BuXb Posted August 25, 2019 Share Posted August 25, 2019 hey Andy. Oh my, I didn't know. Hopefully you only lost digital bytes in that mishap back then. Slaap lekker Link to comment Share on other sites More sharing options...
Andy Vandijck Posted August 26, 2019 Author Share Posted August 26, 2019 3 hours ago, BuXb said: hey Andy. Oh my, I didn't know. Hopefully you only lost digital bytes in that mishap back then. Slaap lekker Yes, somebody stole my USB stick with the sources and wiped it clean. By the time I knew who all data was lost. Link to comment Share on other sites More sharing options...
Andy Vandijck Posted September 23, 2019 Author Share Posted September 23, 2019 (edited) I updated the sources of the decompkernelcache tool. Now it can do the following things with the prelinked kernel and its data: - Uncompress prelinked kernel (package with drivers inside) - Extract kernel (repackage possible with kextcache, kernel only) - Extract kexts (including original folder source directory) - List kexts - Extract combined Info.plist resource - Recompress uncompressed prelinked kernel to LZVN/LZSS It can do this with prelinked kernel caches compressed with LZSS and LZVN. It can also extract already decompressed prelinked kernel cache binaries. It is also possible to specify an architecture to extract (in case of a multi architecture prelinked kernel cache). It works with any version of the OS X kernel cache (It works for 32 and 64 bit, extracting all). I tested it on a prelinked kernel of iOS also, it was able to do this to an iPhone 4S prelinked kernel too. (32-bit ARM) It works on Mac OS X prelinked kernel data with any version or architecture (32/64-bit works, can extract Big Endian data so if you manage to have a PowerPC prelinked kernel it can handle them too). It should be able to handle any architecture and any Darwin deployment target. So if you have a decrypted prelinked kernel of iOS, Mac OS X, Apple TV (both Intel and ARM), Watch OS and any other like the HomePod OS you can use this tool on them too. Update (V2.1): Added WIN32 and WIN64 version (compiled with MingW-w64 for i386 and x86_64). I used Apple's WebKitSupport library (for the CoreFoundation library) and a win32 port of libdispatch. The binaries for CoreFoundation support came from iTunes's Apple Application Support installer (both 32 bit and 64 bit). They are included. It's adapted to work with Visual Studio too but needs a VC project edit as I only have a MacBook Air (without Windows on it). I tested it on someone's computer and it works fine. Update (V2.2): Minor bug fixes. Will do WIN32 and WIN64 version a bit later. Update (V2.2 Windows): Added WIN32 and WIN64 version. Update (V2.2 Linux): Added Linux version (post below, x86_64 and i386). Other architectures are also supported and require libraries and bison below: To build it you need a recent ICU4C (http://site.icu-project.org/download). My own build of lib dispatch (https://github.com/vampirecat35/libdispatch). My own corrected build of CoreFoundation lite for Linux (https://github.com/vampirecat35/CoreFoundation-Lite-Linux). bison-2.4.1 which is specific because of IOCFUnserialize.yacc (https://ftp.gnu.org/gnu/bison/bison-2.4.1.tar.bz2). Update (V2.2 iOS/WatchOS/AppleTVOS): Added 32-bit and 64-bit versions for iOS, WatchOS and AppleTVOS (post below). Update (V2.2 Android): Added ARMV7 Android version (post below). Added AARCH64 (ARM64) Android version (post below). Added I686 Android version (post below). Added X86_64 Android version (post below). Update (V2.2 Visual Studio 2019): Added X86 VS2019 Windows version (post below). Added X64 VS2019 Windows version (post below). I also optimised the code a little (No more warnings, not even for 32-bit builds). Update (V2.3 OS X): Added kernel cache recompression support from uncompressed prelinked kernel. Added macOS 11 version (x86_64 and arm64). Added Windows version (VS2019 X86_64 and I386, Mingw32, Mingw64). Added iOS/AppleTVOS/WatchOS versions. *Requires MobileTerminal app* Added Linux versions. Added Android versions. * NOTE: Copies are available also on GitHub... Enjoy Added Ubuntu 23.04 version download on GitHub repo (x86_64 and i386) Added GitHub repo on my secondary account: https://github.com/vampirecat35/decompkernelcache decompkernelcache_macOS.zip Edited June 11, 2023 by Andy Vandijck 5 2 Link to comment Share on other sites More sharing options...
nekton Posted October 23, 2019 Share Posted October 23, 2019 Is there a guide anywhere for using this tool on a 10.11 installation on a late-2011 MBA? Link to comment Share on other sites More sharing options...
