leiless · February 26, 2021 03:16 · leiless · Aug 11, 2019 · leiless · Aug 11, 2019
diff --git a/csrutil_EntryPoint.c b/csrutil_EntryPoint.c
 int csrutil_EntryPoint(int arg0, int arg1) {
    rsi = arg1;
    r15 = rsi;
    r12 = arg0;
    if (r12 == 0x1) goto loc_100001f05;

 loc_10000184d:
    rbx = *(r15 + 0x8);
    if (strcmp(rbx, "clear") == 0x0) goto loc_10000193f;

 loc_100001868:
    r14 = r12 - 0x1;
    if (strcmp(rbx, "disable") == 0x0) goto loc_100001965;

 loc_100001884:
    r15 = r15 + 0x8;
    if (strcmp(rbx, "enable") == 0x0) goto loc_1000019e4;

 loc_10000189f:
    if (strcmp(rbx, "netboot") == 0x0) goto loc_100001b85;

 loc_1000018b6:
    if (strcmp(rbx, "report") == 0x0) goto loc_100001b92;

 loc_1000018cd:
    if (strcmp(rbx, "status") != 0x0) goto loc_100001f62;

 loc_1000018e4:
    var_B4 = 0x0;
    rax = csr_get_active_config(&var_B4, "status");
    if (rax != 0x0) goto loc_100001f4f;

 loc_1000018fe:
    printf("System Integrity Protection status: ");
    rax = var_B4;
    if (rax <= 0x66) {
            if (rax != 0x0) {
                    if (rax == 0x10) {
                            rsi = "status";
                            rdi = "enabled (Apple Internal).";
                    }
                    else {
                            puts("enabled (Custom Configuration).\n");
                            puts("Configuration:");
                            rsi = "disabled";
                            if ((var_B4 & 0x10) != 0x0) {
                                    rsi = "enabled";
                            }
                            printf("\tApple Internal: %s\n", rsi);
                            rbx = 0x10;
                            do {
                                    rsi = *(rbx + objc_cls_ref_NSMutableArray);
                                    rdx = "enabled";
                                    if ((var_B4 & *(int32_t *)(rbx + 0x1000032a0)) != 0x0) {
                                            rdx = "disabled";
                                    }
                                    printf("\t%s: %s\n", rsi, rdx);
                                    rbx = rbx + 0x18;
                            } while (rbx != 0xa0);
                            rdi = "\nThis is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.";
                    }
            }
            else {
                    rsi = "status";
                    rdi = "enabled.";
            }
    }
    else {
            if (rax != 0x67) {
                    if (rax == 0x77) {
                            rsi = "status";
                            rdi = "disabled (Apple Internal).";
                    }
                    else {
                            puts("enabled (Custom Configuration).\n");
                            puts("Configuration:");
                            rsi = "disabled";
                            if ((var_B4 & 0x10) != 0x0) {
                                    rsi = "enabled";
                            }
                            printf("\tApple Internal: %s\n", rsi);
                            rbx = 0x10;
                            do {
                                    rsi = *(rbx + objc_cls_ref_NSMutableArray);
                                    rdx = "enabled";
                                    if ((var_B4 & *(int32_t *)(rbx + 0x1000032a0)) != 0x0) {
                                            rdx = "disabled";
                                    }
                                    printf("\t%s: %s\n", rsi, rdx);
                                    rbx = rbx + 0x18;
                            } while (rbx != 0xa0);
                            rdi = "\nThis is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.";
                    }
            }
            else {
                    rsi = "status";
                    rdi = "disabled.";
            }
    }
    puts(rdi);
    r15 = [sub_1000020f6(rdi, rsi, rdx, rcx) retain];
    if (r15 == 0x0) goto loc_100001f4f;

