-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alternatives for injection #11
Comments
It's likely it would work, yes. You'd lose the ability to inject into a running process, but maybe that's not such a big deal. You also could not inject into any SIP protected applications (so nothing in /Applications that's signed by Apple, but again, probably not a big deal). The most annoying part is that the mechanism for changing and querying things like which buffer to publish and x/y/width/height relies upon the OSAScript injection, so that would have to be completely redone. |
Ah. I'm a software engineer, but this isn't my area of expertise. I'm just looking for the right avenue to attack this. It seems this wouldn't work out so great either. it seems that SIP also kills DYLD_INSERT_LIBRARIES usage. I thought SIP was enabled system wide, even for apps outside of /Applications (such as steam games). I'm wondering if some sort of kext is needed to get past these issues. |
SIP doesn't kill DYLD_INSERT_LIBRARIES for all applications, only protected ones. You can see if a particular file/binary is protected via ls -alO, it should show 'restricted' in the ls output. It more or less only protects binaries apple ships with the system. You can see this is the case if you copy something like /usr/bin/ruby to your home directory, and then run it with a DYLD_* environment variable. It'll still be in that process's environment, but NOT if you use /usr/bin/ruby. The biggest issue is that things like /usr/bin/sh are protected and will have those variables stripped upon execution. If the program you're trying to inject into uses some sort of shell script wrapper (or python, ruby etc) you're going to have to go muck around to get that to work. A kext could solve the issue, but there's no way anyone is going to be able to produce a signed kext that does this. Kext signing requires special permission from Apple, and they require you to explain what the extension does. If they find your developer cert is distributing a kext that basically allows arbitrary code injection globally they're going to just revoke your certificate. You could distribute an unsigned kext, but that requires users to go and disable parts of SIP anyways. Might as well have them disable the bit that stops SyphonInject from working instead. Ideally apple would have an API like CGDisplayStream, but for individual windows. There's kind of an private API for this, but it's built around CALayers and I've yet to make it work with rendering to an arbitrary surface (I think the rendering is internal to window server so it can't be off-screen rendered like a traditional layer) |
Could we perhaps use DYLD_INSERT_LIBRARIES for injecting the server into a binary. By providing a dylib that "overrides" a function that you know is called in the application and called early before opengl is used?
I'm thinking of steamlib and
SteamAPI_Init
as an example.This is a callback to the old LD_PRELOAD thats always existed on unix for the same purpose.
The text was updated successfully, but these errors were encountered: