | 383 | //(re)make window front 384 | [NSApp activateIgnoringOtherApps:YES]; 385 | 386 | return; 387 | } 388 | 389 | //automatically invoked when window is closing 390 | // ->just exit application 391 | -(void)windowWillClose:(NSNotification *)notification 392 | { 393 | //exit 394 | [NSApp terminate:self]; 395 | 396 | return; 397 | } 398 | 399 | @end -------------------------------------------------------------------------------- /OstiariusKext/OstiariusKext.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // OstiariusKext.cpp 3 | // Ostiarius 4 | // 5 | // Created by Patrick Wardle on 1/2/16. 6 | // Copyright (c) 2016 Objective-See. All rights reserved. 7 | // 8 | 9 | #include "OstiariusKext.hpp" 10 | 11 | //required macro 12 | OSDefineMetaClassAndStructors(com_objectiveSee_OstiariusKext, IOService) 13 | 14 | //kauth callback for KAUTH_SCOPE_FILEOP events 15 | // ->kill any unsigned, non-approved binaries from the internet 16 | static int processExec(kauth_cred_t credential, void* idata, kauth_action_t action, uintptr_t arg0, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3) 17 | { 18 | //mount point 19 | mount_t mount = {0}; 20 | 21 | //pid 22 | int pid = -1; 23 | 24 | //path 25 | char path[MAXPATHLEN+1] = {0}; 26 | 27 | //path length 28 | int pathLength = MAXPATHLEN; 29 | 30 | //quarantine flags 31 | unsigned int qFlags = 0; 32 | 33 | //dmg path 34 | char dmgPath[MAXPATHLEN+1] = {0}; 35 | 36 | //dmg vnode 37 | vnode_t dmgVnode = NULLVP; 38 | 39 | //locked flag 40 | boolean_t wasLocked = FALSE; 41 | 42 | //offset pointer 43 | unsigned char* offsetPointer = NULL; 44 | 45 | //vfsstatfs struct 46 | struct vfsstatfs* vfsstat = NULL; 47 | 48 | //vfs context 49 | vfs_context_t vfsContext = NULL; 50 | 51 | //ignore all non exec events 52 | if(KAUTH_FILEOP_EXEC != action) 53 | { 54 | //bail 55 | goto bail; 56 | } 57 | 58 | //ignore any non 'regular' vnodes 59 | if(0 == vnode_isreg((vnode_t)arg0)) 60 | { 61 | //bail 62 | goto bail; 63 | } 64 | 65 | //get pid 66 | pid = proc_selfpid(); 67 | 68 | //zero out path 69 | bzero(&path, sizeof(path)); 70 | 71 | //get path 72 | if(0 != vn_getpath((vnode_t)arg0, path, &pathLength)) 73 | { 74 | //err msg 75 | DEBUG_PRINT(("OSTIARIUS ERROR: vn_getpath() failed\n")); 76 | 77 | //bail 78 | goto bail; 79 | } 80 | 81 | //dbg msg 82 | DEBUG_PRINT(("OSTIARIUS: new process: %s %d\n", path, pid)); 83 | 84 | /* STEP 1: 85 | check if binary is from the internet, by checking its quarantine attributes */ 86 | 87 | //get quarantine attribute flags 88 | qFlags = getQAttrFlags((vnode_t)arg0); 89 | 90 | //no q flags indicates binary not from the internet 91 | // ->unless, its from a DMG, then need to find/check DMG 92 | if(0 == qFlags) 93 | { 94 | //from a dmg? 95 | // ->nope, allow process 96 | if(0 != strncmp("/Volumes/", path, strlen("/Volumes/"))) 97 | { 98 | //dbg msg 99 | DEBUG_PRINT(("OSTIARIUS: no quarantine attributes and not from .dmg, so allowing\n")); 100 | 101 | //bail 102 | goto bail; 103 | } 104 | 105 | //dbg msg 106 | DEBUG_PRINT(("OSTIARIUS: process appears to be from a dmg, so looking up/checking disk image\n")); 107 | 108 | //get mount struct for vnode's filesystem 109 | mount = vnode_mount((vnode_t)arg0); 110 | if(NULL == mount) 111 | { 112 | //bail 113 | goto bail; 114 | } 115 | 116 | //get vfsstatfs struct for mount 117 | vfsstat = vfs_statfs(mount); 118 | if(NULL == vfsstat) 119 | { 120 | //bail 121 | goto bail; 122 | } 123 | 124 | //zero out dmg path 125 | bzero(&dmgPath, sizeof(dmgPath)); 126 | 127 | //find disk image that file was mounted from 128 | findDMG(vfsstat->f_mntfromname, (char*)&dmgPath); 129 | if(0 == strlen((const char*)dmgPath)) 130 | { 131 | //dbg msg 132 | DEBUG_PRINT(("OSTIARIUS: no disk image found, so allowing\n")); 133 | 134 | //bail 135 | goto bail; 136 | } 137 | 138 | //dbg msg 139 | DEBUG_PRINT(("OSTIARIUS: found disk image path: %s\n", dmgPath)); 140 | 141 | //create a vfs context 142 | vfsContext = vfs_context_create(NULL); 143 | if(NULL == vfsContext) 144 | { 145 | //bail 146 | goto bail; 147 | } 148 | 149 | //get vnode for disk image path 150 | if(0 != vnode_lookup(dmgPath, 0, &dmgVnode, vfsContext)) 151 | { 152 | //err msg 153 | DEBUG_PRINT(("OSTIARIUS ERROR: failed find vnode for dmg path\n")); 154 | 155 | //bail 156 | goto bail; 157 | } 158 | 159 | //finally get q attr flags for DMG 160 | // ->if it doesn't have any, allow as its not from the internet 161 | qFlags = getQAttrFlags(dmgVnode); 162 | if(0 == qFlags) 163 | { 164 | //dbg msg 165 | DEBUG_PRINT(("OSTIARIUS: no quarantine attributes on dmg, so allowing\n")); 166 | 167 | //bail 168 | goto bail; 169 | } 170 | 171 | }// no qAttrz 172 | 173 | /* STEP 2: 174 | check if binary was previously allowed by checking quarantine attribute flags */ 175 | 176 | //CoreServicesUIAgent (user-mode) sets flags to 0x40 when user clicks 'allow' 177 | // ->so just allow such binaries 178 | if(0 != (qFlags & 0x40)) 179 | { 180 | //dbg msg 181 | DEBUG_PRINT(("OSTIARIUS: previously