macOS Sonoma Wireless Issues Discussion.

[surenmunoo]

1 hour ago, deeveedee said:

Admins - please tolerate and allow this post in multiple threads. It may hurt feelings and ruffle feathers - I'm beyond that and can't help that.

 

I am pleased with the Dev responses in the OCLP Security Thread. One of my reasons for assisting with the creation of the OCLP Thread was to have a public repository of OCLP security issues until messaging and warnings are implemented. Unfortunately, the Dev responses suggest more potential security vulnerabilities in OCLP than I had anticipated.

 

I will not be using OCLP to apply post-install patches on any 'production' systems where my private credentials, secure data and digital identity need to be protected and could be at risk.

 

There are many who are angry with me because I had the audacity to challenge the Devs and their generosity. That makes no sense. This is not personal, not a popularity contest, not a game of playing nice. This is serious and those who are treating the issue as a hobby and a game should only be using OCLP in a no-risk, hobby environment to play games.

 

I accept responsibility for helping to promote the use of OCLP. I am now trying to make all aware of the dangers.  Computer/data security happens to be my area of expertise and I recognize that there will be challenges and claims of overdoing it by those who have no idea what they are talking about.

 

BTW: This is so serious that I am suspicious of anyone who tries to clutter the OCLP thread with tangential garbage or makes attempts to damage my credibility or that of the OCLP security thread. There are people who want security vulnerabilities to remain unknown, unaddressed and fully exploitable. They will go to great lengths to win trust and popularity while hacking your data and stealing your identity. Ask Sam Bankman-Fried and Bernie Madoff how their customers loved them (until they didn't).

 

In this case, we must look a gift horse in the mouth. How quickly we have forgotten the lessons of the Trojan Horse and plenty of more current examples that should make us at least cautious.

I think most would know that using OCLP would put their systems at risk because it means disabling some of Apples security features but in saying this, I appreciate your post about it and the fact that you are highlighting it. I must admit that I have had some weird behaviour on my Sonoma hack recently with pages in Safari opening on their own while the PC is just sitting with no one using it. I at first thought it was a faulty keyboard or something silly but I looked at safari history and noticed web pages that I would never open and also got an email from someone claiming to have access to my web cam and asking me to pay $2500 for them to not leak my information. I reset my complete Hack, installed Ventura and Win 11 again and use my Mac Studio for Sonoma. Hack is strictly for Ventura and Winn 11 now. Whether or not this is related but I thought to mention as it seemed strange to me and I always believed that a Mac was nearly impossible to hack. 

[deeveedee]

@surenmunoo While one testimony doesn't provide a statistical sample sufficient for drawing conclusions, it reminds us that our data, identity and secure credentials need to be protected.

 

There is nothing that can guarantee computer/data security, but there are behaviors and practices that make us more vulnerable to hacks.  And behaviors/practices that make us more secure.

 

It is good to be careful and cautious - ask someone who has had their identity stolen, their bank account drained or their e-mail hacked.

 

I only want to communicate in the strongest way possible that OCLP (and any software that is not security-certified by reputable labs) is not free of risks - even if we love the Devs and their generosity. They are only human.  I'd love to have a beer with them, but I don't need to be afraid to ask the tough questions.

Edited October 9, 2023 by deeveedee

[deeveedee]

Has anyone found a proven USB Wi-Fi solution that works in Sonoma without any post-install patching (a USB Wi-Fi that doesn't need OCLP or modified kexts)?  Thank you.

 

EDIT: Bluetooth is optional - I'm only looking for USB Wi-Fi for Sonoma at this time, not Bluetooth.

 

EDIT2: My ask for "USB Wi-Fi" is overly constraining.  I'm looking for any Sonoma-compatible Wi-Fi solution that replaces the "factory installed" Wi-Fi and does not require post-install patches / modified kexts.  For example, a Wi-Fi device that connects to the PC's Ethernet port would be acceptable as well.  I am aware that I could repurpose an Access Point or Wi-Fi Bridge to be a Wi-Fi client, but portability is desirable, too.

Edited October 10, 2023 by deeveedee

[Matgen84]

1 hour ago, deeveedee said:

Has anyone found a proven USB Wi-Fi solution that works in Sonoma without any post-install patching (a USB Wi-Fi that doesn't need OCLP or modified kexts)?  Thank you.

 

EDIT: Bluetooth is optional - I'm only looking for USB Wi-Fi for Sonoma at this time, not Bluetooth.

 

EDIT2: My ask for "USB Wi-Fi" is overly constraining.  I'm looking for any Sonoma-compatible Wi-Fi solution that replaces the "factory installed" Wi-Fi and does not require post-install patches / modified kexts.  For example, a Wi-Fi device that connects to the PC's Ethernet port would be acceptable as well.  I am aware that I could repurpose an Access Point or Wi-Fi Bridge to be a Wi-Fi client, but portability is desirable, too.

