SUMMARY: PR | 21C39 | Readme.md Changes for troubleshooting
xsscx opened this issue · 2 comments
21C39 | Readme.md Changes for troubleshooting
It was found that the troubleshooting instructions for cryptexctl contain in Readme.md can be optimized.
A suggested change to the Readme.md is shown below:
Remove: cryptexctl -v9 -d9 -ldt install --print-info ./com.example.cryptex.cxbd
Add: cryptexctl -v4 -d4 install --variant=research --persist --print-info ./com.example.cryptex.cxbd.signed (21C39)
Then, then correct output is shown for cryptexctl -print-info as shown below:
cryptexctl.research: executable_path => /usr/local/bin/cryptexctl.research
cryptexctl.research: ptr_munge =>
cryptexctl.research: main_stack =>
cryptexctl.research: executable_file => 0x1c01000006,0x53ca9
cryptexctl.research: dyld_file => 0x1c01000006,0xfffffff000e3982
cryptexctl.research: executable_cdhash => 50da1fdfbd3511624b146f0dbf201e7e305a74ae
cryptexctl.research: executable_boothash => 4a503cd7f10ec917ef7203df2f670ad4c20962a3
cryptexctl.research: th_port =>
will persist cryptex
Example Data Collector
date >> srd-cryptex-troubleshooter.log
uname -a >> srd-cryptex-troubleshooter.log
clang -v >> srd-cryptex-troubleshooter.log
cryptexctl version >> srd-cryptex-troubleshooter.log
sysctl -a | grep brand >> srd-cryptex-troubleshooter.log
csrutil status >> srd-cryptex-troubleshooter.log
cryptexctl -v4 -d4 install --variant=research --persist --print-info ./com.example.cryptex.cxbd.signed
sudo sysdiagnose
cat srd-cryptex-troubleshooter.log
Mon Jan 17 07:36:48 EST 2022
Darwin mini.local 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 PST 2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64
Darwin Cryptex Management Interface Version 2.0.0: Sun Dec 19 22:28:12 PST 2021; root:libcryptex_executables-169.80.2~9/cryptexctl/WEN_ETA_X86_64
machdep.cpu.brand: 0
machdep.cpu.brand_string: Intel(R) Core(TM) i7-8700B CPU @ 3.20GHz
System Integrity Protection status: disabled.
It was also found that the command line args -t is not shown when cryptexctl is run. Please consider documenting the -t arg.
Please consider making these changes to your Readme.md.
Commit: 8283d85
Report: https://github.com/apple/security-research-device/issues/40
As of May 31, 2022
This Issue continues to cause Build Pipeline Issues for SRDC, see URL https://github.com/apple/security-research-device/issues/59
Background | make clean | can't build IOKitKeysPrivate.h
With Security Research Tools (SRT) 20C80, the file name extension is .cxbd.
Running make clean would do the right thing.
With later Releases of SRT, as shown in the Makefile, the file extension is .cxbd.signed
The Issue is Summarized in PR42 at URL https://github.com/apple/security-research-device/pull/42
The action of:
make clean
when using the Makefile from the ./example-cryptex/ at URL https://github.com/apple/security-research-device/blob/main/example-cryptex/Makefile contains:
rm -rf ${CRYPTEX_ROOT_DIR} ${CRYPTEX_DMG_NAME} ${CRYPTEX_ID}.cptx
yet the correct action is to:
rm -rf ${CRYPTEX_ROOT_DIR} ${CRYPTEX_DMG_NAME} ${CRYPTEX_ID}.cxbd.signed
That incorrect cleansing Issue may be seen as:
make clean
...
rm: /Users/xss/iphone11/com.example.cryptex.dstroot/usr: Permission denied
rm: /Users/xss/iphone11/com.example.cryptex.dstroot: Permission denied
rm: /Users/xss/iphone11/sdk-graft/
make: *** [clean] Error 1
That will Result with Questions containing keywords:
can't build IOKitKeysPrivate.h
A potential Workaround is to:
Step 1:
rm -rf com.example.cryptex.cxbd.signed com.example.cryptex.cxbd srd-universal-cryptex.dmg com.example.cryptex.dmg srd-universal-cryptex.dmg.backup com.example.cryptex.cxbd.signed com.example.cryptex.dstroot com.example.cryptex.cptx
Step 2:
Modify Makefile and Remove:
rm -rf ${CRYPTEX_ROOT_DIR} ${CRYPTEX_DMG_NAME} ${CRYPTEX_ID}.cxbd
Adding:
rm -rf ${CRYPTEX_ROOT_DIR} ${CRYPTEX_DMG_NAME} ${CRYPTEX_ID}.cxbd ${CRYPTEX_ID}.cxbd.signed