目前我正在开发一种可以阻止访问USB存储的小型KEXT。但是当我无法使用kextutil加载我的KEXT时
Code Signing Failure: not code signed
我确实在10.11中关闭了SIP
System Integrity Protection status: disabled.
请帮忙。我不知道该怎么办!谢谢。
我为这些简单的步骤和文档做了很长时间的研究,我在这里为像我这样的人列出它。
在执行此过程之前,请禁用SIP
关闭它并通过按下命令+ R按钮启动它,直到苹果徽标出现,启动恢复模式的Mac。打开终端应用程序并输入以下命令
这些是使用root访问权限来处理kext,将其所有权更改为wheel,检查osbundlelibraries的依赖性以及检查kext是否可加载的重要命令。
sudo cp -R
sudo chown -R root:wheel
sudo kextlibs -xml //检查ospundlelibrary文件是否存在于info plist中
sudo kextutil -n -t //检查kext并记录kext是否可加载
sudo kextutil -n //检查kext并记录kext是否可加载
sudo kextutil //检查kext并记录kext是否可加载
sudo kextload //如果内核不生成恐慌,则加载你的kext
sudo kextunload //卸载你的kext
重要的网址
https://people.sissa.it/~inno/pubs/skb-reduced.pdf
https://github.com/objective-see/LuLu
https://objective-see.com/blog/blog_0x0B.html
https://developer.apple.com/library/archive/navigation/index.html#section=Technologies&topic=Kernel
http://dbmanagement.info/Books/MIX/OS_X_and_iOS_Kernel_Programming.pdf
https://github.com/slavaim/MacOSX-Network-Sockets-Filter
https://www.blackhat.com/us-18/presenters/Yu-Wang.html
内核控制/事件api用法
https://www.synack.com/2015/12/13/monitoring-process-creation-via-the-kernel-part-iii/
最好的工作模式
https://github.com/LawlietRyuzakiCode/NKETest
http://hitcon.org/2013/download/[B1]%20Pedro_HiTCON%202013%20Presentation_v2.pdf
https://github.com/changpingc/kernet
IMP数据包创建源enderunix Packet Creation Source
https://github.com/robbiehanson/CocoaAsyncSocket/tree/master/Examples/GCD
https://tools.ietf.org/html/rfc7230
https://developer.apple.com/documentation/security/certificate_key_and_trust_services?language=objc
http://openssl.cs.utah.edu/docs/apps/x509v3_config.html
https://docs.mitmproxy.org/stable/concepts-howmitmproxyworks/
http://technologeeks.com/course.jl?course=OSXRE
https://www.fastcompany.com/3042030/the-huge-web-security-loophole-that-most-people-dont-know-about-and-how-its-be
https://stackoverflow.com/questions/589622/how-does-a-root-ca-verify-a-signature
https://deliciousbrains.com/https-locally-without-browser-privacy-errors/
https://rednaga.io/2017/04/09/remote_kext_debugging/
http://www.robertopasini.com/index.php/2-uncategorised/628-osx-packaging-a-kernel-extension-for-distribution-and-installation
http://ddeville.me/2015/08/using-the-vmware-fusion-gdb-stub-for-kernel-debugging-with-lldb
https://objective-see.com/blog.html
https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KEXTConcept/KEXTConceptDebugger/debug_tutorial.html
https://forums.macrumors.com/threads/turn-off-verbose-bootup.1247361/
https://adimitrov.net/main/code/code/raw_packet.c
http://www.enderunix.org/docs/en/rawipspoof/
https://www.eit.lth.se/ppplab/IPHeader.htm#TOS,%20Type%20of%20Service
https://www.tenouk.com/download/pdf/Module39.pdf
https://developer.apple.com/library/archive/documentation/DeviceDrivers/Conceptual/IOKitFundamentals/HandlingEvents/HandlingEvents.html#//apple_ref/doc/uid/TP0000018-BAJFFJAD
https://github.com/slavaim/MacOSX-Network-Sockets-Filter
https://www.blackhat.com/us-18/arsenal.html#learn-how-to-build-your-own-utility-to-monitor-malicious-behaviors-of-malware-on-macos
https://developer.apple.com/documentation/networkextension?language=objc
https://github.com/TrustRouter/TrustRouter/blob/master/client/kernelmode/MacOS/trustrouter/trustrouter.c
https://github.com/LawlietRyuzakiCode/NKETest/blob/master/TestFilter/TestFilter/TestFilter.c
https://objective-see.com/blog/blog_0x0B.html
http://www.ragingmenace.com/software/menumeters/
https://people.sissa.it/~inno/pubs/skb-reduced.pdf
http://haifux.org/lectures/122/FreeBSD_kernel_networking.pdf
http://www.zytrax.com/books/dns/ch15/
备用数据包前进和检查
sudo lsof -iTCP -sTCP:LISTEN -n -P
netstat -a -n
sudo pfctl -s nat
sudo pfctl -F all -f /etc/pf.conf
echo“rdr pass inet proto tcp from any to any 80> - 127.0.0.1 port 8080 rdr pass inet proto tcp from any to any port 443 - > 127.0.0.1 port 8443”| sudo pfctl -ef -
上网机
sudo tcpdump -i en0 -p -vv -A ip and host 192.168.1.92
sudo tcpdump -i en0 -p -vv -A ip
sudo tcpdump -i en0 -p -vv -A ip and net 192.0.2.0/24