 loc_100001cfb:
    rbx = [[r15 objectForKeyedSubscript:@"netboot-sources"] retain];
    r12 = [rbx count];
    [rbx release];
    if (r12 != 0x0) {
            putchar(0xa);
            puts("Allowed NetBoot sources:");
            *(int128_t *)(&var_120 + 0x30) = intrinsic_movaps(*(int128_t *)(&var_120 + 0x30), 0x0);
            *(int128_t *)(&var_120 + 0x20) = intrinsic_movaps(*(int128_t *)(&var_120 + 0x20), 0x0);
            *(int128_t *)(&var_120 + 0x10) = intrinsic_movaps(*(int128_t *)(&var_120 + 0x10), 0x0);
            var_120 = intrinsic_movaps(var_120, 0x0);
            var_C8 = r15;
            rax = [r15 objectForKeyedSubscript:@"netboot-sources"];
            rax = [rax retain];
            var_C0 = rax;
            rax = [rax countByEnumeratingWithState:&var_120 objects:&var_B0 count:0x10];
            rbx = rax;
            if (rbx != 0x0) {
                    r13 = *_objc_msgSend;
                    r15 = **(&var_120 + 0x10);
                    do {
                            r14 = r13;
                            r13 = 0x0;
                            do {
                                    if (*var_110 != r15) {
                                            objc_enumerationMutation(var_C0);
                                    }
                                    printf("    %s\n", (r14)(objc_retainAutorelease(*(var_118 + r13 * 0x8)), @selector(UTF8String)));
                                    r13 = r13 + 0x1;
                            } while (r13 < rbx);
                            r13 = r14;
                            rax = (r13)(var_C0, @selector(countByEnumeratingWithState:objects:count:), &var_120, &var_B0, 0x10);
                            rbx = rax;
                    } while (rbx != 0x0);
            }
            [var_C0 release];
            r15 = var_C8;
    }
    [r15 release];
    goto loc_100001b5d;

 loc_100001b5d:
    if (**___stack_chk_guard == **___stack_chk_guard) {
            rax = 0x0;
    }
    else {
            rax = __stack_chk_fail();
    }
    return rax;

 loc_100001f4f:
    rax = errx(0x45, "failed to retrieve system integrity configuration.");
    return rax;

 loc_100001f62:
    rdi = "invalid command %s";
    goto loc_100001edc;

 loc_100001edc:
    sub_100001744(rdi, rbx, rdx, rcx, r8, r9, var_120);
    goto loc_100001ee6;

 loc_100001ee6:
    rsi = r13;
    sub_100001744("invalid option %s.", rsi, rdx, rcx, r8, r9, var_120);
    goto loc_100001ef7;

 loc_100001ef7:
    sub_100001744("--without requires an argument.", rsi, rdx, rcx, r8, r9, var_120);
    goto loc_100001f05;

 loc_100001f05:
    sub_100001744(0x0, rsi, rdx, rcx, r8, r9, var_120);
    rax = __stack_chk_fail();
    return rax;

 loc_100001b92:
    var_B0 = 0x0;
    rax = csr_get_active_config(&var_B0, "report");
    if (rax != 0x0) goto loc_100001f4f;

 loc_100001bac:
    r14 = msgtracer_domain_new("com.apple.security.csr-config", "report");
    if (r14 == 0x0) goto loc_100001f6e;

 loc_100001bcb:
    rbx = msgtracer_msg_new(r14, "report");
    if (rbx == 0x0) goto loc_100001f77;

 loc_100001bdf:
    rax = var_B0;
    msgtracer_set(rbx, "com.apple.message.signature");
    msgtracer_log(rbx, 0x5, "");
    msgtracer_msg_free(rbx);
    msgtracer_domain_free(r14);
    goto loc_100001b5d;

 loc_100001f77:
    rsi = "failed to create report message.";
    goto loc_100001f7e;

 loc_100001f7e:
    rax = errx(0x47, rsi);
    return rax;

 loc_100001f6e:
    rsi = "failed to create reporting domain.";
    goto loc_100001f7e;

 loc_100001b85:
    sub_1000011f6(r14, r15);
    goto loc_100001b5d;

 loc_1000019e4:
    var_B0 = 0x0;
    rax = csr_get_active_config(&var_B0);
    rdi = 0x10;
    if (rax == 0x0) {
            rdi = 0x200 & var_B0 | 0x10;
    }
    if (r14 < 0x2) goto loc_100001b44;

 loc_100001a17:
    var_E0 = r12 - 0x2;
    rax = 0x1;
    var_D8 = r15;
    var_CC = r14;
    goto loc_100001a3c;

 loc_100001a3c:
    var_C8 = rdi;
    var_C0 = rax;
    r13 = sign_extend_64(rax);
    rbx = *(r15 + r13 * 0x8);
    if (strcmp(rbx, "--no-internal") == 0x0) goto loc_100001b2a;

