search

kam800 / MachObfuscator

MachObfuscator is a programming-language-agnostic Mach-O apps obfuscator for Apple platforms.
MIT License
521 stars 77 forks source link

Nothing obfuscated in macOS binary #116

Open arielelkin opened 2 years ago

arielelkin commented 2 years ago

I'm trying to obfuscate a universal binary (arm64+x86) for macOS, but running MachObfuscator has no effect. Here's the output:

$ ./foldername/App/MachObfuscator -v ./foldername/App/MyApp.app
Will obfuscate file:///Users/username/MyApp-macOS/foldername/App/MyApp.app/
Looking for dependencies...
WARN: Unable to resolve dylib path /usr/lib/libc++.1.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
WARN: Unable to resolve dylib path /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
WARN: Unable to resolve dylib path /usr/lib/libobjc.A.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/AVFoundation.framework/Versions/A/AVFoundation
WARN: Unable to resolve dylib path /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
WARN: Unable to resolve dylib path /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
WARN: Unable to resolve dylib path /System/Library/Frameworks/Combine.framework/Versions/A/Combine
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreMedia.framework/Versions/A/CoreMedia
WARN: Unable to resolve dylib path /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
WARN: Unable to resolve dylib path /System/Library/Frameworks/Security.framework/Versions/A/Security
WARN: Unable to resolve dylib path /System/Library/Frameworks/ServiceManagement.framework/Versions/A/ServiceManagement
WARN: Unable to resolve dylib path /System/Library/Frameworks/StoreKit.framework/Versions/A/StoreKit
WARN: Unable to resolve dylib path /System/Library/Frameworks/SwiftUI.framework/Versions/A/SwiftUI
WARN: Unable to resolve dylib path /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
WARN: Unable to resolve dylib path /usr/lib/libsqlite3.dylib
WARN: Unable to resolve dylib path /usr/lib/libz.1.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftAVFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftAppKit.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCore.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreAudio.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreData.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreGraphics.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreImage.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreMIDI.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreMedia.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftDarwin.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftDispatch.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftIOKit.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftMetal.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftObjectiveC.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftQuartzCore.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftUniformTypeIdentifiers.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftXPC.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftos.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftsimd.dylib
WARN: Unable to resolve dylib path /usr/lib/libc++.1.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
WARN: Unable to resolve dylib path /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
WARN: Unable to resolve dylib path /usr/lib/libobjc.A.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/AVFoundation.framework/Versions/A/AVFoundation
WARN: Unable to resolve dylib path /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
WARN: Unable to resolve dylib path /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
WARN: Unable to resolve dylib path /System/Library/Frameworks/Combine.framework/Versions/A/Combine
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreMedia.framework/Versions/A/CoreMedia
WARN: Unable to resolve dylib path /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
WARN: Unable to resolve dylib path /System/Library/Frameworks/Security.framework/Versions/A/Security
WARN: Unable to resolve dylib path /System/Library/Frameworks/ServiceManagement.framework/Versions/A/ServiceManagement
WARN: Unable to resolve dylib path /System/Library/Frameworks/StoreKit.framework/Versions/A/StoreKit
WARN: Unable to resolve dylib path /System/Library/Frameworks/SwiftUI.framework/Versions/A/SwiftUI
WARN: Unable to resolve dylib path /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
WARN: Unable to resolve dylib path /usr/lib/libsqlite3.dylib
WARN: Unable to resolve dylib path /usr/lib/libz.1.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftAVFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftAppKit.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCore.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreAudio.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreData.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreGraphics.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreImage.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreMIDI.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreMedia.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftDarwin.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftDispatch.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftIOKit.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftMetal.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftObjectiveC.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftQuartzCore.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftUniformTypeIdentifiers.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftXPC.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftos.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftsimd.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
WARN: Unable to resolve dylib path /usr/lib/libc++.1.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
WARN: Unable to resolve dylib path /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
WARN: Unable to resolve dylib path /usr/lib/libc++.1.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
WARN: Unable to resolve dylib path /usr/lib/libc++.1.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /usr/lib/libc++.1.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
WARN: Unable to resolve dylib path /usr/lib/libobjc.A.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
WARN: Unable to resolve dylib path @rpath/libswiftAppKit.dylib
WARN: Unable to resolve dylib path @rpath/libswiftCloudKit.dylib
WARN: Unable to resolve dylib path @rpath/libswiftCore.dylib
WARN: Unable to resolve dylib path @rpath/libswiftCoreData.dylib
WARN: Unable to resolve dylib path @rpath/libswiftCoreFoundation.dylib
WARN: Unable to resolve dylib path @rpath/libswiftCoreGraphics.dylib
WARN: Unable to resolve dylib path @rpath/libswiftCoreImage.dylib
WARN: Unable to resolve dylib path @rpath/libswiftCoreLocation.dylib
WARN: Unable to resolve dylib path @rpath/libswiftDarwin.dylib
WARN: Unable to resolve dylib path @rpath/libswiftDispatch.dylib
WARN: Unable to resolve dylib path @rpath/libswiftFoundation.dylib
WARN: Unable to resolve dylib path @rpath/libswiftIOKit.dylib
WARN: Unable to resolve dylib path @rpath/libswiftMetal.dylib
WARN: Unable to resolve dylib path @rpath/libswiftObjectiveC.dylib
WARN: Unable to resolve dylib path @rpath/libswiftQuartzCore.dylib
WARN: Unable to resolve dylib path @rpath/libswiftXPC.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
WARN: Unable to resolve dylib path /usr/lib/libobjc.A.dylib
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftAppKit.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCloudKit.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCore.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreData.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreGraphics.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreImage.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftCoreLocation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftDarwin.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftDispatch.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftFoundation.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftIOKit.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftMetal.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftObjectiveC.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftQuartzCore.dylib
WARN: Unable to resolve dylib path /usr/lib/swift/libswiftXPC.dylib
#Looking for dependencies - execution took 0.21558105945587158 seconds
5 obfuscable images
0 obfuscable NIBs
Collecting symbols...
#systemSources - execution took 6.079673767089844e-06 seconds
#userSources - execution took 0.02683401107788086 seconds
#systemHeaderSymbols - execution took 5.3048133850097656e-05 seconds
#Build obfuscation symbols - execution took 0.23432302474975586 seconds
2624 obfuscable selectors
0 obfuscable classes
24824 unobfuscable selectors
12447 unobfuscable classes
Mangling symbols...
2534 mangled selectors
0 mangled classes
Obfuscating file:///Users/username/MyApp-macOS/foldername/App/MyApp.app/Contents/Frameworks/MyAppMiddleware.framework/Versions/A/Frameworks/libMyApp-middleware.dylib
App/Mach+Replacing.swift:67: Fatal error
zsh: illegal hardware instruction  ./foldername/App/MachObfuscator -v ./foldername/App/MyApp.app