approved, so allowing\n")); 182 | 183 | //bail 184 | goto bail; 185 | } 186 | 187 | //dbg msg 188 | DEBUG_PRINT(("OSTIARIUS: binary is from the internet and has not been user-approved\n")); 189 | 190 | /* STEP 3: 191 | check if binary is signed (method inspired by Gatekeerper/csfg_get_platform_binary, tx @osxreverser!) */ 192 | 193 | //lock vnode 194 | lck_mtx_lock((lck_mtx_t *)arg0); 195 | 196 | //set lock flag 197 | wasLocked = TRUE; 198 | 199 | //init offset pointer 200 | offsetPointer = (unsigned char*)(vnode_t)arg0; 201 | 202 | //get pointer to struct ubc_info in vnode struct 203 | // ->disasm from kernel: mov rax, [vnode+70h] 204 | offsetPointer += 0x70; 205 | if(0 == *(unsigned long*)(offsetPointer)) 206 | { 207 | //bail 208 | goto bail; 209 | } 210 | 211 | //dbg msg 212 | //DEBUG_PRINT(("OSTIARIUS: vnode 'vu_ubcinfo': %p, points to: %p\n", offsetPointer, (void*)*(unsigned long*)(offsetPointer))); 213 | 214 | //dref pointer 215 | // ->get addr of struct ubc_info 216 | offsetPointer = (unsigned char*)*(unsigned long*)(offsetPointer); 217 | 218 | //get pointer to cs_blob struct from struct ubc_info 219 | // ->disasm from kernel: mov rax, [ubc_info+50h] 220 | offsetPointer += 0x50; 221 | 222 | //dbg msg 223 | //DEBUG_PRINT(("OSTIARIUS: ubc_info 'cs_blob': %p\n", offsetPointer)); 224 | 225 | //non-null csBlogs means process's binary is signed 226 | // ->note: yah, its a limitation that the binary could be signed, but invalidly 227 | if(0 != *(unsigned long*)(offsetPointer)) 228 | { 229 | //dbg msg 230 | DEBUG_PRINT(("OSTIARIUS: %s is signed (non-NULL cs_blob), so allowing\n", path)); 231 | 232 | //bail 233 | goto bail; 234 | } 235 | 236 | //dbg msg 237 | // ->always print 238 | IOLog("OSTIARIUS: %s is from the internet & is unsigned -> BLOCKING!\n", path); 239 | 240 | //kill the process 241 | // ->can't return 'KAUTH_RESULT_DENY', because its ignored (see 'Mac OS X Internals') 242 | proc_signal(pid, SIGKILL); 243 | 244 | //bail 245 | bail: 246 | 247 | //unlock vnode 248 | if(TRUE == wasLocked) 249 | { 250 | //unlock 251 | lck_mtx_unlock((lck_mtx_t *)arg0); 252 | 253 | //unset 254 | wasLocked = FALSE; 255 | } 256 | 257 | //release vfs context 258 | if(NULL != vfsContext) 259 | { 260 | //release 261 | vfs_context_rele(vfsContext); 262 | 263 | //unset 264 | vfsContext = NULL; 265 | } 266 | 267 | return KAUTH_RESULT_DEFER; 268 | } 269 | 270 | //given a vnode 271 | // ->get it's quarantine attribute flags 272 | unsigned int getQAttrFlags(vnode_t vnode) 273 | { 274 | //quarantine flags 275 | unsigned int qFlags = 0; 276 | 277 | //q attrs buffer 278 | char* qAttr = NULL; 279 | 280 | //actual size of attrs 281 | size_t qAttrLength = 0; 282 | 283 | //alloc buffer 284 | qAttr = (char*)OSMalloc(QATTR_SIZE, allocTag); 285 | if(NULL == qAttr) 286 | { 287 | //bail 288 | goto bail; 289 | } 290 | 291 | //get quarantine attributes 292 | // ->if this 'fails', simply means binary doesn't have quarantine attributes 293 | if(0 != mac_vnop_getxattr(vnode, QFLAGS_STRING_ID, qAttr, QATTR_SIZE-1, &qAttrLength)) 294 | { 295 | //dbg msg 296 | DEBUG_PRINT(("OSTIARIUS: mac_vnop_getxattr() didn't find any quarantine attributes\n")); 297 | 298 | //bail 299 | goto bail; 300 | } 301 | 302 | //null-terminate attributes 303 | qAttr[qAttrLength] = 0x0; 304 | 305 | //dbg msg 306 | DEBUG_PRINT(("OSTIARIUS: quarantine attributes: %s\n", qAttr)); 307 | 308 | //grab flags 309 | // ->format will look something like: 0002;567c4986;Safari;8122B05F-C448-4FA4-B2CC-30A8E50BE65B 310 | if(1 != sscanf(qAttr, "%04x", &qFlags)) 311 | { 312 | //err msg 313 | DEBUG_PRINT(("OSTIARIUS ERROR: sscanf('%s',...) failed\n", qAttr)); 314 | 315 | //bail 316 | goto bail; 317 | } 318 | 319 | //dbg msg 320 | DEBUG_PRINT(("OSTIARIUS: value for %s -> %x...\n", QFLAGS_STRING_ID, qFlags)); 321 | 322 | //bail 323 | bail: 324 | 325 | //free q attr buffer 326 | if(NULL != qAttr) 327 | { 328 | //free 329 | OSFree(qAttr, QATTR_SIZE, allocTag); 330 | 331 | //unset 332 | qAttr = NULL; 333 | } 334 | 335 | return qFlags; 336 | } 337 | 338 | 339 | //given a 'BSD name' for a mounted filesystem (ex: '/dev/disk1s2') 340 | // ->find the orginal disk image (dmg) that was mounted at this location 341 | void findDMG(char* mountFrom, char* diskImage) 342 | { 343 | //matching dictionary for service lookup 344 | OSDictionary* matchingDictionary = NULL; 345 | 346 | //(top-level) iterator 347 | OSIterator* iterator = NULL; 348 | 349 | //registry entry for each IOHDIXHDDriveOutKernel entry 350 | IORegistryEntry* ioHDIXHD = NULL; 351 | 352 | //candidate disk image 353 | char* candidateDiskImage = NULL; 354 | 355 | //child 356 | IORegistryEntry *child = NULL; 357 | 358 | //image path data 359 | OSData* imagePathData = NULL; 360 | 361 | //image path length 362 | unsigned int imagePathLength = 0; 363 | 364 | //BSD name 365 | OSString* bsdName = NULL; 366 | 367 | //BSD name bytes 368 | const char* bsdNameBytes = NULL; 369 | 370 | //offset pointer 371 | char* offsetPointer = NULL; 372 | 373 | //get