search

meme / apple-tools

A collection of tools for working with Apple software/hardware
The Unlicense
275 stars 29 forks source link

Big Sur 11.3 system error #3

Closed iVoider closed 3 years ago

iVoider commented 3 years ago

I am getting mremap_encrypted: Operation not permitted log
and mremap_encrypted: unable to create decrypter com.apple.unfree + AppleFairplayTextCrypterSession::fairplayOpen() failed messages inside device console.

I'd tried to disable SIP and AMFID, but no any result.

My entitlements look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>-</string>
    <key>com.apple.developer.team-identifier</key>
    <string>-</string>
    <key>com.apple.diagnosticd.diagnostic</key>
    <true/>
    <key>com.apple.frontboard.debugapplications</key>
    <true/>
    <key>com.apple.multitasking.termination</key>
    <true/>
    <key>com.apple.private.cs.debugger</key>
    <true/>
    <key>com.apple.private.security.no-sandbox</key>
    <true/>
    <key>com.apple.private.skip-library-validation</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.debugger</key>
    <true/>
    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    <key>com.apple.springboard.launchapplications</key>
    <true/>
    <key>dynamic-codesigning</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>platform-application</key>
    <true/>
    <key>task_for_pid-allow</key>
    <true/>
</dict>
</plist>

I am launching program like this sudo ./decrypt binary binarydupe with All File Disk and Privacy privellegies.

iVoider commented 3 years ago

As I found this method is dead after 11.2: https://developer.apple.com/forums/thread/672804

meme commented 3 years ago

I'd tried to disable SIP and AMFID, but no any result.

SIP must be enabled

As I found this method is dead after 11.2: https://developer.apple.com/forums/thread/672804

The forum thread you've linked is related to MAP_JIT which is not related to the issue you're experiencing

The kernel source here shows the conditions under which you get EPERM: https://github.com/apple/darwin-xnu/blob/main/bsd/kern/kern_mman.c#L1567. Most likely, this is not a binary that you can decrypt. For example, a binary from the App Store downloaded on your Mac can be decrypted directly from the Applications folder.