Despite the output saying that there "2534 mangled selectors", I can still see them in cleartext if I check the binary on MachOView.

Related to https://github.com/kam800/MachObfuscator/issues/115 ?

arielelkin commented 2 years ago

@kam800 any thoughts?

kam800 commented 2 years ago

Thanks @arielelkin for reporting that.

Look like MachObfuscator crashes:

App/Mach+Replacing.swift:67: Fatal error
zsh: illegal hardware instruction  ./foldername/App/MachObfuscator -v ./foldername/App/MyApp.app

Unfortunately I identified two problems.

First problem MachObfuscator does not recognize new export trie command (LC_DYLD_EXPORTS_TRIE). MachObfuscator currently only recognizes old LC_DYLD_INFO_ONLY command. This involves implementing new export trie format parsing. The simple workaround for this seems to be choosing older Deployment Target: 11.X should does the job.

Second problem These all WARN: Unable to resolve dylib path are caused by system libraries being moved to a single shared dyld cache file. MachObfuscator does not use dyld shared cache in this moment. There is no simple workaround now. I need to implement dyld cache parsing in MachObfuscator.

I will update README.md that MachObfuscator:

I will try to fix both problems, but I can not provide you any timeline.

arielelkin commented 2 years ago

@kam800 thanks for looking into this. Note that our app is already targeting macOS 11.0, so it could be that the issue has to do with some other factor...

kam800 commented 2 years ago

Interesting. I will start with solving the Second problem. I the mean time I will reverify the deployment target workaround. Thank you for writing this.

arielelkin commented 2 years ago

Hello @kam800 any updates on the deployment target workaround?