matching dictionary for 'IOHDIXHDDriveOutKernel' 374 | matchingDictionary = IOService::serviceMatching("IOHDIXHDDriveOutKernel"); 375 | if(NULL == matchingDictionary) 376 | { 377 | //err msg 378 | DEBUG_PRINT(("OSTIARIUS ERROR: serviceMatching() failed\n")); 379 | 380 | //bail 381 | goto bail; 382 | } 383 | 384 | //get iterator 385 | iterator = IOService::getMatchingServices(matchingDictionary); 386 | if(NULL == iterator) 387 | { 388 | //err msg 389 | DEBUG_PRINT(("OSTIARIUS ERROR: getMatchingServices() failed\n")); 390 | 391 | //bail 392 | goto bail; 393 | } 394 | 395 | //iterate over all IOHDIXHDDriveOutKernel entries 396 | // ->grab 'image-path' then iterate down to get 'BSD Name' 397 | while(NULL != (ioHDIXHD = (IORegistryEntry*)iterator->getNextObject())) 398 | { 399 | //make sure candidate image is always freed 400 | // ->obv. this only comes into play during multiple iterations 401 | if(NULL != candidateDiskImage) 402 | { 403 | //free 404 | OSFree(candidateDiskImage, imagePathLength+1, allocTag); 405 | 406 | //unset 407 | candidateDiskImage = NULL; 408 | } 409 | 410 | //get 'image-path' property 411 | imagePathData = OSDynamicCast(OSData, ioHDIXHD->getProperty("image-path")); 412 | if(NULL == imagePathData) 413 | { 414 | //ignore 415 | continue; 416 | } 417 | 418 | //extract length 419 | imagePathLength = imagePathData->getLength(); 420 | if(0 == imagePathLength) 421 | { 422 | //ignore 423 | continue; 424 | } 425 | 426 | //alloc buffer for NULL-terminated disk image path 427 | candidateDiskImage = (char*)OSMalloc(imagePathLength+1, allocTag); 428 | if(NULL == candidateDiskImage) 429 | { 430 | //ignore 431 | continue; 432 | } 433 | 434 | //copy in bytes 435 | memcpy(candidateDiskImage, imagePathData->getBytesNoCopy(), imagePathLength); 436 | 437 | //NULL terminate 438 | candidateDiskImage[imagePathLength] = 0x0; 439 | 440 | //dbg msg 441 | DEBUG_PRINT(("OSTIARIUS: image-path: %s\n", candidateDiskImage)); 442 | 443 | //find 'IODiskImageBlockStorageDeviceOutKernel' child 444 | child = findChild(ioHDIXHD, "IODiskImageBlockStorageDeviceOutKernel"); 445 | if(NULL == child) 446 | { 447 | //err msg 448 | DEBUG_PRINT(("OSTIARIUS ERROR: failed to find child 'IODiskImageBlockStorageDeviceOutKernel'\n")); 449 | 450 | //ignore 451 | continue; 452 | } 453 | 454 | //find 'IOBlockStorageDriver' child 455 | child = findChild(child, "IOBlockStorageDriver"); 456 | if(NULL == child) 457 | { 458 | //err msg 459 | DEBUG_PRINT(("OSTIARIUS ERROR: failed to find child 'IOBlockStorageDriver'\n")); 460 | 461 | //ignore 462 | continue; 463 | } 464 | 465 | //find 'IOMedia' child 466 | child = findChild(child, "IOMedia"); 467 | if(NULL == child) 468 | { 469 | //err msg 470 | DEBUG_PRINT(("OSTIARIUS ERROR: failed to find child 'IOMedia'\n")); 471 | 472 | //ignore 473 | continue; 474 | } 475 | 476 | //get 'BSD Name' 477 | bsdName = OSDynamicCast(OSString, child->getProperty("BSD Name")); 478 | if(NULL == bsdName) 479 | { 480 | //err msg 481 | DEBUG_PRINT(("OSTIARIUS ERROR: failed to get BSD NAME\n")); 482 | 483 | //ignore 484 | continue; 485 | } 486 | 487 | //get BSD name's bytes 488 | bsdNameBytes = bsdName->getCStringNoCopy(); 489 | 490 | //dbg msg 491 | DEBUG_PRINT(("OSTIARIUS: BSD-name: %s\n", bsdNameBytes)); 492 | 493 | //sanity check 494 | // mount from should start w/ /dev/ 495 | if(0 != strncmp("/dev/", mountFrom, strlen("/dev/"))) 496 | { 497 | //ignore 498 | continue; 499 | } 500 | 501 | //init offset pointer 502 | // ->skip over '/dev/' 503 | offsetPointer = mountFrom + strlen("/dev/"); 504 | if(0 == strlen(offsetPointer)) 505 | { 506 | //ignore 507 | continue; 508 | } 509 | 510 | //offset pointer should now point to something like, 'disk1s2' 511 | // ->compare w/ BSD name which should be something like 'disk1' 512 | if(0 != strncmp(bsdNameBytes, offsetPointer, strlen(bsdNameBytes))) 513 | { 514 | //dbg msg 515 | DEBUG_PRINT(("OSTIARIUS: %s != %s\n", mountFrom, bsdNameBytes)); 516 | 517 | //ignore 518 | continue; 519 | } 520 | 521 | //dbg msg 522 | DEBUG_PRINT(("OSTIARIUS: %s == %s\n", mountFrom, bsdNameBytes)); 523 | 524 | //save disk image's path into [out] parameter 525 | strncpy(diskImage, candidateDiskImage, MAXPATHLEN); 526 | 527 | //all set 528 | break; 529 | 530 | } //all 'IOHDIXHDDriveOutKernel' entries 531 | 532 | //bail 533 | bail: 534 | 535 | //release matching dictionary 536 | if(NULL != matchingDictionary) 537 | { 538 | //release 539 | matchingDictionary->release(); 540 | 541 | //unset 542 | matchingDictionary = NULL; 543 | 544 | } 545 | 546 | //release iterator 547 | if(NULL != iterator) 548 | { 549 | //release 550 | iterator->release(); 551 | 552 | //unset 553 | iterator = NULL; 554 | } 555 | 556 | //free candidate disk image buffer 557 | if(NULL != candidateDiskImage) 558 | { 559 | //free 560 | OSFree(candidateDiskImage, imagePathLength+1, allocTag); 561 | 562 | //unset 563 | candidateDiskImage = NULL; 564 | } 565 | 566 | return; 567 | } 568 | 569 | //given a parent 570 | // ->finds (first) child