From 0c0d2e869b54a2dec80dca377c46a9d45441e2eb Mon Sep 17 00:00:00 2001
From: Karmaz95 <karol.mazurek95@gmail.com>
Date: Mon, 23 Sep 2024 19:49:17 +0200
Subject: [PATCH] Uploading sip_check programs.

---
 VIII. Sandbox/custom/sip_check.c  | 43 +++++++++++++++++++++++++++
 VIII. Sandbox/custom/sip_check.py | 48 +++++++++++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 VIII. Sandbox/custom/sip_check.c
 create mode 100644 VIII. Sandbox/custom/sip_check.py

diff --git a/VIII. Sandbox/custom/sip_check.c b/VIII. Sandbox/custom/sip_check.c
new file mode 100644
index 0000000..fa83931
--- /dev/null
+++ b/VIII. Sandbox/custom/sip_check.c	
@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <dlfcn.h>
+
+#define CSR_ALLOW_UNTRUSTED_KEXTS            0x1
+#define CSR_ALLOW_UNRESTRICTED_FS            0x2
+#define CSR_ALLOW_TASK_FOR_PID               0x4
+#define CSR_ALLOW_KERNEL_DEBUGGER            0x8
+#define CSR_ALLOW_APPLE_INTERNAL             0x10
+#define CSR_ALLOW_UNRESTRICTED_DTRACE        0x20
+#define CSR_ALLOW_UNRESTRICTED_NVRAM         0x40
+#define CSR_ALLOW_DEVICE_CONFIGURATION       0x80
+#define CSR_ALLOW_ANY_RECOVERY_OS            0x100
+#define CSR_ALLOW_UNAPPROVED_KEXTS           0x200
+#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE 0x400
+#define CSR_ALLOW_UNAUTHENTICATED_ROOT       0x800
+
+typedef int (*csr_get_active_config_t)(uint32_t *);
+
+void print_sip_flags(uint32_t sip_int) {
+    printf("SIP Configuration Flags:\n");
+    printf("CSR_ALLOW_UNTRUSTED_KEXTS: %s\n", (sip_int & CSR_ALLOW_UNTRUSTED_KEXTS) ? "On" : "Off");
+    printf("CSR_ALLOW_UNRESTRICTED_FS: %s\n", (sip_int & CSR_ALLOW_UNRESTRICTED_FS) ? "On" : "Off");
+    printf("CSR_ALLOW_TASK_FOR_PID: %s\n", (sip_int & CSR_ALLOW_TASK_FOR_PID) ? "On" : "Off");
+    printf("CSR_ALLOW_KERNEL_DEBUGGER: %s\n", (sip_int & CSR_ALLOW_KERNEL_DEBUGGER) ? "On" : "Off");
+    printf("CSR_ALLOW_APPLE_INTERNAL: %s\n", (sip_int & CSR_ALLOW_APPLE_INTERNAL) ? "On" : "Off");
+    printf("CSR_ALLOW_UNRESTRICTED_DTRACE: %s\n", (sip_int & CSR_ALLOW_UNRESTRICTED_DTRACE) ? "On" : "Off");
+    printf("CSR_ALLOW_UNRESTRICTED_NVRAM: %s\n", (sip_int & CSR_ALLOW_UNRESTRICTED_NVRAM) ? "On" : "Off");
+    printf("CSR_ALLOW_DEVICE_CONFIGURATION: %s\n", (sip_int & CSR_ALLOW_DEVICE_CONFIGURATION) ? "On" : "Off");
+    printf("CSR_ALLOW_ANY_RECOVERY_OS: %s\n", (sip_int & CSR_ALLOW_ANY_RECOVERY_OS) ? "On" : "Off");
+    printf("CSR_ALLOW_UNAPPROVED_KEXTS: %s\n", (sip_int & CSR_ALLOW_UNAPPROVED_KEXTS) ? "On" : "Off");
+    printf("CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE: %s\n", (sip_int & CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE) ? "On" : "Off");
+    printf("CSR_ALLOW_UNAUTHENTICATED_ROOT: %s\n", (sip_int & CSR_ALLOW_UNAUTHENTICATED_ROOT) ? "On" : "Off");
+}
+
+int main() {
+    void *libSystem = dlopen("/usr/lib/libSystem.dylib", RTLD_LAZY);