Andy Vandijck Posted November 26, 2019 Author Share Posted November 26, 2019 (edited) I updated AnVMSR so it would work on Catalina. - It can read and write MSR register. - It can read and write the TSC. - It can read and write the PMC. Enjoy EDIT: Little code fix. I tested the module, it works... AnVMSR.zip Edited November 26, 2019 by Andy Vandijck 9 2 Link to comment Share on other sites More sharing options...
nekton Posted November 26, 2019 Share Posted November 26, 2019 Can someone describe which files from the zip go where in the macOS file system? Link to comment Share on other sites More sharing options...
Andy Vandijck Posted December 1, 2019 Author Share Posted December 1, 2019 On 11/26/2019 at 10:16 PM, nekton said: Can someone describe which files from the zip go where in the macOS file system? The kext goes to /Library/Extensions The anvmsr binary goes to /usr/local/bin Link to comment Share on other sites More sharing options...
roswellian Posted December 19, 2019 Share Posted December 19, 2019 Wonder if someone can make voltageshift work again under catalina... Link to comment Share on other sites More sharing options...
Andy Vandijck Posted January 21, 2020 Author Share Posted January 21, 2020 I've updated AnyAppleUSBMouse for Catalina. It requires 4 changes to the idProduct (Product ID) and idVendor (Vendor ID) to work. Enjoy AnyAppleUSBMouse.kext.zip 7 Link to comment Share on other sites More sharing options...
erickwok Posted February 29, 2020 Share Posted February 29, 2020 Seems that it doesn't work for me. Am I place my Product ID and Vendor ID in the right place? My Product ID is 1359 in decimal and my Vendor ID is 2522. So I place them into IOKitPersonalities ├── Fake_Apple_Mouse_Device │ ├── idProduct │ └── idVendor ├── Fake_Apple_Mouse_Interface │ ├── idProduct │ └── idVendor ├── WiredMouse-any │ ├── idProduct │ └── idVendor └── WiredMouseAccel-any ├── idProduct └── idVendor Now in System Report I got Apple Inc. but not in system preference. Info.plist Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 6, 2020 Author Share Posted April 6, 2020 I decided to extract the immutablekernel for Catalina 10.15.3. I had to add a FAT header but it extracts just fine. Thanks to this we have the kernel and kexts for the immutablekernel. The info dictionary and lists are also included. Needs further study if it contains extras compared to the prelinkedkernel. Maybe we can find out what those .im4m files (for example immutablekernel.x589iclydev.im4m) are thanks to this. Enjoy immutablekernel.zip 4 1 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 14, 2020 Author Share Posted April 14, 2020 (edited) I've updated my AppleUSBMergeNub to new algorithms. Now it has fully building on Mac OS X Catalina support. Attached below (and some screenshots). AppleUSBMDI.zip AppleUSBMDI.kext.zip AppleUSBMDI-new.zip Edited January 29, 2021 by Andy Vandijck 1 2 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 20, 2020 Author Share Posted April 20, 2020 I used the corrected version of my decompkernelcache (V2.2) to extract these. The files are attached below. I skipped the IM4M part until complzss. Enjoy iPhoneSE_Release_n51_Kernel.zip 2 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 22, 2020 Author Share Posted April 22, 2020 (edited) Added completely debugged Mac OS X, Windows 32-bit and Windows 64-bit version. Everything works now on any type of prelinked kernel or kernel cache. What it also can do is extract an uncompressed prelinked kernel or kernel cache binary. Enjoy Edited April 22, 2020 by Andy Vandijck Link to comment Share on other sites More sharing options...
Andy Vandijck Posted April 30, 2020 Author Share Posted April 30, 2020 I've bundled Cardpeek 0.8.5 with a modern version of GTK3. I also improved the CCID driver for OS X. I also made an NFC reader driver for OS X. I improved the Belgian EID apps and drivers. Sources for the Belgian EID stuff: https://github.com/vampirecat35/eid-mw Other download for the Belgian EID binaries: https://github.com/vampirecat35/eid-mw-osx Binaries are attached and ready. Enjoy cardpeek.zip eid-mw-osx.zip 2 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted May 3, 2020 Author Share Posted May 3, 2020 (edited) Linux x86_64 version and needed .so libraries (made on Ubuntu 20.0.4 LTS). Enjoy EDIT: Updated version with latest CoreFoundation that will ever be available for Linux and newer version of Ubuntu. decompkernelcache_linux_x86_64.zip Edited August 17, 2020 by Andy Vandijck Link to comment Share on other sites More sharing options...