that matches specified class name 571 | IORegistryEntry* findChild(IORegistryEntry* parent, const char* name) 572 | { 573 | //iterator 574 | OSIterator* iterator = NULL; 575 | 576 | //candidate child 577 | IORegistryEntry* candidateChild = NULL; 578 | 579 | //child's metaclass 580 | const OSMetaClass *metaClass = NULL; 581 | 582 | //(matched) child 583 | IORegistryEntry* child = NULL; 584 | 585 | //dbg msg 586 | DEBUG_PRINT(("OSTIARIUS: looking for child: %s\n", name)); 587 | 588 | //init iterator 589 | iterator = parent->getChildIterator(gIOServicePlane); 590 | if(NULL == iterator) 591 | { 592 | //bail 593 | goto bail; 594 | } 595 | 596 | //iterate over all children 597 | while((candidateChild = (IORegistryEntry*)iterator->getNextObject())) 598 | { 599 | //get meta-class 600 | metaClass = candidateChild->getMetaClass(); 601 | if(NULL == metaClass) 602 | { 603 | //ignore 604 | continue; 605 | } 606 | 607 | //dbg 608 | DEBUG_PRINT(("OSTIARIUS: child -> %s/%s\n", candidateChild->getName(gIOServicePlane), metaClass->getClassName())); 609 | 610 | //check for match 611 | if(0 == strncmp(metaClass->getClassName(), name, strlen(name))) 612 | { 613 | //found child 614 | child = candidateChild; 615 | 616 | //bail 617 | break; 618 | } 619 | 620 | } //all children 621 | 622 | //bail 623 | bail: 624 | 625 | //release iterator 626 | if(NULL != iterator) 627 | { 628 | //release 629 | iterator->release(); 630 | 631 | //unset 632 | iterator = NULL; 633 | } 634 | 635 | return child; 636 | } 637 | 638 | //start function, automatically invoked 639 | // ->check version, register KAuth listener & alloc tag 640 | bool com_objectiveSee_OstiariusKext::start(IOService *provider) 641 | { 642 | //result 643 | bool result = false; 644 | 645 | //invoke super 646 | if(true != super::start(provider)) 647 | { 648 | //bail 649 | goto bail; 650 | } 651 | 652 | //dbg msg 653 | DEBUG_PRINT(("OSTIARIUS: starting (system version: %d,%d,%d)...\n", version_major, version_minor, version_revision)); 654 | 655 | //version check 656 | // ->only El Capitan, up to 10.11.6 (15.6.0) 657 | if( (version_major != 15) || 658 | (version_minor > 6) ) 659 | { 660 | //err msg 661 | IOLog("OSTIARIUS ERROR: %d.%d.%d is an unsupported OS\n", version_major, version_minor, version_revision); 662 | 663 | //bail 664 | goto bail; 665 | } 666 | 667 | //register listener 668 | // ->scope 'KAUTH_SCOPE_FILEOP' 669 | kauthListener = kauth_listen_scope(KAUTH_SCOPE_FILEOP, &processExec, NULL); 670 | if(NULL == kauthListener) 671 | { 672 | //err msg 673 | DEBUG_PRINT(("OSTIARIUS ERROR: kauth_listen_scope('KAUTH_SCOPE_FILEOP',...) failed\n")); 674 | 675 | //bail 676 | goto bail; 677 | } 678 | 679 | //init alloc tag 680 | allocTag = OSMalloc_Tagalloc("Ostiarius Alloc Tag", OSMT_DEFAULT); 681 | if(NULL == allocTag) 682 | { 683 | //err msg 684 | DEBUG_PRINT(("OSTIARIUS ERROR: OSMalloc_Tagalloc() failed\n")); 685 | 686 | //bail 687 | goto bail; 688 | } 689 | 690 | //happy 691 | result = true; 692 | 693 | //bail 694 | bail: 695 | 696 | return result; 697 | } 698 | 699 | //stop function, automatically invoked 700 | // ->unregister listener & free alloc tag 701 | void com_objectiveSee_OstiariusKext::stop(IOService *provider) 702 | { 703 | //dbg msg 704 | DEBUG_PRINT(("OSTIARIUS: stopping...\n")); 705 | 706 | //unregister listener 707 | if(NULL != kauthListener) 708 | { 709 | //unregister 710 | kauth_unlisten_scope(kauthListener); 711 | 712 | //unset 713 | kauthListener = NULL; 714 | } 715 | 716 | //free alloc tag 717 | if(NULL != allocTag) 718 | { 719 | //free 720 | OSMalloc_Tagfree(allocTag); 721 | 722 | //unset 723 | allocTag = NULL; 724 | } 725 | 726 | //invoke super 727 | super::stop(provider); 728 | 729 | return; 730 | } -------------------------------------------------------------------------------- /Ostiarius.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 46; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | 7D3E40B11CEAF06E002B0997 /* ConfigureWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7D3E40B01CEAF06E002B0997 /* ConfigureWindowController.xib */; }; 11 | 7D8488C61C350BA500148F37 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D8488C51C350BA500148F37 /* main.m */; }; 12 | 7D8488CC1C350BFC00148F37 /* ConfigureWindowController.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D8488C71C350BFC00148F37 /* ConfigureWindowController.m */; }; 13 | 7D8488CD1C350BFC00148F37 /* ErrorWindowController.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D8488CA1C350BFC00148F37 /* ErrorWindowController.m */; }; 14 | 7D8488CF1C350C6500148F37 /* en.lproj in Resources */ = {isa = PBXBuildFile; fileRef = 7D8488CE1C350C6500148F37 /* en.lproj */; }; 15 | 7D8488D11C350C7B00148F37 /* Base.lproj in Resources */ = {isa = PBXBuildFile; fileRef = 7D8488D01C350C7B00148F37 /* Base.lproj */; }; 16 | 7D8488D41C350CAE00148F37 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7D8488D21C350CAE00148F37 /* MainMenu.xib */; }; 17 | 7D8488D81C35191F00148F37 /* Images.