mirror of
https://github.com/Karmaz95/Snake_Apple.git
synced 2026-03-30 14:00:16 +02:00
Uploading sip_check programs.
This commit is contained in:
Karmaz95
43
VIII. Sandbox/custom/sip_check.c
Normal file
43
VIII. Sandbox/custom/sip_check.c
Normal file
@@ -0,0 +1,43 @@
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <dlfcn.h>
|
||||
|
||||
#define CSR_ALLOW_UNTRUSTED_KEXTS 0x1
|
||||
#define CSR_ALLOW_UNRESTRICTED_FS 0x2
|
||||
#define CSR_ALLOW_TASK_FOR_PID 0x4
|
||||
#define CSR_ALLOW_KERNEL_DEBUGGER 0x8
|
||||
#define CSR_ALLOW_APPLE_INTERNAL 0x10
|
||||
#define CSR_ALLOW_UNRESTRICTED_DTRACE 0x20
|
||||
#define CSR_ALLOW_UNRESTRICTED_NVRAM 0x40
|
||||
#define CSR_ALLOW_DEVICE_CONFIGURATION 0x80
|
||||
#define CSR_ALLOW_ANY_RECOVERY_OS 0x100
|
||||
#define CSR_ALLOW_UNAPPROVED_KEXTS 0x200
|
||||
#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE 0x400
|
||||
#define CSR_ALLOW_UNAUTHENTICATED_ROOT 0x800
|
||||
|
||||
typedef int (*csr_get_active_config_t)(uint32_t *);
|
||||
|
||||
void print_sip_flags(uint32_t sip_int) {
|
||||
printf("SIP Configuration Flags:\n");
|
||||
printf("CSR_ALLOW_UNTRUSTED_KEXTS: %s\n", (sip_int & CSR_ALLOW_UNTRUSTED_KEXTS) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_UNRESTRICTED_FS: %s\n", (sip_int & CSR_ALLOW_UNRESTRICTED_FS) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_TASK_FOR_PID: %s\n", (sip_int & CSR_ALLOW_TASK_FOR_PID) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_KERNEL_DEBUGGER: %s\n", (sip_int & CSR_ALLOW_KERNEL_DEBUGGER) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_APPLE_INTERNAL: %s\n", (sip_int & CSR_ALLOW_APPLE_INTERNAL) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_UNRESTRICTED_DTRACE: %s\n", (sip_int & CSR_ALLOW_UNRESTRICTED_DTRACE) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_UNRESTRICTED_NVRAM: %s\n", (sip_int & CSR_ALLOW_UNRESTRICTED_NVRAM) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_DEVICE_CONFIGURATION: %s\n", (sip_int & CSR_ALLOW_DEVICE_CONFIGURATION) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_ANY_RECOVERY_OS: %s\n", (sip_int & CSR_ALLOW_ANY_RECOVERY_OS) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_UNAPPROVED_KEXTS: %s\n", (sip_int & CSR_ALLOW_UNAPPROVED_KEXTS) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE: %s\n", (sip_int & CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE) ? "On" : "Off");
|
||||
printf("CSR_ALLOW_UNAUTHENTICATED_ROOT: %s\n", (sip_int & CSR_ALLOW_UNAUTHENTICATED_ROOT) ? "On" : "Off");
|
||||
}
|
||||
|
||||
int main() {
|
||||
void *libSystem = dlopen("/usr/lib/libSystem.dylib", RTLD_LAZY);
|
||||
csr_get_active_config_t csr_get_active_config = dlsym(libSystem, "csr_get_active_config");
|
||||
uint32_t sip_int = 0;
|
||||
csr_get_active_config(&sip_int);
