Open dannyleeuk opened 6 months ago
Are you able to upload a copy of the identity service executable as requested in other threads? Someone may be able to reverse it for you then.
identityservicesd.zip - 14.4 Apple Silicon (23E5211a)
Hi @0xdevalias - Attached 😄
⇒ sha256sum samples/macos-14.4-23E5211a-sonoma-identityservicesd
5b4fc94e11555b628161ca1e5c4c14f8b3350fb28d0b513f4b6875ecce3b06ee samples/macos-14.4-23E5211a-sonoma-identityservicesd
Attempted auto-discovery of the offsets:
⇒ ./find_fat_binary_offsets.py samples/macos-14.4-23E5211a-sonoma-identityservicesd
-= Universal Binary Sections =-
Architecture 0 (x86_64):
CPU Type: 16777223 (0x1000007)
CPU Subtype: 3 (0x3)
CPU Subtype Capability: 0 (0x0)
Offset: 0x4000 (Valid Mach-O Header: Yes)
Size: 8880384
Align: 14
Architecture 1 (arm64e):
CPU Type: 16777228 (0x100000c)
CPU Subtype: 2 (0x2)
CPU Subtype Capability: 128 (0x80)
Offset: 0x880000 (Valid Mach-O Header: Yes)
Size: 9865136
Align: 14
-= Found Symbol Offsets =-
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture x86_64: 0x0d6715
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture arm64e: 0x0c0b84
-= Found Hex Offsets (with pure python fixed sequence search + regex) =-
Architecture 0 (x86_64):
IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xd6715
NACInitAddress: 0x557cd0
NACKeyEstablishmentAddress: 0x537d10
NACSignAddress: 0x54b000
Architecture 1 (arm64e):
IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xc0b84; 0x2f5d0c; 0x322dac; 0x33a660
NACInitAddress: 0x4c2468
NACKeyEstablishmentAddress: 0x4afccc
NACSignAddress: 0x489ed8
These should probably be confirmed, but then a new PR could be created to add them.
Tangentially related:
I have extracted the offsets for macos 14.4 beta2. Would it be possible to add them so I can create a new registration code?
-= Universal Binary Sections =- Architecture 0 (x86_64): CPU Type: 16777223 (0x1000007) CPU Subtype: 3 (0x3) CPU Subtype Capability: 0 (0x0) Offset: 0x4000 (Valid Mach-O Header: Yes) Size: 8866912 Align: 14 Architecture 1 (arm64e): CPU Type: 16777228 (0x100000c) CPU Subtype: 2 (0x2) CPU Subtype Capability: 128 (0x80) Offset: 0x87c000 (Valid Mach-O Header: Yes) Size: 9847584 Align: 14 -= Found Symbol Offsets =- Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture x86_64: 0x0d5a35 Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture arm64e: 0x0bec84 -= Found Hex Offsets (with pure python fixed sequence search + regex) =- Architecture 0 (x86_64): IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xd5a35 NACInitAddress: 0x5558a0 NACKeyEstablishmentAddress: 0x5358e0 NACSignAddress: 0x548bd0 Architecture 1 (arm64e): IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xbec84; 0x2f33c4; 0x320464; 0x3378cc NACInitAddress: 0x4bf1d8 NACKeyEstablishmentAddress: 0x4aca3c NACSignAddress: 0x486c48
Originally posted by @TheDave94 in https://github.com/beeper/mac-registration-provider/issues/9#issuecomment-1937610205
Bump. Also, willing to test if needed.
@dannyleeuk Which beta did you upload the binary for out of curiosity?
@chota Created PR with the above offsets, currently untested if you wanted to check it out + add whether it works there:
Error. I am not a programmer.
Christophers-MacBook-Pro:mac-registration-provider-main christophergautamhota$ ./build.sh fatal: not a git repository (or any of the parent directories): .git go: downloading nhooyr.io/websocket v1.8.10 go: downloading howett.net/plist v1.0.0 go: downloading github.com/tidwall/gjson v1.17.0 go: downloading github.com/tidwall/match v1.1.1 go: downloading github.com/tidwall/pretty v1.2.0 Christophers-MacBook-Pro:mac-registration-provider-main christophergautamhota$ chmod +x mac-registration-provider Christophers-MacBook-Pro:mac-registration-provider-main christophergautamhota$ ./mac-registration-provider panic: runtime error: slice bounds out of range [:8] with length 0
goroutine 1 [running]: main.init() /Users/christophergautamhota/Downloads/mac-registration-provider-main/main.go:34 +0x36f
Help?
@dannyleeuk Which beta did you upload the binary for out of curiosity?
@0xdevalias - Honestly, not sure. I think it was Beta 5, however they've just released 14.4 RC so I'm guessing i'll need to re-upload the new file just in case Apple have changed something again?
so I'm guessing i'll need to re-upload the new file just in case Apple have changed something again?
@dannyleeuk Technically, yeah; and then we'll also probably need to check it again once the official final release comes out too.
Please could we add support for MacOS 14.4 Beta - I get a "No Offsets found for 14.4"
Would be great to have Beta support so we can test it in advance of GA releases