Andy Vandijck Posted May 3, 2020 Author Share Posted May 3, 2020 (edited) Linux i386 version and needed .so libraries (made on Ubuntu 16.0.4 LTS). Enjoy decompkernelcache_linux_i386.zip Edited August 17, 2020 by Andy Vandijck Link to comment Share on other sites More sharing options...
Andy Vandijck Posted May 3, 2020 Author Share Posted May 3, 2020 (edited) Added ARMV7 iOS 32-bit version. Added ARM64 iOS 64-bit version. Added ARMV7K WatchOS 32-bit version. Added ARM64_32 WatchOS 64-bit version. Added AppleTVOS 64-bit version. Needed certificate that you need to install on your iPhone/iWatch/AppleTV is included. A terminal app is required. Enjoy decompkernelcache_iOS.zip Apple Development_ catvampire35@gmail.com (VC2F3CGZ22).cer.zip Edited August 16, 2020 by Andy Vandijck Link to comment Share on other sites More sharing options...
Andy Vandijck Posted May 9, 2020 Author Share Posted May 9, 2020 (edited) Added Android versions. ARMV7 Android version. AARCH64 Android version. X86_64 Android version. I686 Android version. A terminal app is required. Enjoy EDIT: Added new Android CoreFoundation Lite version (CF-1153.18). The changes are on the GitHub repo. EDIT2: Fixed CoreFoundation Lite version (CF-1153.18) for Linux build. Binaries I did not build but are compatible with versions above (tested on Ubuntu). EDIT3: V2.3 version. decompkernelcache_android.zip Edited August 18, 2020 by Andy Vandijck Link to comment Share on other sites More sharing options...
Andy Vandijck Posted May 16, 2020 Author Share Posted May 16, 2020 I've built and bundled ophcrack version 3.8.0 for Catalina. Enjoy Windows password cracking ophcrack.zip 1 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted May 17, 2020 Author Share Posted May 17, 2020 (edited) MinGW32 / MinGW64 version. Visual Studio 2019 version. X86 build. X64 build. ARM version could be added with some time (needs CoreFoundation Windows ARM build). I also did some minor code fixes. decompkernelcache_windows.zip Edited August 16, 2020 by Andy Vandijck Link to comment Share on other sites More sharing options...
zygzak Posted June 4, 2020 Share Posted June 4, 2020 (edited) Hello Andy, I was looking at this and older version in order to change 0x199H (multiplier) register on my mac. Most of other registers (for example turbo) work fine but this one is an exception I found. When I write to it the value always resets to a CPU default as if my values were invalid. I can only make an impact on CPU by writing a 0x0 value, but then it gets quickly restored to default. I did the same change successfully using various tools on windows and I noticed some issues in your tool: - reading some registers returns a full 32-bit value but sometimes a shorter, decimal version (for example read returns 0x2800 instead of 0x00001C00) - maybe something with hex conversion is wrong? - writing MSR's looks a little bit broken, I am trying to understand this but I don't know much - looks like MSR registers can have a 64-bit value (in other way, a low and high 32-bit value for each EDX and EAX) and your utility only saves and reads 32-bit values from one part only? I'm not proficient in C and low-level programming though so maybe you can provide some input on if I use this wrong or maybe tool needs some fixes? Edited June 4, 2020 by zygzak Link to comment Share on other sites More sharing options...
Andy Vandijck Posted August 14, 2020 Author Share Posted August 14, 2020 (edited) I've made C versions for lzvn_encode and lzvn_decode I also have an utility for encoding and decoding using these. Attached below Enjoy LZVN.zip GitHub repo: https://github.com/vampirecat35/LZVN Edited August 14, 2020 by Andy Vandijck 3 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted August 15, 2020 Author Share Posted August 15, 2020 (edited) Added uncompressed prelinked kernel recompress to LZVN/LZSS. Edited August 17, 2020 by Andy Vandijck Link to comment Share on other sites More sharing options...
Andy Vandijck Posted August 18, 2020 Author Share Posted August 18, 2020 All versions for V2.3 are built. Supported platforms: - Android - iOS - AppleTVOS - WatchOS - macOS (X) - Windows Link to comment Share on other sites More sharing options...
Recommended Posts