|
||||
print_sip_flags(sip_int);
|
||||
return 0;
|
||||
}
|
||||
48
VIII. Sandbox/custom/sip_check.py
Normal file
48
VIII. Sandbox/custom/sip_check.py
Normal file
@@ -0,0 +1,48 @@
|
||||
import ctypes
|
||||
|
||||
# Define the constants
|
||||
CSR_ALLOW_UNTRUSTED_KEXTS = 0x1
|
||||
CSR_ALLOW_UNRESTRICTED_FS = 0x2
|
||||
CSR_ALLOW_TASK_FOR_PID = 0x4
|
||||
CSR_ALLOW_KERNEL_DEBUGGER = 0x8
|
||||
CSR_ALLOW_APPLE_INTERNAL = 0x10
|
||||
CSR_ALLOW_UNRESTRICTED_DTRACE = 0x20
|
||||
CSR_ALLOW_UNRESTRICTED_NVRAM = 0x40
|
||||
CSR_ALLOW_DEVICE_CONFIGURATION = 0x80
|
||||
CSR_ALLOW_ANY_RECOVERY_OS = 0x100
|
||||
CSR_ALLOW_UNAPPROVED_KEXTS = 0x200
|
||||
CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE = 0x400
|
||||
CSR_ALLOW_UNAUTHENTICATED_ROOT = 0x800
|
||||
|
||||
# Load the System library
|
||||
libSystem = ctypes.CDLL('/usr/lib/libSystem.dylib')
|
||||
|
||||
# Define the function prototype
|
||||
libSystem.csr_get_active_config.argtypes = [ctypes.POINTER(ctypes.c_uint32)]
|
||||
libSystem.csr_get_active_config.restype = ctypes.c_int
|
||||
|
||||
def print_sip_flags(sip_int):
|
||||
print("SIP Configuration Flags:")
|
||||
print(f"CSR_ALLOW_UNTRUSTED_KEXTS: {'On' if sip_int & CSR_ALLOW_UNTRUSTED_KEXTS else 'Off'}")
|
||||
print(f"CSR_ALLOW_UNRESTRICTED_FS: {'On' if sip_int & CSR_ALLOW_UNRESTRICTED_FS else 'Off'}")
|
||||
print(f"CSR_ALLOW_TASK_FOR_PID: {'On' if sip_int & CSR_ALLOW_TASK_FOR_PID else 'Off'}")
|
||||
print(f"CSR_ALLOW_KERNEL_DEBUGGER: {'On' if sip_int & CSR_ALLOW_KERNEL_DEBUGGER else 'Off'}")
|
||||
print(f"CSR_ALLOW_APPLE_INTERNAL: {'On' if sip_int & CSR_ALLOW_APPLE_INTERNAL else 'Off'}")
|
||||
print(f"CSR_ALLOW_UNRESTRICTED_DTRACE: {'On' if sip_int & CSR_ALLOW_UNRESTRICTED_DTRACE else 'Off'}")
|
||||
print(f"CSR_ALLOW_UNRESTRICTED_NVRAM: {'On' if sip_int & CSR_ALLOW_UNRESTRICTED_NVRAM else 'Off'}")
|
||||
print(f"CSR_ALLOW_DEVICE_CONFIGURATION: {'On' if sip_int & CSR_ALLOW_DEVICE_CONFIGURATION else 'Off'}")
|
||||
print(f"CSR_ALLOW_ANY_RECOVERY_OS: {'On' if sip_int & CSR_ALLOW_ANY_RECOVERY_OS else 'Off'}")
|
||||
print(f"CSR_ALLOW_UNAPPROVED_KEXTS: {'On' if sip_int & CSR_ALLOW_UNAPPROVED_KEXTS else 'Off'}")
|
||||
print(f"CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE: {'On' if sip_int & CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE else 'Off'}")
|
||||
print(f"CSR_ALLOW_UNAUTHENTICATED_ROOT: {'On' if sip_int & CSR_ALLOW_UNAUTHENTICATED_ROOT else 'Off'}")
|
||||
|
||||
def main():
|
||||
sip_int = ctypes.c_uint32(0)
|
||||
result = libSystem.csr_get_active_config(ctypes.byref(sip_int))
|
||||
if result == 0:
|
||||
print_sip_flags(sip_int.value)
|
||||
else:
|
||||
print("Failed to get SIP configuration")
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user