From 7c2231ec8d1c2a532c1b4773927fff3760c1908f Mon Sep 17 00:00:00 2001
From: Karmaz95 <karol.mazurek95@gmail.com>
Date: Mon, 25 Mar 2024 08:42:22 +0100
Subject: [PATCH]

---
 VI. AMFI/python/CrimsonUroboros.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/VI. AMFI/python/CrimsonUroboros.py b/VI. AMFI/python/CrimsonUroboros.py
index 20c91e4..879b92b 100755
--- a/VI. AMFI/python/CrimsonUroboros.py	
+++ b/VI. AMFI/python/CrimsonUroboros.py	
@@ -2253,15 +2253,29 @@ class SnakeVI(SnakeV):
     def printStickyBit(self):
         print(f'STICKY: {self.hasStickyBit()}')
 
+    def hasAllowDEV(self, file_path):
+        '''
+            Checks if the binary has com.apple.security.cs.allow-dyld-environment-variables.
+            This allow for Dyld Environment Variables.
+        '''
+        if self.checkIfEntitlementIsUsed('com.apple.security.cs.allow-dyld-environment-variables', 'true', file_path):
+            return True
+
+        return False
+
     def checkDyldInsertLibraries(self):
         ''' Check if binary is vulnerable to code injection using DYLD_INSERT_LIBRARIES. '''
         cs_flags = self.getCodeSignatureFlags()
-        if cs_flags & 0x12800:
+        if cs_flags & 0x2800:
             return False
 
         if self.hasSetUID() or self.hasSetGID() or self.hasRestrictSegment():
             return False
 
+        has_insecure_entitlements_combination = self.hasDisableLibraryValidationEntitlement(self.file_path) and self.hasAllowDEV(self.file_path)
+        if (cs_flags & 0x10000) and (not has_insecure_entitlements_combination):
+            return False
+
         return True
 
     def printCheckDyldInsertLibraries(self):