 loc_100001a66:
    if (strcmp(rbx, "--without") != 0x0) goto loc_100001ed5;

 loc_100001a7d:
    rsi = "--without";
    if (var_C0 == var_E0) goto loc_100001ef7;

 loc_100001a8f:
    r14 = 0x0;
    warnx("requesting an unsupported configuration. This is likely to break in the future and leave your machine in an unknown state.");
    rbx = strtok(*(r15 + r13 * 0x8 + 0x8), ",");
    if (rbx == 0x0) goto loc_100001b09;

 loc_100001ab9:
    r14 = 0x0;
    goto loc_100001abc;

 loc_100001abc:
    r15 = 0x10;
    r13 = 0x0;
    do {
            if (strcmp(*(r15 + objc_cls_ref_NSString), rbx) == 0x0) {
                    r13 = *(int32_t *)(r15 + 0x1000032a0);
            }
            r15 = r15 + 0x18;
    } while (r15 != 0xa0);
    if (r13 == 0x0) goto loc_100001ed5;

 loc_100001af0:
    r14 = r14 | r13;
    rbx = strtok(0x0, ",");
    if (rbx != 0x0) goto loc_100001abc;

 loc_100001b09:
    rax = var_C0 + 0x1;
    rdi = var_C8 | r14;
    r15 = var_D8;
    r14 = var_CC;
    goto loc_100001b39;

 loc_100001b39:
    rax = rax + 0x1;
    if (rax < r14) goto loc_100001a3c;

 loc_100001b44:
    if (sub_100001ff8(rdi) != 0x0) goto loc_100001f13;

 loc_100001b51:
    rdi = "Successfully enabled System Integrity Protection. Please restart the machine for the changes to take effect.";
    goto loc_100001b58;

 loc_100001b58:
    puts(rdi);
    goto loc_100001b5d;

 loc_100001f13:
    rsi = "failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.";
    goto loc_100001f23;

 loc_100001f23:
    rax = errx(0x4d, rsi);
    return rax;

 loc_100001ed5:
    rdi = "invalid option %s.";
    goto loc_100001edc;

 loc_100001b2a:
    rdi = var_C8 & 0xffffffef;
    rax = var_C0;
    goto loc_100001b39;

 loc_100001965:
    var_B0 = 0x0;
    rax = csr_get_active_config(&var_B0, "disable");
    r12 = 0x77;
    if (rax == 0x0) {
            r12 = 0x200 & var_B0 | 0x77;
    }
    if (r14 < 0x2) goto loc_1000019c8;

 loc_100001998:
    r14 = sign_extend_64(r14);
    rbx = 0x1;
    goto loc_1000019a0;

 loc_1000019a0:
    r13 = *(r15 + rbx * 0x8 + 0x8);
    if (strcmp(r13, "--no-internal") != 0x0) goto loc_100001ee6;

 loc_1000019bc:
    r12 = r12 & 0xffffffef;
    rbx = rbx + 0x1;
    if (rbx < r14) goto loc_1000019a0;

 loc_1000019c8:
    if (sub_100001ff8(r12) != 0x0) goto loc_100001f13;

 loc_1000019d8:
    rdi = "Successfully disabled System Integrity Protection. Please restart the machine for the changes to take effect.";
    goto loc_100001b58;

 loc_10000193f:
    if (geteuid() != 0x0) goto loc_100001f1c;

 loc_10000194c:
    rax = sub_100001f8a();
    if (rax != 0x0) goto loc_100001f2f;

 loc_100001959:
    rdi = "Successfully cleared System Integrity Protection. Please restart the machine for the changes to take effect.";
    goto loc_100001b58;

 loc_100001f2f:
    rax = errx(0x4d, "failed to clear system integrity configuration. %s", mach_error_string(rax));
    return rax;

 loc_100001f1c:
    rsi = "failed to clear system integrity configuration. This tool needs to be run as root.";
    goto loc_100001f23;
 }
	int csrutil_EntryPoint(int arg0, int arg1) {
	rsi = arg1;
	r15 = rsi;
	r12 = arg0;
	if (r12 == 0x1) goto loc_100001f05;

	loc_10000184d:
	rbx = *(r15 + 0x8);
	if (strcmp(rbx, "clear") == 0x0) goto loc_10000193f;

	loc_100001868:
	r14 = r12 - 0x1;
	if (strcmp(rbx, "disable") == 0x0) goto loc_100001965;

