Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/duo-labs/apple-t2-xpc

Tools to explore the XPC interface of Apple's T2 chip
https://github.com/duo-labs/apple-t2-xpc

Last synced: 2 months ago
JSON representation

Tools to explore the XPC interface of Apple's T2 chip

Host: GitHub
URL: https://github.com/duo-labs/apple-t2-xpc
Owner: duo-labs
License: other
Created: 2019-02-14T13:38:10.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2019-08-08T23:30:43.000Z (over 5 years ago)
Last Synced: 2024-11-09T22:38:43.312Z (2 months ago)
Language: Python
Homepage: https://duo.com/labs/research/apple-t2-xpc
Size: 71.3 KB
Stars: 160
Watchers: 15
Forks: 17
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Apple T2 XPC
This project is an exploration of the network communications between macOS and
the T2 chip. It can be used to decode and print the XPC messages, and provides
an example of building a protocol-compliant client to communicate with a
service on the T2 chip.

More information can be found in [our report](https://duo.com/labs/research/apple-t2-xpc).

### Install

This is a Python3 project.

#### Python 3.6

One of the changes in 3.7 was how python handles multiple inheritance,
particularly with method resolution order (MRO). Because the h2 library has a
bug with this new method resolution order, we need to use Python 3.6.

On a mac, to do this we need to use pyenv. (use `brew` to install it if you don't have it)
`pyenv install 3.6.7`

And then every time you want to run it (or pip3 install stuff), you'll need to
run this from the project directory:
`eval "$(pyenv init -)"`

#### pip3 stuff

To install, you will need to install:
```pip3 install -r requirements.txt```

#### h2 module

The hyper-h2 module is HTTP/2 spec-compliant. Unfortuantely, Apple
communications are not. We have included a slightly-modified copy
of the h2 module, still under its original MIT license.

### Running it

There are currently two main utilities contained in this repo:
- `vhc128sniff.py` will listen on the VHC128 interface and decode as many XPC messages as it can between the t2 chip and the mac. It can also be run with the `-f` flag and a file path to read from a tcpdump-format packet capture.
- `sysdiagnose_client.py` will attempt to connect to the t2 chip and initiate a sysdiagnose connection.

### Update: getting `remotectl` working again

```
csrutil disable # (in recovery)
```

```
nvram boot-args=”amfi_get_out_of_my_way=0x01” # (reboot)
```

```
cp /usr/libexec/remotectl /tmp/

cat << EOF > /tmp/entitlements.ent

com.apple.private.RemoteServiceDiscovery.device-admin

com.apple.private.network.intcoproc.restricted

EOF

jtool --sign --ent /tmp/entitlements.ent --inplace /tmp/remotectl

/tmp/remotectl relay localbridge com.apple.sysdiagnose.remote
```