 

@deeveedee There are also Intel Wifi card (working with Airportitlwm Preview 05 for Sonoma). OpenIntelWireless on Github. Ask to @chris1111 for USB Wifi  key.

[deeveedee]

@Matgen84 I haven't played much with the Intel Wi-Fi which is why it wasn't on my radar.  Excellent suggestion.

[deeveedee]

To expand our audience, I have started another Sonoma Wi-Fi discussion at MacRumors here.

[HyperX7]

1 hour ago, deeveedee said:

@Matgen84 I haven't played much with the Intel Wi-Fi which is why it wasn't on my radar.  Excellent suggestion.

@deeveedee Hi. I am glad to follow this forum and you. I agree with you too and went back to the Asus N10 USB Wifi dongle that I used in my first Hackintosh experiences. I currently use Sonoma with Asus N10. Thank you again.

 

What I did to get rid of Root Patch;

I didn't revert from the OCLP patcher alone. I canceled the uploaded kexts, made Secure boot default, removed Bootargs. I made the value of csr-active-Config 0 and restarted the system.

 

Below is the screenshot I took when I ran the OCLP app when my system reopened.

 

 

 

 

In this case, is it a risk for me not to do the Revert Root Patch?  İn this case my Root Patch is already canceled? 

 

[deeveedee]

@HyperX7 Just to confirm, you are saying that Asus N10 USB Wifi dongle is proven and tested as a working Wi-Fi solution in macOS Sonoma WITHOUT OCLP post-install patches?

Edited October 10, 2023 by deeveedee

[HyperX7]

28 minutes ago, deeveedee said:

@HyperX7 Just to confirm, you are saying that Asus N10 USB Wifi dongle is proven and tested as a working Wi-Fi solution in macOS Sonoma WITHOUT OCLP post-install patches?

Yes of course. However, I use @chris1111's "Notarized Wireless USB Big Sur Adapter" app and kexts and SIP is disabled.

 

https://github.com/chris1111/Wireless-USB-Big-Sur-Adapter/discussions/159

https://github.com/chris1111/Wireless-USB-OC-Big-Sur-Adapter

 

 

Edited October 10, 2023 by HyperX7

[surenmunoo]

33 minutes ago, deeveedee said:

@HyperX7 Just to confirm, you are saying that Asus N10 USB Wifi dongle is proven and tested as a working Wi-Fi solution in macOS Sonoma WITHOUT OCLP post-install patches?

The wifi dongles will work but you won't get Airdrop etc with it. 

[HyperX7]

5 minutes ago, surenmunoo said:

The wifi dongles will work but you won't get Airdrop etc with it. 

 

Yes, I am aware of this, but it should be my security priority in my system that I use all the time, so I had to waive some features.

[Cyberdevs]

@HyperX7 and @deeveedee

Replacing one Patcher's kext with another ones defeats the security purpose of the whole argument. Don't you think?

No matter if you use OCLP's kexts or itwlm or anyone else's for that matter doesn't mean that there will be no vulnerability to be exploited. 

And yes I know with OCLP you need to disable SIP (partially or completely) and bypass AMFI (partially or completely) but we always need to know that we are running an operating system that was not intended for our hardware so if god forbid anything bad happens we have no one to blame but ourselves.

[deeveedee]

@Cyberdevs If I find a Sonoma-compatible Wi-Fi solution that doesn't require me to break the macOS seal in order to root-patch macOS, that's an improvement in my book. While an OC-injected kext carries its own risks, it is easier to review/test to ensure that potential exploits are contained within any flaws (or intentional vulnerabilities) that may exist in the kext.

 

OCLP requires the macOS seal to be broken for root patching with a Wi-Fi framework extracted from an older macOS...  more here.

 

With my HackBookPro6,2, I am currently using this Ethernet-Over-Power solution here.  I have reviewed MausiEthernet.kext (which enables my Ethernet port in macOS) and have accepted the risks associated with this single kext (far less risky than the rooted macOS with a broken APFS seal).

 

EDIT: I am investigating Wi-Fi solutions that connect to the Ethernet port.  If I only need IntelMausiEthernet.kext to enable Wi-Fi on my laptop, that (in my opinion) is much safer with fewer potential vulnerabilities than OCLP root patches or itwlm. 

Edited October 10, 2023 by deeveedee

[Cyberdevs]

@deeveedee

Yep, I agree, if any adapter works without breaking the APFS seal is going to better than having the exposed OS.

[deeveedee]

16 hours ago, Cyberdevs said:

@deeveedee

Yep, I agree, if any adapter works without breaking the APFS seal is going to better than having the exposed OS.

I am currently testing a D-Link Wi-Fi adapter that connects to my laptop's Ethernet port.  It is powered via a USB cable to my laptop.  While not as seamless as built-in Wi-Fi, it is very portable, very easy to use and requires only IntelMausiEthernet.kext.  After I find a wireless solution that meets my requirements, I will post an update.