	loc_100001884:
	r15 = r15 + 0x8;
	if (strcmp(rbx, "enable") == 0x0) goto loc_1000019e4;

	loc_10000189f:
	if (strcmp(rbx, "netboot") == 0x0) goto loc_100001b85;

	loc_1000018b6:
	if (strcmp(rbx, "report") == 0x0) goto loc_100001b92;

	loc_1000018cd:
	if (strcmp(rbx, "status") != 0x0) goto loc_100001f62;

	loc_1000018e4:
	var_B4 = 0x0;
	rax = csr_get_active_config(&var_B4, "status");
	if (rax != 0x0) goto loc_100001f4f;

	loc_1000018fe:
	printf("System Integrity Protection status: ");
	rax = var_B4;
	if (rax <= 0x66) {
	if (rax != 0x0) {
	if (rax == 0x10) {
	rsi = "status";
	rdi = "enabled (Apple Internal).";
	}
	else {
	puts("enabled (Custom Configuration).\n");
	puts("Configuration:");
	rsi = "disabled";
	if ((var_B4 & 0x10) != 0x0) {
	rsi = "enabled";
	}
	printf("\tApple Internal: %s\n", rsi);
	rbx = 0x10;
	do {
	rsi = *(rbx + objc_cls_ref_NSMutableArray);
	rdx = "enabled";
	if ((var_B4 & (int32_t )(rbx + 0x1000032a0)) != 0x0) {
	rdx = "disabled";
	}
	printf("\t%s: %s\n", rsi, rdx);
	rbx = rbx + 0x18;
	} while (rbx != 0xa0);
	rdi = "\nThis is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.";
	}
	}
	else {
	rsi = "status";
	rdi = "enabled.";
	}
	}
	else {
	if (rax != 0x67) {
	if (rax == 0x77) {
	rsi = "status";
	rdi = "disabled (Apple Internal).";
	}
	else {
	puts("enabled (Custom Configuration).\n");
	puts("Configuration:");
	rsi = "disabled";
	if ((var_B4 & 0x10) != 0x0) {
	rsi = "enabled";
	}
	printf("\tApple Internal: %s\n", rsi);
	rbx = 0x10;
	do {
	rsi = *(rbx + objc_cls_ref_NSMutableArray);
	rdx = "enabled";
	if ((var_B4 & (int32_t )(rbx + 0x1000032a0)) != 0x0) {
	rdx = "disabled";
	}
	printf("\t%s: %s\n", rsi, rdx);
	rbx = rbx + 0x18;
	} while (rbx != 0xa0);
	rdi = "\nThis is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.";
	}
	}
	else {
	rsi = "status";
	rdi = "disabled.";
	}
	}
	puts(rdi);
	r15 = [sub_1000020f6(rdi, rsi, rdx, rcx) retain];
	if (r15 == 0x0) goto loc_100001f4f;

	loc_100001cfb:
	rbx = [[r15 objectForKeyedSubscript:@"netboot-sources"] retain];
	r12 = [rbx count];
	[rbx release];
	if (r12 != 0x0) {
	putchar(0xa);
	puts("Allowed NetBoot sources:");
	(int128_t )(&var_120 + 0x30) = intrinsic_movaps((int128_t )(&var_120 + 0x30), 0x0);
	(int128_t )(&var_120 + 0x20) = intrinsic_movaps((int128_t )(&var_120 + 0x20), 0x0);
	(int128_t )(&var_120 + 0x10) = intrinsic_movaps((int128_t )(&var_120 + 0x10), 0x0);
	var_120 = intrinsic_movaps(var_120, 0x0);
	var_C8 = r15;
	rax = [r15 objectForKeyedSubscript:@"netboot-sources"];
	rax = [rax retain];
	var_C0 = rax;
	rax = [rax countByEnumeratingWithState:&var_120 objects:&var_B0 count:0x10];
	rbx = rax;
	if (rbx != 0x0) {
	r13 = *_objc_msgSend;
	r15 = **(&var_120 + 0x10);
	do {
	r14 = r13;
	r13 = 0x0;
	do {
	if (*var_110 != r15) {
	objc_enumerationMutation(var_C0);
	}
	printf(" %s\n", (r14)(objc_retainAutorelease((var_118 + r13 0x8)), @selector(UTF8String)));
	r13 = r13 + 0x1;
	} while (r13 < rbx);
	r13 = r14;
	rax = (r13)(var_C0, @selector(countByEnumeratingWithState:objects:count:), &var_120, &var_B0, 0x10);
	rbx = rax;
	} while (rbx != 0x0);
	}
	[var_C0 release];
	r15 = var_C8;
	}
	[r15 release];
	goto loc_100001b5d;