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 7D8488D71C35191F00148F37 /* Images.xcassets */; }; 18 | 7D8488DE1C351C5900148F37 /* icon.png in Resources */ = {isa = PBXBuildFile; fileRef = 7D8488DD1C351C5900148F37 /* icon.png */; }; 19 | 7D8488E11C351F3000148F37 /* ostiarius.png in Resources */ = {isa = PBXBuildFile; fileRef = 7D8488E01C351F3000148F37 /* ostiarius.png */; }; 20 | 7DF0DC5E1C350A690050D65D /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 7DF0DC5D1C350A690050D65D /* AppDelegate.m */; }; 21 | 7DF0DC671C350A780050D65D /* Utilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 7DF0DC5F1C350A780050D65D /* Utilities.m */; }; 22 | 7DF0DC681C350A780050D65D /* Logging.m in Sources */ = {isa = PBXBuildFile; fileRef = 7DF0DC611C350A780050D65D /* Logging.m */; }; 23 | 7DF0DC691C350A780050D65D /* Exception.m in Sources */ = {isa = PBXBuildFile; fileRef = 7DF0DC621C350A780050D65D /* Exception.m */; }; 24 | 7DF0DC6A1C350A780050D65D /* Configure.m in Sources */ = {isa = PBXBuildFile; fileRef = 7DF0DC641C350A780050D65D /* Configure.m */; }; 25 | 7DF0DC6E1C350AD20050D65D /* ErrorWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7DF0DC6D1C350AD20050D65D /* ErrorWindowController.xib */; }; 26 | CD7F088C19AE6DCA00FF00FC /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD7F088B19AE6DCA00FF00FC /* Cocoa.framework */; }; 27 | /* End PBXBuildFile section */ 28 | 29 | /* Begin PBXFileReference section */ 30 | 7D3E40B01CEAF06E002B0997 /* ConfigureWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = ConfigureWindowController.xib; path = Ostiarius/UI/ConfigureWindowController.xib; sourceTree = SOURCE_ROOT; }; 31 | 7D8488C21C350B9400148F37 /* Ostiarius-Prefix.pch */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "Ostiarius-Prefix.pch"; path = "Ostiarius/Ostiarius-Prefix.pch"; sourceTree = SOURCE_ROOT; }; 32 | 7D8488C31C350B9400148F37 /* Ostiarius-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "Ostiarius-Info.plist"; path = "Ostiarius/Ostiarius-Info.plist"; sourceTree = SOURCE_ROOT; }; 33 | 7D8488C51C350BA500148F37 /* main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = main.m; path = Ostiarius/main.m; sourceTree = SOURCE_ROOT; }; 34 | 7D8488C71C350BFC00148F37 /* ConfigureWindowController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = ConfigureWindowController.m; path = Ostiarius/ConfigureWindowController.m; sourceTree = SOURCE_ROOT; }; 35 | 7D8488C81C350BFC00148F37 /* ConfigureWindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ConfigureWindowController.h; path = Ostiarius/ConfigureWindowController.h; sourceTree = SOURCE_ROOT; }; 36 | 7D8488C91C350BFC00148F37 /* Logging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Logging.h; path = Ostiarius/Logging.h; sourceTree = SOURCE_ROOT; }; 37 | 7D8488CA1C350BFC00148F37 /* ErrorWindowController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = ErrorWindowController.m; path = Ostiarius/ErrorWindowController.m; sourceTree = SOURCE_ROOT; }; 38 | 7D8488CB1C350BFC00148F37 /* ErrorWindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ErrorWindowController.h; path = Ostiarius/ErrorWindowController.h; sourceTree = SOURCE_ROOT; }; 39 | 7D8488CE1C350C6500148F37 /* en.lproj */ = {isa = PBXFileReference; lastKnownFileType = folder; name = en.lproj; path = Ostiarius/en.lproj; sourceTree = SOURCE_ROOT; }; 40 | 7D8488D01C350C7B00148F37 /* Base.lproj */ = {isa = PBXFileReference; lastKnownFileType = folder; name = Base.lproj; path = Ostiarius/Base.lproj; sourceTree = SOURCE_ROOT; }; 41 | 7D8488D31C350CAE00148F37 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Ostiarius/Base.lproj/MainMenu.xib; sourceTree = SOURCE_ROOT; }; 42 | 7D8488D71C35191F00148F37 /* Images.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; name = Images.xcassets; path = Ostiarius/Images.xcassets; sourceTree = SOURCE_ROOT; }; 43 | 7D8488DD1C351C5900148F37 /* icon.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = icon.png; path = Ostiarius/images/icon.png; sourceTree = SOURCE_ROOT; }; 44 | 7D8488E01C351F3000148F37 /* ostiarius.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = ostiarius.png; path = Ostiarius/images/ostiarius.png; sourceTree = SOURCE_ROOT; }; 45 | 7DF0DC5C1C350A690050D65D /* AppDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AppDelegate.h; path = Ostiarius/AppDelegate.h; sourceTree = SOURCE_ROOT; }; 46 | 7DF0DC5D1C350A690050D65D /* AppDelegate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = AppDelegate.m; path = Ostiarius/AppDelegate.m; sourceTree = SOURCE_ROOT; }; 47 | 7DF0DC5F1C350A780050D65D /* Utilities.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Utilities.m; path = Ostiarius/Utilities.m; sourceTree = SOURCE_ROOT; }; 48 | 7DF0DC601C350A780050D65D /* Utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Utilities.h; path = Ostiarius/Utilities.h; sourceTree = SOURCE_ROOT; }; 49 | 7DF0DC611C350A780050D65D /* Logging.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Logging.m; path = Ostiarius/Logging.m; sourceTree = SOURCE_ROOT; }; 50 | 7DF0DC621C350A780050D65D /* Exception.