Clover General discussion

[apianti]

Guys, an update. With the latest AptioFix, I get a freeze regardless of slide value.

 

Give me your memmap from shell after clover GUI.

 

@apianti

I have done a minimal sort of empiric debug on my system

With latest aptiofix2 and emuvariable64uefi driver installed I can boot with or without any slide parameters

deleting emuvariable64uefi I can boot only with slida=128 or greater

without it compares error "does printf work?"

 

for the sake of test I have also used a old aptiofix2 and it has same beahviour

 

I have no installed RCscript on any volume

 

obviously Nvram does not work after resetting my system

 

My method for determining the slide is flawed. It is not calculated that way, please give me your memmap after clover GUI and I will calculate it for you.

[Cyberdevs]

 

Use it? Also, AptioFix2.

If I use CsrConfig 0x0 I get the black screen on my 1070 GPU.

System only boots if I disable SIP partially or completely.

 

I guess it has to do something with the NVWebDriverLibValFix.kext not being loaded with SIP being enabled but I also had no luck using NVidiaGraphicsFixUp.kext either.

 

With previous AptioDrvFix2 driver I was able to boot into macOS with CsrConfig set to 0x0.

[apianti]

If I use CsrConfig 0x0 I get the black screen on my 1070 GPU.

System only boots if I disable SIP partially or completely.

 

I guess it has to do something with the NVWebDriverLibValFix.kext not being loaded with SIP being enabled but I also had no luck using NVidiaGraphicsFixUp.kext either.

 

With previous AptioDrvFix2 driver I was able to boot into macOS with CsrConfig set to 0x0.

 

Yeah that makes sense that it's preventing a non-signed kext from loading when sip is enabled. That's what it's supposed to do. It was not working correctly before as I had speculated. Inject the kext or allow unsigned kexts (0x1).

[mhaeuser]

Yeah that makes sense that it's preventing a non-signed kext from loading when sip is enabled. That's what it's supposed to do. It was not working correctly before as I had speculated. Inject the kext or allow unsigned kexts (0x1).

Injected kexts and kexts in cache are not affected by the signature verification.

Might be RTShims lands somewhere in the way, maybe change it to All9catePagesFromTop?

[apianti]

Injected kexts and kexts in cache are not affected by the signature verification.

Might be RTShims lands somewhere in the way, maybe change it to All9catePagesFromTop?

 

Why I suggested he injected the kext instead. Otherwise it has to be added to the cache though. Also pretty sure if you change SIP it tries to rebuild the cache during boot. He also said that it works if he partially or fully disables sip, which means that it's probably just sip preventing the kext from loading.... Just going with easiest cause for now. Then we'll move on to code fixes.

 

EDIT: Though maybe we probably do want to allocate those shims as high as possible regardless....

[mhaeuser]

Why I suggested he injected the kext instead. Otherwise it has to be added to the cache though. Also pretty sure if you change SIP it tries to rebuild the cache during boot. He also said that it works if he partially or fully disables sip, which means that it's probably just sip preventing the kext from loading.... Just going with easiest cause for now. Then we'll move on to code fixes.

Hmm, indeed I never checked if changing SIP flushes the cache, good point.

[Balamut]

Give me your memmap from shell after clover GUI.

 

 

My method for determining the slide is flawed. It is not calculated that way, please give me your memmap after clover GUI and I will calculate it for you.

 

 

Here you go.memmap.txt

[apianti]

Here you go.

Available  0000000000100000-00000000657F9FFF 00000000000656FA 000000000000000F 

Oh, come on, man! You can literally pick any slide, that is not encouraging. Did you try not setting it at all or slide=0? What slide values did you use? What other stuff are you using drivers/injection/etc? What is your board and CPU?

[Cyberdevs]

Yeah that makes sense that it's preventing a non-signed kext from loading when sip is enabled. That's what it's supposed to do. It was not working correctly before as I had speculated. Inject the kext or allow unsigned kexts (0x1).

