liji32 / mip Goto Github PK
View Code? Open in Web Editor NEWMIP – macOS Injection Platform
License: Other
MIP – macOS Injection Platform
License: Other
Hi, I tried my very first bundle today, its intent is to tweak Terminal.app
window appearence. Here's its implementation, using swizzling since a category can not override a class method anymore.
TerminalMaterialDark.h
:
// Version: $Id$
//
//
// Commentary:
//
//
// Change Log:
//
//
// Code:
#import <AppKit/AppKit.h>
// ///////////////////////////////////////////////////////////////////
//
// ///////////////////////////////////////////////////////////////////
@interface NSViewController(TerminalMaterialDark)
- (void)injected_viewDidLoad;
@end
//
// TerminalMaterialDark.h ends here
TerminalMaterialDark.m
:
// Version: $Id$
//
//
// Commentary:
//
//
// Change Log:
//
//
// Code:
#import <Cocoa/Cocoa.h>
#import <objc/runtime.h>
#import "TerminalMaterialDark.h"
// ///////////////////////////////////////////////////////////////////
//
// ///////////////////////////////////////////////////////////////////
@implementation NSViewController(TerminalMaterialDark)
+ (void)load
{
printf("MIP injected NSViewController::load\n");
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
Class class = [self class];
SEL originalSelector = @selector(viewDidLoad:);
SEL swizzledSelector = @selector(injected_viewDidLoad:);
Method originalMethod = class_getInstanceMethod(class, originalSelector);
Method swizzledMethod = class_getInstanceMethod(class, swizzledSelector);
BOOL didAddMethod =
class_addMethod(class,
originalSelector,
method_getImplementation(swizzledMethod),
method_getTypeEncoding(swizzledMethod));
if (didAddMethod) {
class_replaceMethod(class,
swizzledSelector,
method_getImplementation(originalMethod),
method_getTypeEncoding(originalMethod));
} else {
method_exchangeImplementations(originalMethod, swizzledMethod);
}
});
}
- (void)injected_viewDidLoad
{
printf("MIP injected viewDidLoad\n");
[self injected_viewDidLoad];
[[self.view window] setMovableByWindowBackground:YES];
self.view.window.titlebarAppearsTransparent = true;
self.view.window.titleVisibility = NSWindowTitleHidden;
self.view.window.styleMask |= NSWindowStyleMaskFullSizeContentView;
self.view.window.appearance = [NSAppearance appearanceNamed:NSAppearanceNameVibrantDark];
}
@end
//
// TerminalMaterialDark.m ends here
And Info.plist
:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MIPUseBlacklistMode</key>
<false/>
<key>MIPBundleNames</key>
<string>com.apple.Terminal</string>
<key>MIPExecutableName</key>
<string>Terminal</string>
<key>CFBundleExecutable</key>
<string>TerminalMaterialDark</string>
<key>CFBundleIdentifier</key>
<string>local.TerminalMaterialDark</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>TerminalMaterialDark</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleVersion</key>
<string>1</string>
</dict>
</plist>
After a make && make install
, lanching Terminal.app
does not print anything whatsoever.
Am I missing something?
Thanks.
Substrate's Bundles
accepts any bundle identifier, not just application bundle IDs. For example, if you wanted to modify NSApp.mainMenu
in every app, you would use com.apple.AppKit
. Your tweak would load into all GUI apps (any process that links AppKit) to make a system wide tweak — without having to use a wildcard bundle and blacklist daemons.
Happy to put up a PR for this if you'd accept it!
buddy, please tell me how to know whether inject success or not in chrome subProcess when I click new Tab. I print log in console but show nothing , but I saw your "readme" desc that can support it. I just want to know how can I test it. thx
Hi,
When I try to inject some app with the inject tool on macOS 14.4, both the inject tool and the target app would crash.
I'm using a Intel-based macbook pro, but I think Macs with Apple silicon probably have the same issue.
Attached are the ips files.
ips.zip
copy inject and payload file to my project use to inject
but mach-o/dyld_images.h not Found
can you help me?
I don't know, if you still receive E-Mails from closed issues.
This is what I posted in "Support Rosetta Plz #25"
"Thx for the Rosetta 2 update.