 

EDIT: Setup of the D-Link Ethernet-connected Wi-Fi is very simple:

• connect D-Link Wi-Fi adapter to Ethernet port via CAT-5
• connect D-Link power port to USB port using provided power cable included with the D-Link adapter
• configure laptop Ethernet port static IP within D-Link adapter's LAN subnet
• browse to D-Link adapter's browser-based config and scan for available Wi-Fi SSIDs
• choose a Wi-Fi SSID, select security (e.g., WPA2) and enter pass phrase

 

With this solution, I have Wi-Fi in Sonoma using only IntelMausiEthernet.kext

 

EDIT2: This particular D-Link model that I am testing (very old, but still works) is 2.4GHz only.  It has a built-in wizard (accessible via web browser) that makes scanning and selecting a Wi-Fi hotspot very easy.  This solution works very well.

 

EDIT3: As indicated by Slice, this Wi-Fi solution does not provide native support for AirDrop, AirPlay and other features that require natively working Wi-Fi. It provides a Mac with a Wi-Fi wireless data connection.

Edited October 11, 2023 by deeveedee

[deeveedee]

I have posted a very good Sonoma Wi-Fi solution here.  This solution requires only an Ethernet port (which for me, requires IntelMausiEthernet.kext) and does not require OCLP or any extra drivers / software.

 

EDIT: As indicated by Slice, this Wi-Fi solution does not provide native support for AirDrop, AirPlay and other features that require natively working Wi-Fi. It provides a Mac with a Wi-Fi wireless data connection.

Edited October 11, 2023 by deeveedee

[Slice]

"you have lost AirDrop, AirPlay, and other 'features' that require a working WiFi,"

[deeveedee]

@Slice I'm trading security against features.  I'm still looking for options that can provide more features without compromising security.

 

EDIT: Thank you for pointing this out.  I have edited my posts to make sure that this tradeoff is clear.  I recognize that your post is quoted from here.

 

EDIT2: @Slice Your comment reminds me of a story I once read in an old Readers Digest "Laughter the best Medicine."   A skydiver is about to jump out of an airplane without a parachute.  His buddy asks, "Why no parachute?"  The skydiver answers, "Because the straps will wrinkle my new shirt."

Edited October 11, 2023 by deeveedee

[CloverLeaf]

@deeveedee Are you looking for m.2 card for your EliteDesk ? If yes, you have plenty of options starting from Intel 8260 all the way to AX211. All of them work just fine both Wi-Fi and BT without the need of OCLP or SIP disabled. I can confirm working on my hacks Intel 8265NGW, 9560NGW, AX210 and AX211.

[FredWst]

Hi,

 

@CloverLeaf

 

With AX210, AX211 :does  AirDrop, AirPlay, iMessage, HandOff and other 'features' working ?

 

I've AX200 those features doesn't work.

 

Fred

[CloverLeaf]

@FredWst  I have tested AirDrop before and it worked in one direction only. Since I don't use any of the features mentioned (I use Android phone/tablet) I don't have an option to test further. Never been in the Apple ecosystem. I use MacOS only for music production and simple browsing/movies etc. Also the speed of the latest Intel AX210, 211 can't be compared to the old and slow natively supported BCM cards. It's been said many times that if you are looking for fully supported Wifi/BT you have to use OCLP with the well known BCM cards.

[FredWst]

Ok understand.

 

Take a look here.

 

 

Seems you're not in phase with other user who said it works.

Maybe was working on beta 2, but not on release.

Who is right ? 

 

Fred

Edited October 11, 2023 by FredWst

[pkdesign]

Well this discussion is quite alarming. Is it the breakign of the macOS "seal" or is it the disabling of SIP that is the issue? Or, obviously the combination of the two?

 

I'm exhausted with this update to Sonoma and am ready to go back to Monterey which was rock solid for me.

[deeveedee]

16 hours ago, pkdesign said:

Well this discussion is quite alarming. Is it the breakign of the macOS "seal" or is it the disabling of SIP that is the issue? Or, obviously the combination of the two?

 

I'm exhausted with this update to Sonoma and am ready to go back to Monterey which was rock solid for me.

If you don't need XCode, Monterey is perfectly good and still getting Apple updates.

 

Also, Apple has been sending occasional notices about their "Cloud-based XCode."  I don't know enough about it, but it appears to me as though developers will have access to the latest XCode without the latest macOS.  Does anyone have experience with Apple's Cloud-based XCode to know if it is a suitable replacement for XCode running in Sonoma?

 

EDIT: This post explains that the cloud-based XCode is very limited and not a direct replacement for XCode in macOS.

Edited October 12, 2023 by deeveedee

[miliuco]

@deeveedee

 

In my experience, Xcode runs on Ventura much better than on Sonoma.

In Sonoma I have the "lldb-rpc-server has crashed" issue (not all the projects): Xcode debug phase crashes although the product is well built into the target folder.

And command line apps built within Xcode fails to run when double clic on them (but they can be run by ./app-name from Terminal).

In Sonoma these issues don't exist. Xcode runs ok.

 

Not tried nothing yet about Cloud-based XCode.