The wired thing is when I fully enable SIP all other kexts can load with clover but it only prevents the NVWebDriverLibValFix.kext or nVidiaGraphicsFixUp. I'll check the same CsrConfig 0x0 on my other Hack with an AMD GPU and see I can get it to work with the new AptioDrvFix or not.

 

In the meanwhile just to let you know I also tried to clean the NVRAM, Kext Cache and the prelinkedKernel before changing the AptioDrvFix but no luck either.

[apianti]

The wired thing is when I fully enable SIP all other kexts can load with clover but it only prevents the NVWebDriverLibValFix.kext or nVidiaGraphicsFixUp. I'll check the same CsrConfig 0x0 on my other Hack with an AMD GPU and see I can get it to work with the new AptioDrvFix or not.

 

In the meanwhile just to let you know I also tried to clean the NVRAM, Kext Cache and the prelinkedKernel before changing the AptioDrvFix but no luck either.

 

You got what I said right? Those kexts aren't signed so they won't be allowed to be loaded into the cache without at least allowing unsigned kexts, CsrConfig=0x1. If you want to enable SIP fully then inject the kexts instead. And you are using AptioFix2 right? AptioFix probably won't give good results anymore.

[Cyberdevs]

You got what I said right? Those kexts aren't signed so they won't be allowed to be loaded into the cache without at least allowing unsigned kexts, CsrConfig=0x1. If you want to enable SIP fully then inject the kexts instead. And you are using AptioFix2 right? AptioFix probably won't give good results anymore.

Yes I get it, I'm using the new AptioFix2 from the Clover r4396 and I know that if the SIP is fully disabled it won't let any unsigned kexts to be loaded.

 

Here's what I don't get. Are AppleALC, FakeSMC, and Lilu properly signed? If not how come they get loaded while nVidiaGraphicsFixup or NVWebDriverLibValFix.kext can't get loaded by macOS?

 

I inject the kexts via Clover and they are all in the "Other" folder and InjectKexts are Set to yes on SystemParametes.

[apianti]

Yes I get it, I'm using the new AptioFix2 from the Clover r4396 and I know that if the SIP is fully disabled it won't let any unsigned kexts to be loaded.

 

Here's what I don't get. Are AppleALC, FakeSMC, and Lilu properly signed? If not how come they get loaded while nVidiaGraphicsFixup or NVWebDriverLibValFix.kext can't get loaded by macOS?

 

I inject the kexts via Clover and they are all in the "Other" folder and InjectKexts are Set to yes on SystemParametes.

 

No those aren't signed, I don't think.... Wait so it's already being injected and not being loaded? Are you sure? You did a kextstat and it was not loaded? Or you just having issues that those kexts were previously fixing? Your log say they are being injected properly? Also try turning on KernelAndKextPatches/Debug=true, to make sure there is nothing happening when it's being injected.

 

EDIT: I think you mean enabled. CsrConfig=0x0 is enabled. CsrConfig=0x67 is disabled. Other values partially disable something.

[Cyberdevs]

No those aren't signed, I don't think.... Wait so it's already being injected and not being loaded? Are you sure? You did a kextstat and it was not loaded? Or you just having issues that those kexts were previously fixing? Your log say they are being injected properly? Also try turning on KernelAndKextPatches/Debug=true, to make sure there is nothing happening when it's being injected.

 

EDIT: I think you mean enabled. CsrConfig=0x0 is enabled. CsrConfig=0x67 is disabled. Other values partially disable something.

That's what I thought also, all other kexts aren't signed either, the problem is that I can't run kextstat because I'm dealing with the black screen issue, but I can do some more test with my other rig which has an AMD GPU and it's not affected with the black screen issue and make sure that they get injected properly if I fully enable SIP with the CsrConfig=0x0 and report back.

 

I'll let you know how it worked out when I get back home.

 

Thanks a lot for your time and efforts and your precious input.

[apianti]

That's what I thought also, all other kexts aren't signed either, the problem is that I can't run kextstat because I'm dealing with the black screen issue, but I can do some more test with my other rig which has an AMD GPU and it's not affected with the black screen issue and make sure that they get injected properly if I fully enable SIP with the CsrConfig=0x0 and report back.

 

I'll let you know how it worked out when I get back home.

 

Thanks a lot for your time and efforts and your precious input.

 

I imagine you'll be able to boot even if it's not injected, since it shouldn't affect your AMD GPU. But kind of leads me to think that maybe the driver itself is causing a problem. Have you tried not using it? Do you also get black screen??

[Cyberdevs]

I imagine you'll be able to boot even if it's not injected. But kind of leads me to think that the driver itself is causing a problem. Have you tried not using it? Do you also get black screen??

The problem starts right after I install the nVidia WebDrivers I'm not sure if I enable SIP I'll be able able to boot into macOS or not I'll do another clean install before installing the web drivers and see if I can boot into macOS with CsrConfig=0x0 and let you know how it goes.

[apianti]

Man, I just realized that we could seriously devastate a whole fleet of macs with a USB drive and physical access...................................... I mean so that no one would notice but we could have total access to everything that's done on the machine. I actually got that weird feeling in my stomach, because I was about to write a kernel attack in the other thread, and was like WTF am I doing.   

[Cyberdevs]

Man, I just realized that we could seriously devastate a whole fleet of macs with a USB drive and physical access...................................... I mean so that no one would notice but we could have total access to everything that's done on the machine. I actually got that weird feeling in my stomach, because I was about to write a kernel attack in the other thread, and was like WTF am I doing.   

What do you mean?

How we can do that? Care to explain?

[apianti]

What do you mean?

How we can do that? Care to explain?

 

First, no, lol. Second, macs don't have secure boot so you can run any EFI application, either through bootcamp or by making it think it's an installer with boot.efi... Once you are there you can pretty much carry out a ton of attacks on the OS. And I almost wrote it out anyway.... JEEEEEEEEEEEEEEZZZZZZZZZZZZ.

 

EDIT: Trying to trick me into giving you the goods to put porn on your boss' computer.

 

EDIT2: I guess technically any firmware not using secure boot can be attacked like this but only macOS doesn't support using it, and it doesn't exist in macs firmware at all. Making it more vulnerable. I guess hacks are too since we have to boot without secure boot, although we tried to get secure boot working. It might, I haven't tried in years lol. But it involves signing a bunch of EFI modules....

 

EDIT3: Meant secure not safe, added some more info to previous edit.

EDIT4: It autocorrect secure to safe in my addition. Screw my phone.

EDIT5: "It autocorrect" Man it is amazing at just changing words I already typed and moved onto the next into nonsense, and it's not even enabled. My phone is such a POS that it does not allow disabling autocorrect even if you disable it....

[Funky frank]

Yeah I used that installer, bro. And your provided aptiofix2.

[Cyberdevs]

First, no, lol. Second, macs don't have safe boot so you can run any EFI application, either through bootcamp or by making it think it's an installer with boot.efi... Once you are there you can pretty much carry out a ton of attacks on the OS. And I almost wrote it out anyway.... JEEEEEEEEEEEEEEZZZZZZZZZZZZ.

 

EDIT: Trying to trick me into giving you the goods to put porn on your boss' computer.

 

EDIT2: I guess technically any firmware not using safe boot can be attacked like this but only macOS doesn't support using it.

LOL    You got me

 

By "macs don't have safe boot" I assume you mean Secure Boot?! Right?

[apianti]

Yeah I used that installer, bro. And your provided aptiofix2.

 

I meant the AptioFix2 is also in that package. You don't need to use the one I uploaded in fact that one in the package is probably better optimized.

