search

beeper / mac-registration-provider

A small service that generates iMessage registration data on a Mac
GNU Affero General Public License v3.0
133 stars 29 forks source link

Add support for MacOS 14.4 Beta #34

Open dannyleeuk opened 6 months ago

dannyleeuk commented 6 months ago

Please could we add support for MacOS 14.4 Beta - I get a "No Offsets found for 14.4"

Would be great to have Beta support so we can test it in advance of GA releases

0xdevalias commented 6 months ago

Are you able to upload a copy of the identity service executable as requested in other threads? Someone may be able to reverse it for you then.

dannyleeuk commented 6 months ago

identityservicesd.zip - 14.4 Apple Silicon (23E5211a)

Hi @0xdevalias - Attached 😄

0xdevalias commented 6 months ago 
⇒ sha256sum samples/macos-14.4-23E5211a-sonoma-identityservicesd
5b4fc94e11555b628161ca1e5c4c14f8b3350fb28d0b513f4b6875ecce3b06ee  samples/macos-14.4-23E5211a-sonoma-identityservicesd

Attempted auto-discovery of the offsets:

⇒ ./find_fat_binary_offsets.py samples/macos-14.4-23E5211a-sonoma-identityservicesd

-= Universal Binary Sections =-
Architecture 0 (x86_64):
  CPU Type: 16777223 (0x1000007)
  CPU Subtype: 3 (0x3)
  CPU Subtype Capability: 0 (0x0)
  Offset: 0x4000 (Valid Mach-O Header: Yes)
  Size: 8880384
  Align: 14
Architecture 1 (arm64e):
  CPU Type: 16777228 (0x100000c)
  CPU Subtype: 2 (0x2)
  CPU Subtype Capability: 128 (0x80)
  Offset: 0x880000 (Valid Mach-O Header: Yes)
  Size: 9865136
  Align: 14

-= Found Symbol Offsets =-
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture x86_64: 0x0d6715
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture arm64e: 0x0c0b84

-= Found Hex Offsets (with pure python fixed sequence search + regex) =-
Architecture 0 (x86_64):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xd6715
  NACInitAddress: 0x557cd0
  NACKeyEstablishmentAddress: 0x537d10
  NACSignAddress: 0x54b000
Architecture 1 (arm64e):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xc0b84; 0x2f5d0c; 0x322dac; 0x33a660
  NACInitAddress: 0x4c2468
  NACKeyEstablishmentAddress: 0x4afccc
  NACSignAddress: 0x489ed8

These should probably be confirmed, but then a new PR could be created to add them.

Tangentially related:

I have extracted the offsets for macos 14.4 beta2. Would it be possible to add them so I can create a new registration code?

-= Universal Binary Sections =-
Architecture 0 (x86_64):
  CPU Type: 16777223 (0x1000007)
  CPU Subtype: 3 (0x3)
  CPU Subtype Capability: 0 (0x0)
  Offset: 0x4000 (Valid Mach-O Header: Yes)
  Size: 8866912
  Align: 14
Architecture 1 (arm64e):
  CPU Type: 16777228 (0x100000c)
  CPU Subtype: 2 (0x2)
  CPU Subtype Capability: 128 (0x80)
  Offset: 0x87c000 (Valid Mach-O Header: Yes)
  Size: 9847584
  Align: 14

-= Found Symbol Offsets =-
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture x86_64: 0x0d5a35
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture arm64e: 0x0bec84

-= Found Hex Offsets (with pure python fixed sequence search + regex) =-
Architecture 0 (x86_64):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xd5a35
  NACInitAddress: 0x5558a0
  NACKeyEstablishmentAddress: 0x5358e0
  NACSignAddress: 0x548bd0
Architecture 1 (arm64e):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xbec84; 0x2f33c4; 0x320464; 0x3378cc
  NACInitAddress: 0x4bf1d8
  NACKeyEstablishmentAddress: 0x4aca3c
  NACSignAddress: 0x486c48

Originally posted by @TheDave94 in https://github.com/beeper/mac-registration-provider/issues/9#issuecomment-1937610205

chota commented 6 months ago

Bump. Also, willing to test if needed.

0xdevalias commented 6 months ago

@dannyleeuk Which beta did you upload the binary for out of curiosity?

0xdevalias commented 6 months ago

@chota Created PR with the above offsets, currently untested if you wanted to check it out + add whether it works there:

chota commented 6 months ago

Error. I am not a programmer.

Christophers-MacBook-Pro:mac-registration-provider-main christophergautamhota$ ./build.sh fatal: not a git repository (or any of the parent directories): .git go: downloading nhooyr.io/websocket v1.8.10 go: downloading howett.net/plist v1.0.0 go: downloading github.com/tidwall/gjson v1.17.0 go: downloading github.com/tidwall/match v1.1.1 go: downloading github.com/tidwall/pretty v1.2.0 Christophers-MacBook-Pro:mac-registration-provider-main christophergautamhota$ chmod +x mac-registration-provider Christophers-MacBook-Pro:mac-registration-provider-main christophergautamhota$ ./mac-registration-provider panic: runtime error: slice bounds out of range [:8] with length 0

goroutine 1 [running]: main.init() /Users/christophergautamhota/Downloads/mac-registration-provider-main/main.go:34 +0x36f

Help?

dannyleeuk commented 6 months ago

@dannyleeuk Which beta did you upload the binary for out of curiosity?

@0xdevalias - Honestly, not sure. I think it was Beta 5, however they've just released 14.4 RC so I'm guessing i'll need to re-upload the new file just in case Apple have changed something again?

0xdevalias commented 6 months ago

so I'm guessing i'll need to re-upload the new file just in case Apple have changed something again?

@dannyleeuk Technically, yeah; and then we'll also probably need to check it again once the official final release comes out too.

0xdevalias commented 6 months ago

See also: