search

beeper / mac-registration-provider

A small service that generates iMessage registration data on a Mac
GNU Affero General Public License v3.0
133 stars 29 forks source link

Add support for macOS Sonoma 14.3.1 on Apple Silicon #33

Open piperswe opened 6 months ago

piperswe commented 6 months ago

Here is the identityservicesd binary from 23D60 for Apple Silicon:

identityservicesd-14.3.1-23D60-aarch64.zip

I made the grave mistake of updating macOS just before setting up Beeper, hopefully this can get updated to support 14.3.1.

jayjay181818 commented 6 months ago

Same issue, frustratingly my UTM VM is on a too early version of Monterey to use the commandline tool.. But thankfully my Intel hackintosh VM on Sonoma worked...

aarush-kukreja-princeton commented 5 months ago

second this

0xdevalias commented 5 months ago

Here is the identityservicesd binary from 23D60 for Apple Silicon:

identityservicesd-14.3.1-23D60-aarch64.zip

⇒ sha256sum ./samples/macos-14.3.1-23D60-sonoma-identityservicesd
d3c6986fefcbd2efea2a8a7c88104bf22d60d1f4f2bbf3615a1e3ce098aba765  ./samples/macos-14.3.1-23D60-sonoma-identityservicesd

Using my script from:

⇒ ./find_fat_binary_offsets.py samples/macos-14.3.1-23D60-sonoma-identityservicesd

-= Universal Binary Sections =-
Architecture 0 (x86_64):
  CPU Type: 16777223 (0x1000007)
  CPU Subtype: 3 (0x3)
  CPU Subtype Capability: 0 (0x0)
  Offset: 0x4000 (Valid Mach-O Header: Yes)
  Size: 8820512
  Align: 14
Architecture 1 (arm64e):
  CPU Type: 16777228 (0x100000c)
  CPU Subtype: 2 (0x2)
  CPU Subtype Capability: 128 (0x80)
  Offset: 0x870000 (Valid Mach-O Header: Yes)
  Size: 9796976
  Align: 14

-= Found Symbol Offsets =-
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture x86_64: 0x0d47c9
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture arm64e: 0x0bd81c

-= Found Hex Offsets (with pure python fixed sequence search + regex) =-
Architecture 0 (x86_64):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xd47c9
  NACInitAddress: 0x54c6d0
  NACKeyEstablishmentAddress: 0x52c710
  NACSignAddress: 0x53fa00
Architecture 1 (arm64e):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xbd81c; 0x2ef2d0; 0x31c2d4; 0x333754
  NACInitAddress: 0x4b5580
  NACKeyEstablishmentAddress: 0x4a2de4
  NACSignAddress: 0x47cff0

Looking in the offsets code file, the sha256 hash for this file matches the one already recorded for macOS 14.3, suggesting it's already supported:

https://github.com/beeper/mac-registration-provider/blob/1e1d19080df87b9a0da9d39cab9156ba5878b240/nac/offsets.go#L251-L252

Confirming this, looking at those offsets for offsets_14_3, they match what my script above identified:

https://github.com/beeper/mac-registration-provider/blob/1e1d19080df87b9a0da9d39cab9156ba5878b240/nac/offsets.go#L186-L201

These were updated in the following PR from Jan 24, which predates this issue being opened by almost a month:

@tulir This issue can be closed.