 

LOL    You got me

 

By "macs don't have safe boot" I assume you mean Secure Boot?! Right?

 

Yeah, stupid autocorrect. I was too lazy to walk four feet to my computer so I used my phone...

 

EDIT: I have now gone to my computer because my phone is the worst. Now back to bed since I made this edit and feel terrible.

[Cyberdevs]

My interest in the subject is because I have lots of clients with Mac computers and I would like to keep them as safe as I can.

 

I don't need to run a kernel attack on my bosses computer to put sth on his/her Mac I already have their passwords

 

and you're right about Apple lacking the secure boot feature but there are some rumors that apple is going to implement a security chip in their Macs to improve the security on their products.

[apianti]

My interest in the subject is because I have lots of clients with Mac computers and I would like to keep them as safe as I can.

 

I don't need to run a kernel attack on my bosses computer to put sth on his/her Mac I already have their passwords

 

and you're right about Apple lacking the secure boot feature but there are some rumors that apple is going to implement a security chip in their Macs to improve the security on their products.

 

Don't let people you don't know with USB keys get onto your macs, that's the only way to keep them safe. I think you can still boot from a USB if FV2 is enabled but you won't be able to access the disk without unlocking it. That does not mean that it still can't be defeated but that's definitely the best defense on a mac. And technically they already have a security chip, SMC, but it's defeatable. They used to have a TPM chip in the first models that used Intel, but TPM chips are also defeatable. Secure boot with a TPM is pretty much unbreakable, probably don't really need the TPM but it makes it a hardware solution so it can't be side-channeled, like all these recent exploits that have been coming out. TPMs can also be used to encrypt disks. However, that's irrelevant if you can run whatever code you want in EFI environment. You can reverse engineer any chip, we reverse engineer pretty much everything to get hackintoshs to work. That's probably all I need to say because I don't want to actually describe an exploit.

 

EDIT: I used to have everyone's password too, and an app that allowed me to change or force them to change it. If someone was pissing me off, I would be like, "I swear I will change your password if you make me mad." Always immediately nice.... Totally would get fired for that though.... They're dumb.

 

EDIT2: I have no idea why my mind is all Mojo Jojo all the sudden but I think you can defeat FV2 as well.... Does mac firmware support Driver#### NVRAM variables?

[mhaeuser]

First, no, lol. Second, macs don't have secure boot so you can run any EFI application, either through bootcamp or by making it think it's an installer with boot.efi... Once you are there you can pretty much carry out a ton of attacks on the OS. And I almost wrote it out anyway.... JEEEEEEEEEEEEEEZZZZZZZZZZZZ.

 

EDIT: Trying to trick me into giving you the goods to put porn on your boss' computer.

 

EDIT2: I guess technically any firmware not using secure boot can be attacked like this but only macOS doesn't support using it, and it doesn't exist in macs firmware at all. Making it more vulnerable. I guess hacks are too since we have to boot without secure boot, although we tried to get secure boot working. It might, I haven't tried in years lol. But it involves signing a bunch of EFI modules....

 

EDIT3: Meant secure not safe, added some more info to previous edit.

EDIT4: It autocorrect secure to safe in my addition. Screw my phone.

EDIT5: "It autocorrect" Man it is amazing at just changing words I already typed and moved onto the next into nonsense, and it's not even enabled. My phone is such a POS that it does not allow disabling autocorrect even if you disable it....

UEFI SB works in custom mode and the iMac Pro introduced Apple SB

[apianti]

UEFI SB works in custom mode and the iMac Pro introduced Apple SB

 

Yeah, that is cool too because it's way better than regular UEFI secure boot. It let's you lock down booting externally, and booting only to the currently active OS.

 

EDIT: You mean that secure boot with clover works?

 

EDIT2: Ewwww.... Although I didn't realize it stored your machines identification in the cloud and you need to connect to Apple in order to boot if you select locking to the currently active OS.... Yikes. Hope you don't lose internet.