+    csr_get_active_config_t csr_get_active_config = dlsym(libSystem, "csr_get_active_config");
+    uint32_t sip_int = 0;
+    csr_get_active_config(&sip_int);
+    print_sip_flags(sip_int);
+    return 0;
+}
\ No newline at end of file
diff --git a/VIII. Sandbox/custom/sip_check.py b/VIII. Sandbox/custom/sip_check.py
new file mode 100644
index 0000000..0049319
--- /dev/null
+++ b/VIII. Sandbox/custom/sip_check.py	
@@ -0,0 +1,48 @@
+import ctypes
+
+# Define the constants
+CSR_ALLOW_UNTRUSTED_KEXTS            = 0x1
+CSR_ALLOW_UNRESTRICTED_FS            = 0x2
+CSR_ALLOW_TASK_FOR_PID               = 0x4
+CSR_ALLOW_KERNEL_DEBUGGER            = 0x8
+CSR_ALLOW_APPLE_INTERNAL             = 0x10
+CSR_ALLOW_UNRESTRICTED_DTRACE        = 0x20
+CSR_ALLOW_UNRESTRICTED_NVRAM         = 0x40
+CSR_ALLOW_DEVICE_CONFIGURATION       = 0x80
+CSR_ALLOW_ANY_RECOVERY_OS            = 0x100
+CSR_ALLOW_UNAPPROVED_KEXTS           = 0x200
+CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE = 0x400
+CSR_ALLOW_UNAUTHENTICATED_ROOT       = 0x800
+
+# Load the System library
+libSystem = ctypes.CDLL('/usr/lib/libSystem.dylib')
+
+# Define the function prototype
+libSystem.csr_get_active_config.argtypes = [ctypes.POINTER(ctypes.c_uint32)]
+libSystem.csr_get_active_config.restype = ctypes.c_int
+
+def print_sip_flags(sip_int):
+    print("SIP Configuration Flags:")
+    print(f"CSR_ALLOW_UNTRUSTED_KEXTS: {'On' if sip_int & CSR_ALLOW_UNTRUSTED_KEXTS else 'Off'}")
+    print(f"CSR_ALLOW_UNRESTRICTED_FS: {'On' if sip_int & CSR_ALLOW_UNRESTRICTED_FS else 'Off'}")
+    print(f"CSR_ALLOW_TASK_FOR_PID: {'On' if sip_int & CSR_ALLOW_TASK_FOR_PID else 'Off'}")
+    print(f"CSR_ALLOW_KERNEL_DEBUGGER: {'On' if sip_int & CSR_ALLOW_KERNEL_DEBUGGER else 'Off'}")
+    print(f"CSR_ALLOW_APPLE_INTERNAL: {'On' if sip_int & CSR_ALLOW_APPLE_INTERNAL else 'Off'}")
+    print(f"CSR_ALLOW_UNRESTRICTED_DTRACE: {'On' if sip_int & CSR_ALLOW_UNRESTRICTED_DTRACE else 'Off'}")
+    print(f"CSR_ALLOW_UNRESTRICTED_NVRAM: {'On' if sip_int & CSR_ALLOW_UNRESTRICTED_NVRAM else 'Off'}")
+    print(f"CSR_ALLOW_DEVICE_CONFIGURATION: {'On' if sip_int & CSR_ALLOW_DEVICE_CONFIGURATION else 'Off'}")
+    print(f"CSR_ALLOW_ANY_RECOVERY_OS: {'On' if sip_int & CSR_ALLOW_ANY_RECOVERY_OS else 'Off'}")
+    print(f"CSR_ALLOW_UNAPPROVED_KEXTS: {'On' if sip_int & CSR_ALLOW_UNAPPROVED_KEXTS else 'Off'}")
+    print(f"CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE: {'On' if sip_int & CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE else 'Off'}")
+    print(f"CSR_ALLOW_UNAUTHENTICATED_ROOT: {'On' if sip_int & CSR_ALLOW_UNAUTHENTICATED_ROOT else 'Off'}")
+
+def main():
+    sip_int = ctypes.c_uint32(0)
+    result = libSystem.csr_get_active_config(ctypes.byref(sip_int))
+    if result == 0:
+        print_sip_flags(sip_int.value)
+    else:
+        print("Failed to get SIP configuration")
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file