I tested your new version with Monterey and Sonoma.
Works with Monterey but not with Ventura + Sonoma.
Just wanna let you know."
I can't give you any info about my testing.
My INTEL only apps just started without any injection.
Thx
Hi, first of all, pretty cool injection tool.
I played a little bit with MIP and noticed a settings.plist problem.
MIP doesn't read the plist cause you used NSKeyedUnarchiver.
I recommend to use:
NSDictionary *user_preferences = [NSDictionary dictionaryWithContentsOfFile:[@(MIP_user_data_path()) stringByAppendingPathComponent:@"settings.plist"]];
That will fix the problem.
as well as binutils for gobjcopy (brew install binutils), which should be linked as gobjcopy
No matter what I've tried I get this error.
mkdir -p build/injector/ cc -g -mmacosx-version-min=10.10 -I. -Werror -O3 -Wno-deprecated-declarations -isysroot -arch arm64e -c injector/lsd_injector.c -o build/injector/lsd_injector.c.o clang: error: no such file or directory: 'arm64e' clang: error: no such sysroot directory: '-arch' [-Werror,-Wmissing-sysroot] make: *** [build/injector/lsd_injector.c.o] Error 1
I booted the system and everything works (no complaint from the Helper App). After some time the commands no longer worked: opened the Helper App and sure enough, it said the bundle wasn't installed.
This has happened twice now. A reboot always fixes it.
macOS 12.4 M1-MBA
Payload crashes the injected process, including launchservicesd, when using MIP in High Sierra.
Hi, would be nice,
if you could add compatibility for macOS Ventura.
Thx
Hello again,
today I discovered an issue with MIP on M1 - macOS 12.6.2
MIP does not work anymore.
I have no idea what it caused - macOS update or XProtect update...
I tried to start it from terminal and got this:
Inject MIP to launchservicesd without a restart? [y/N] y
/bin/sh: line 1: 1378 Killed: 9 sudo inject launchservicesd /Library/Apple/System/Library/Frameworks/mip/lsdinjector.dylib
make: *** [install] Error 137
Watching console I got this:
Acquiring assertion targeting [app<application.com.apple.Console.1152921500311973676.1152921500311973681(501)>:954] from originator [daemon<com.apple.coreservices.launchservicesd>:146] with description <RBSAssertionDescriptor| "notification:954" ID:195-146-763 target:954 attributes:[
<RBSDomainAttribute| domain:"com.apple.launchservicesd" name:"LSNotification" sourceEnvironment:"(null)">
]>
Any idea?
PS: MIP still works on my INTEL Mac with Monterey 12.6.2
1、Mach Info
CPU:Intel Core i7 (2017)
Version:Macos Montery 12.6
ps: SIP already disable
2、Install Message
➜ MIP sudo make install
if [ -d /usr/lib/mip ]; then \
sudo rm /Users/*/Library/MIP ;\
sudo mkdir -p /Library/Apple/System/Library/Frameworks/ ;\
sudo mv /usr/lib/mip /Library/Apple/System/Library/Frameworks/ ;\
sudo ln -s /Library/Apple/System/Library/Frameworks/mip /usr/lib/mip ;\
fi
sudo mkdir -p /Library/Apple/System/Library/Frameworks/mip/user_data
sudo mkdir -p /Library/Apple/System/Library/Frameworks/mip/Bundles
sudo mkdir -p /usr/local/include/mip
sudo cp build/lsdinjector.dylib build/loader.dylib /Library/Apple/System/Library/Frameworks/mip/
sudo cp build/inject /usr/local/bin/
sudo cp loader/loader_public.h /usr/local/include/mip/loader.h
sudo cp local.lsdinjector.plist /Library/LaunchDaemons/
sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true
(read -p "Inject MIP to launchservicesd without a restart? [y/N] " -n 1 -r; echo ; if [[ $REPLY =~ ^[Yy]$ ]]; then sudo inject launchservicesd /Library/Apple/System/Library/Frameworks/mip/lsdinjector.dylib; fi;)
Inject MIP to launchservicesd without a restart? [y/N] y
sudo: unable to execute /usr/local/bin/inject: Bad CPU type in executable
make: *** [install] Error 1
% inject
zsh: killed inject
A similar error occurs when this is called during make install
.