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Exception.m; path = Ostiarius/Exception.m; sourceTree = SOURCE_ROOT; }; 51 | 7DF0DC631C350A780050D65D /* Exception.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Exception.h; path = Ostiarius/Exception.h; sourceTree = SOURCE_ROOT; }; 52 | 7DF0DC641C350A780050D65D /* Configure.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Configure.m; path = Ostiarius/Configure.m; sourceTree = SOURCE_ROOT; }; 53 | 7DF0DC651C350A780050D65D /* Configure.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Configure.h; path = Ostiarius/Configure.h; sourceTree = SOURCE_ROOT; }; 54 | 7DF0DC661C350A780050D65D /* Consts.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Consts.h; path = Ostiarius/Consts.h; sourceTree = SOURCE_ROOT; }; 55 | 7DF0DC6D1C350AD20050D65D /* ErrorWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = ErrorWindowController.xib; path = Ostiarius/UI/ErrorWindowController.xib; sourceTree = SOURCE_ROOT; }; 56 | CD7F088819AE6DCA00FF00FC /* Ostiarius.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Ostiarius.app; sourceTree = BUILT_PRODUCTS_DIR; }; 57 | CD7F088B19AE6DCA00FF00FC /* Cocoa.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Cocoa.framework; path = System/Library/Frameworks/Cocoa.framework; sourceTree = SDKROOT; }; 58 | CD7F088E19AE6DCA00FF00FC /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = System/Library/Frameworks/AppKit.framework; sourceTree = SDKROOT; }; 59 | CD7F089019AE6DCA00FF00FC /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; 60 | /* End PBXFileReference section */ 61 | 62 | /* Begin PBXFrameworksBuildPhase section */ 63 | CD7F088519AE6DCA00FF00FC /* Frameworks */ = { 64 | isa = PBXFrameworksBuildPhase; 65 | buildActionMask = 2147483647; 66 | files = ( 67 | CD7F088C19AE6DCA00FF00FC /* Cocoa.framework in Frameworks */, 68 | ); 69 | runOnlyForDeploymentPostprocessing = 0; 70 | }; 71 | /* End PBXFrameworksBuildPhase section */ 72 | 73 | /* Begin PBXGroup section */ 74 | 7D8488DF1C351C5D00148F37 /* Images */ = { 75 | isa = PBXGroup; 76 | children = ( 77 | 7D8488E01C351F3000148F37 /* ostiarius.png */, 78 | 7D8488DD1C351C5900148F37 /* icon.png */, 79 | ); 80 | name = Images; 81 | sourceTree = ""; 82 | }; 83 | CD7C872019D4428100EC7F0A /* UI */ = { 84 | isa = PBXGroup; 85 | children = ( 86 | 7D3E40B01CEAF06E002B0997 /* ConfigureWindowController.xib */, 87 | 7D8488D21C350CAE00148F37 /* MainMenu.xib */, 88 | 7DF0DC6D1C350AD20050D65D /* ErrorWindowController.xib */, 89 | ); 90 | name = UI; 91 | sourceTree = ""; 92 | }; 93 | CD7F087F19AE6DCA00FF00FC = { 94 | isa = PBXGroup; 95 | children = ( 96 | CD7F089119AE6DCA00FF00FC /* Ostiarius */, 97 | CD7F088A19AE6DCA00FF00FC /* Frameworks */, 98 | CD7F088919AE6DCA00FF00FC /* Products */, 99 | ); 100 | sourceTree = ""; 101 | }; 102 | CD7F088919AE6DCA00FF00FC /* Products */ = { 103 | isa = PBXGroup; 104 | children = ( 105 | CD7F088819AE6DCA00FF00FC /* Ostiarius.app */, 106 | ); 107 | name = Products; 108 | sourceTree = ""; 109 | }; 110 | CD7F088A19AE6DCA00FF00FC /* Frameworks */ = { 111 | isa = PBXGroup; 112 | children = ( 113 | CD7F088E19AE6DCA00FF00FC /* AppKit.framework */, 114 | CD7F088B19AE6DCA00FF00FC /* Cocoa.framework */, 115 | CD7F089019AE6DCA00FF00FC /* Foundation.framework */, 116 | ); 117 | name = Frameworks; 118 | sourceTree = ""; 119 | }; 120 | CD7F089119AE6DCA00FF00FC /* Ostiarius */ = { 121 | isa = PBXGroup; 122 | children = ( 123 | 7D8488D71C35191F00148F37 /* Images.xcassets */, 124 | 7DF0DC5C1C350A690050D65D /* AppDelegate.h */, 125 | 7DF0DC5D1C350A690050D65D /* AppDelegate.m */, 126 | 7D8488C71C350BFC00148F37 /* ConfigureWindowController.m */, 127 | 7D8488C81C350BFC00148F37 /* ConfigureWindowController.h */, 128 | 7DF0DC651C350A780050D65D /* Configure.h */, 129 | 7DF0DC641C350A780050D65D /* Configure.m */, 130 | 7DF0DC661C350A780050D65D /* Consts.h */, 131 | 7D8488CA1C350BFC00148F37 /* ErrorWindowController.m */, 132 | 7D8488CB1C350BFC00148F37 /* ErrorWindowController.h */, 133 | 7DF0DC631C350A780050D65D /* Exception.h */, 134 | 7DF0DC621C350A780050D65D /* Exception.m */, 135 | 7D8488C91C350BFC00148F37 /* Logging.h */, 136 | 7DF0DC611C350A780050D65D /* Logging.m */, 137 | 7DF0DC601C350A780050D65D /* Utilities.h */, 138 | 7DF0DC5F1C350A780050D65D /* Utilities.m */, 139 | 7D8488D01C350C7B00148F37 /* Base.lproj */, 140 | 7D8488CE1C350C6500148F37 /* en.lproj */, 141 | 7D8488DF1C351C5D00148F37 /* Images */, 142 | CD7F089219AE6DCA00FF00FC /* Supporting Files */, 143 | CD7C872019D4428100EC7F0A /* UI */, 144 | ); 145 | name = Ostiarius; 146 | path = KnockKnock; 147 | sourceTree = ""; 148 | }; 149 | CD7F089219AE6DCA00FF00FC /* Supporting Files */ = { 150 | isa = PBXGroup; 151 | children = ( 152 | 7D8488C51C350BA500148F37 /* main.m */, 153 | 7D8488C21C350B9400148F37 /* Ostiarius-Prefix.pch */, 154 | 7D8488C31C350B9400148F37 /* Ostiarius-Info.plist */, 155 | ); 156 | name = "Supporting Files"; 157 | sourceTree = ""; 158 | }; 159 | /* End PBXGroup section */ 160 | 161 | /* Begin PBXNativeTarget section */ 162 | CD7F088719AE6DCA00FF00FC /* Ostiarius */ = { 163 | isa = PBXNativeTarget; 164 | buildConfigurationList = CD7F08B919AE6DCA00FF00FC /* Build configuration list for PBXNativeTarget "Ostiarius" */; 165 | buildPhases = ( 166 | CD7F088419AE6DCA00FF00FC /* Sources */, 167 | CD7F088519AE6DCA00FF00FC /* Frameworks */, 168 | CD7F088619AE6DCA00FF00FC /* Resources */, 169 | 7D774F241C015DBD00A9CCE4 /* Run Script */, 170 | ); 171 | buildRules = ( 172 | ); 173 | dependencies = ( 174 | ); 175 | name = Ostiarius; 176 | productName = KnockKnock; 177 | productReference = CD7F088819AE6DCA00FF00FC /* Ostiarius.app */; 178 | productType = "com.apple.product-type.application"; 179 | }; 180 | /* End PBXNativeTarget section */ 181 | 182 | /* Begin PBXProject section */ 183 | CD7F088019AE6DCA00FF00FC /* Project object */ = { 184 | isa = PBXProject; 185 | attributes = { 186 | LastUpgradeCheck = 0710; 187 | ORGANIZATIONNAME = Synack; 188 | TargetAttributes = { 189 | CD7F088719AE6DCA00FF00FC = { 190 | DevelopmentTeam = VBG97UB4TA; 191 | }; 192 | }; 193 | }; 194 | buildConfigurationList = CD7F088319AE6DCA00FF00FC /* Build configuration list for PBXProject "Ostiarius" */; 195 | compatibilityVersion = "Xcode 3.2"; 196 | developmentRegion = English; 197 | hasScannedForEncodings = 0; 198 | knownRegions = ( 199 | en, 200 | Base, 201 | ); 202 | mainGroup = CD7F087F19AE6DCA00FF00FC; 203 | productRefGroup = CD7F088919AE6DCA00FF00FC /* Products */; 204 | projectDirPath = ""; 205 | projectRoot = ""; 206 | targets = ( 207 | CD7F088719AE6DCA00FF00FC /* Ostiarius */, 208 | ); 209 | }; 210 | /* End PBXProject section */ 211 | 212 | /* Begin PBXResourcesBuildPhase section */ 213 | CD7F088619AE6DCA00FF00FC /* Resources */ = { 214 | isa = PBXResourcesBuildPhase; 215 | buildActionMask = 2147483647; 216 | files = ( 217 | 7DF0DC6E1C350AD20050D65D /* ErrorWindowController.xib in Resources */, 218 | 7D8488DE1C351C5900148F37 /* icon.png in Resources */, 219 | 7D8488D41C350CAE00148F37 /* MainMenu.xib in Resources */, 220 | 7D8488E11C351F3000148F37 /* ostiarius.png in Resources */, 221 | 7D3E40B11CEAF06E002B0997 /* ConfigureWindowController.xib in Resources */, 222 | 7D8488D81C35191F00148F37 /* Images.xcassets in Resources */, 223 | 7D8488D11C350C7B00148F37 /* Base.lproj in Resources */, 224 | 7D8488CF1C350C6500148F37 /* en.lproj in Resources */, 225 | ); 226 | runOnlyForDeploymentPostprocessing = 0; 227 | }; 228 | /* End PBXResourcesBuildPhase section */ 229 | 230 | /* Begin PBXShellScriptBuildPhase section */ 231 | 7D774F241C015DBD00A9CCE4 /* Run Script */ = { 232 | isa = PBXShellScriptBuildPhase; 233 | buildActionMask = 2147483647; 234 | files = ( 235 | ); 236 | inputPaths = ( 237 | ); 238 | name = "Run Script"; 239 | outputPaths = ( 240 | ); 241 | runOnlyForDeploymentPostprocessing = 0; 242 | shellPath = /bin/sh; 243 | shellScript = "#cp -R -f $BUILT_PRODUCTS_DIR/Ostiarius.kext $BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/Resources/\ncp -R -f ~/objective-see/Ostiarius/DerivedData/Ostiarius/Build/Products/Release/Ostiarius.kext ~/objective-see/Ostiarius/DerivedData/Ostiarius/Build/Intermediates/ArchiveIntermediates/Ostiarius/InstallationBuildProductsLocation/Applications/Ostiarius.app/Contents/Resources\n"; 244 | }; 245 | /* End PBXShellScriptBuildPhase section */ 246 | 247 | /* Begin PBXSourcesBuildPhase section */ 248 | CD7F088419AE6DCA00FF00FC /* Sources */ = { 249 | isa = PBXSourcesBuildPhase; 250 | buildActionMask = 2147483647; 251 | files = ( 252 | 7D8488CD1C350BFC00148F37 /* ErrorWindowController.m in Sources */, 253 | 7DF0DC6A1C350A780050D65D /* Configure.m in Sources */, 254 | 7DF0DC691C350A780050D65D /* Exception.m in Sources */, 255 | 7DF0DC5E1C350A690050D65D /* AppDelegate.m in Sources */, 256 | 7DF0DC671C350A780050D65D /* Utilities.m in Sources */, 257 | 7D8488C61C350BA500148F37 /* main.m in Sources */, 258 | 7DF0DC681C350A780050D65D /* Logging.m in Sources */, 259 | 7D8488CC1C350BFC00148F37 /* ConfigureWindowController.m in Sources */, 260 | ); 261 | runOnlyForDeploymentPostprocessing = 0; 262 | }; 263 | /* End PBXSourcesBuildPhase section */ 264 | 265 | /* Begin PBXVariantGroup section */ 266 | 7D8488D21C350CAE00148F37 /* MainMenu.xib */ = { 267 | isa = PBXVariantGroup; 268 | children = ( 269 | 7D8488D31C350CAE00148F37 /* Base */, 270 | ); 271 | name = MainMenu.xib; 272 | sourceTree = ""; 273 | }; 274 | /* End PBXVariantGroup section */ 275 | 276 | /* Begin XCBuildConfiguration section */ 277 | CD7F08B719AE6DCA00FF00FC /* Debug */ = { 278 | isa = XCBuildConfiguration; 279 | buildSettings = { 280 | ALWAYS_SEARCH_USER_PATHS = NO; 281 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 282 | CLANG_CXX_LIBRARY = "libc++"; 283 | CLANG_ENABLE_MODULES = YES; 284 | CLANG_ENABLE_OBJC_ARC = YES; 285 | CLANG_WARN_BOOL_CONVERSION = YES; 286 | CLANG_WARN_CONSTANT_CONVERSION = YES; 287 