This is on macOS 12.4 on a 2020 MacBook Air (with M1.)
Today I updated Sonoma to 14.4.b2 and have sad news for MIP
MIP stopped working. I uninstalled it.
After a fresh install I got this in Terminal window:
Injecting to process 142
/bin/sh: line 1: 1665 Killed: 9 sudo inject launchservicesd /Library/Apple/System/Library/Frameworks/mip/lsdinjector.dylib
make: *** [install] Error 137
Any idea ?
After system reboot injection does not work most of the time on Big Sur+ (tried on 11.3 and 12.6), on limited amount of tries I did on Catalina it worked 100% of the time. Intel CPU.
Seems like daemon does run after reboot.
$ launchctl print system/local.lsdinjector
system/local.lsdinjector = {
active count = 0
path = /Library/LaunchDaemons/local.lsdinjector.plist
state = not running
program = /usr/local/bin/inject
arguments = {
/usr/local/bin/inject
launchservicesd
/Library/Apple/System/Library/Frameworks/mip/lsdinjector.dylib
-w
}
default environment = {
PATH => /usr/bin:/bin:/usr/sbin:/sbin
}
environment = {
XPC_SERVICE_NAME => local.lsdinjector
}
domain = system
minimum runtime = 1
exit timeout = 5
runs = 1
last exit code = 0
semaphores = {
successful exit => 0
}
spawn type = daemon (3)
jetsam priority = 4
jetsam memory limit (active) = (unlimited)
jetsam memory limit (inactive) = (unlimited)
jetsamproperties category = daemon
jetsam thread limit = 32
cpumon = default
properties = runatload | inferred program | system service
}
$ sudo launchctl load -w /Library/LaunchDaemons/local.lsdinjector.plist
/Library/LaunchDaemons/local.lsdinjector.plist: service already loaded
Load failed: 37: Operation already in progress
Log message is the same regardless, if it succeeded after reboot or not:
Searching...
Injecting to process 130
I have to run these commands
$ sudo launchctl unload -w /Library/LaunchDaemons/local.lsdinjector.plist
$ sudo launchctl load -w /Library/LaunchDaemons/local.lsdinjector.plist
or this command and then restart applications that I have on bundle's whitelist to make injection work.
$ sudo inject launchservicesd /Library/Apple/System/Library/Frameworks/mip/lsdinjector.dylib -w
Steps to reproduce: install bundle (Alt-Zoom). Try launching word: it crashes.
Uninstall the Alt-Zoom bundle (ie delete) now Word works.
Getting the error
gobjcopy: No such file or directory
Hello, today I tried out the new macOS Sequoia with MIP
and encountered the same problem as the latest Sonoma 14.5.
Do you know what install error 137 is?
Thx
I tried code on x86 with SIP enabled, and it works
This code does not support apple m1 processor
"MIP is currently unable to inject to Intel processes running through Rosetta. This will be addressed in a future version."
Could u plzzzzzzz support injection to Intel processes running through Rosetta ?
Just wait for a long time.
About a year.
Environment: M2 MacBook Air, macOS 12.6
I built and installed the project, enabled the preview abi boot arg, and rebooted. Then I made and installed the sample bundle. Everything installed fine, I checked. But when I open the Alt-Zoom app, it says it is not installed, which just means the class/plugin wasn't loaded.
The only thing I did differently is I used ldid -S $@
in place of the codesign
command in both projects, to pseudo-sign the binaries. I don't know a lot about how code signing works, but I know this is what we use in the jailbreak world to sign binaries, and I am able to use it to sign modified app executables or frameworks to make them run on my mac, so I don't know why that might be an issue here.
Assuming that's not the issue, how do I troubleshoot this? (In the meantime, I'm going to try again with an actual codesigning identity just to be safe)
Edit: that was the issue! Strangely, I only had to re-sign and re-install MIP itself… I can still pseudo sign the tweaks themselves. Not a big deal I guess! I'll close this
I followed the instructions in the readme, but it kept saying "CodeSign: no identity found". I looked at the Makefile, and it turns out the variable is called SIGN_IDENTITY
, not SIGNING_IDENTITY
as it says in the readme.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.