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 288 | CLANG_WARN_EMPTY_BODY = YES; 289 | CLANG_WARN_ENUM_CONVERSION = YES; 290 | CLANG_WARN_INT_CONVERSION = YES; 291 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 292 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 293 | COPY_PHASE_STRIP = NO; 294 | ENABLE_TESTABILITY = YES; 295 | GCC_C_LANGUAGE_STANDARD = gnu99; 296 | GCC_DYNAMIC_NO_PIC = NO; 297 | GCC_ENABLE_OBJC_EXCEPTIONS = YES; 298 | GCC_OPTIMIZATION_LEVEL = 0; 299 | GCC_PREPROCESSOR_DEFINITIONS = ( 300 | "DEBUG=1", 301 | "$(inherited)", 302 | ); 303 | GCC_SYMBOLS_PRIVATE_EXTERN = NO; 304 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 305 | GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; 306 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 307 | GCC_WARN_UNDECLARED_SELECTOR = YES; 308 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 309 | GCC_WARN_UNUSED_FUNCTION = YES; 310 | GCC_WARN_UNUSED_VARIABLE = YES; 311 | MACOSX_DEPLOYMENT_TARGET = 10.7; 312 | ONLY_ACTIVE_ARCH = YES; 313 | SDKROOT = macosx; 314 | }; 315 | name = Debug; 316 | }; 317 | CD7F08B819AE6DCA00FF00FC /* Release */ = { 318 | isa = XCBuildConfiguration; 319 | buildSettings = { 320 | ALWAYS_SEARCH_USER_PATHS = NO; 321 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 322 | CLANG_CXX_LIBRARY = "libc++"; 323 | CLANG_ENABLE_MODULES = YES; 324 | CLANG_ENABLE_OBJC_ARC = YES; 325 | CLANG_WARN_BOOL_CONVERSION = YES; 326 | CLANG_WARN_CONSTANT_CONVERSION = YES; 327 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 328 | CLANG_WARN_EMPTY_BODY = YES; 329 | CLANG_WARN_ENUM_CONVERSION = YES; 330 | CLANG_WARN_INT_CONVERSION = YES; 331 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 332 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 333 | COPY_PHASE_STRIP = YES; 334 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 335 | ENABLE_NS_ASSERTIONS = NO; 336 | GCC_C_LANGUAGE_STANDARD = gnu99; 337 | GCC_ENABLE_OBJC_EXCEPTIONS = YES; 338 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 339 | GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; 340 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 341 | GCC_WARN_UNDECLARED_SELECTOR = YES; 342 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 343 | GCC_WARN_UNUSED_FUNCTION = YES; 344 | GCC_WARN_UNUSED_VARIABLE = YES; 345 | MACOSX_DEPLOYMENT_TARGET = 10.7; 346 | SDKROOT = macosx; 347 | }; 348 | name = Release; 349 | }; 350 | CD7F08BA19AE6DCA00FF00FC /* Debug */ = { 351 | isa = XCBuildConfiguration; 352 | buildSettings = { 353 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 354 | CODE_SIGN_IDENTITY = "Developer ID Application"; 355 | "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer"; 356 | COMBINE_HIDPI_IMAGES = YES; 357 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 358 | GCC_PREFIX_HEADER = "Ostiarius/Ostiarius-Prefix.pch"; 359 | INFOPLIST_FILE = "Ostiarius/Ostiarius-Info.plist"; 360 | MACOSX_DEPLOYMENT_TARGET = 10.8; 361 | PRODUCT_BUNDLE_IDENTIFIER = "com.objectiveSee.$(PRODUCT_NAME:rfc1034identifier)"; 362 | PRODUCT_NAME = Ostiarius; 363 | PROVISIONING_PROFILE = ""; 364 | WRAPPER_EXTENSION = app; 365 | }; 366 | name = Debug; 367 | }; 368 | CD7F08BB19AE6DCA00FF00FC /* Release */ = { 369 | isa = XCBuildConfiguration; 370 | buildSettings = { 371 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 372 | CODE_SIGN_IDENTITY = "Developer ID Application"; 373 | "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer"; 374 | COMBINE_HIDPI_IMAGES = YES; 375 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 376 | GCC_PREFIX_HEADER = "Ostiarius/Ostiarius-Prefix.pch"; 377 | INFOPLIST_FILE = "Ostiarius/Ostiarius-Info.plist"; 378 | MACOSX_DEPLOYMENT_TARGET = 10.8; 379 | PRODUCT_BUNDLE_IDENTIFIER = "com.objectiveSee.$(PRODUCT_NAME:rfc1034identifier)"; 380 | PRODUCT_NAME = Ostiarius; 381 | PROVISIONING_PROFILE = ""; 382 | WRAPPER_EXTENSION = app; 383 | }; 384 | name = Release; 385 | }; 386 | /* End XCBuildConfiguration section */ 387 | 388 | /* Begin XCConfigurationList section */ 389 | CD7F088319AE6DCA00FF00FC /* Build configuration list for PBXProject "Ostiarius" */ = { 390 | isa = XCConfigurationList; 391 | buildConfigurations = ( 392 | CD7F08B719AE6DCA00FF00FC /* Debug */, 393 | CD7F08B819AE6DCA00FF00FC /* Release */, 394 | ); 395 | defaultConfigurationIsVisible = 0; 396 | defaultConfigurationName = Release; 397 | }; 398 | CD7F08B919AE6DCA00FF00FC /* Build configuration list for PBXNativeTarget "Ostiarius" */ = { 399 | isa = XCConfigurationList; 400 | buildConfigurations = ( 401 | CD7F08BA19AE6DCA00FF00FC /* Debug */, 402 | CD7F08BB19AE6DCA00FF00FC /* Release */, 403 | ); 404 | defaultConfigurationIsVisible = 0; 405 | defaultConfigurationName = Release; 406 | }; 407 | /* End XCConfigurationList section */ 408 | }; 409 | rootObject = CD7F088019AE6DCA00FF00FC /* Project object */; 410 | } 411 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | --------------------------------------------------------------------------------