	loc_100001b5d:
	if (___stack_chk_guard == ___stack_chk_guard) {
	rax = 0x0;
	}
	else {
	rax = __stack_chk_fail();
	}
	return rax;

	loc_100001f4f:
	rax = errx(0x45, "failed to retrieve system integrity configuration.");
	return rax;

	loc_100001f62:
	rdi = "invalid command %s";
	goto loc_100001edc;

	loc_100001edc:
	sub_100001744(rdi, rbx, rdx, rcx, r8, r9, var_120);
	goto loc_100001ee6;

	loc_100001ee6:
	rsi = r13;
	sub_100001744("invalid option %s.", rsi, rdx, rcx, r8, r9, var_120);
	goto loc_100001ef7;

	loc_100001ef7:
	sub_100001744("--without requires an argument.", rsi, rdx, rcx, r8, r9, var_120);
	goto loc_100001f05;

	loc_100001f05:
	sub_100001744(0x0, rsi, rdx, rcx, r8, r9, var_120);
	rax = __stack_chk_fail();
	return rax;

	loc_100001b92:
	var_B0 = 0x0;
	rax = csr_get_active_config(&var_B0, "report");
	if (rax != 0x0) goto loc_100001f4f;

	loc_100001bac:
	r14 = msgtracer_domain_new("com.apple.security.csr-config", "report");
	if (r14 == 0x0) goto loc_100001f6e;

	loc_100001bcb:
	rbx = msgtracer_msg_new(r14, "report");
	if (rbx == 0x0) goto loc_100001f77;

	loc_100001bdf:
	rax = var_B0;
	msgtracer_set(rbx, "com.apple.message.signature");
	msgtracer_log(rbx, 0x5, "");
	msgtracer_msg_free(rbx);
	msgtracer_domain_free(r14);
	goto loc_100001b5d;

	loc_100001f77:
	rsi = "failed to create report message.";
	goto loc_100001f7e;

	loc_100001f7e:
	rax = errx(0x47, rsi);
	return rax;

	loc_100001f6e:
	rsi = "failed to create reporting domain.";
	goto loc_100001f7e;

	loc_100001b85:
	sub_1000011f6(r14, r15);
	goto loc_100001b5d;

	loc_1000019e4:
	var_B0 = 0x0;
	rax = csr_get_active_config(&var_B0);
	rdi = 0x10;
	if (rax == 0x0) {
	rdi = 0x200 & var_B0 \| 0x10;
	}
	if (r14 < 0x2) goto loc_100001b44;

	loc_100001a17:
	var_E0 = r12 - 0x2;
	rax = 0x1;
	var_D8 = r15;
	var_CC = r14;
	goto loc_100001a3c;

	loc_100001a3c:
	var_C8 = rdi;
	var_C0 = rax;
	r13 = sign_extend_64(rax);
	rbx = (r15 + r13 0x8);
	if (strcmp(rbx, "--no-internal") == 0x0) goto loc_100001b2a;

	loc_100001a66:
	if (strcmp(rbx, "--without") != 0x0) goto loc_100001ed5;

	loc_100001a7d:
	rsi = "--without";
	if (var_C0 == var_E0) goto loc_100001ef7;

	loc_100001a8f:
	r14 = 0x0;
	warnx("requesting an unsupported configuration. This is likely to break in the future and leave your machine in an unknown state.");
	rbx = strtok((r15 + r13 0x8 + 0x8), ",");
	if (rbx == 0x0) goto loc_100001b09;

	loc_100001ab9:
	r14 = 0x0;
	goto loc_100001abc;

	loc_100001abc:
	r15 = 0x10;
	r13 = 0x0;
	do {
	if (strcmp(*(r15 + objc_cls_ref_NSString), rbx) == 0x0) {
	r13 = (int32_t )(r15 + 0x1000032a0);
	}
	r15 = r15 + 0x18;
	} while (r15 != 0xa0);
	if (r13 == 0x0) goto loc_100001ed5;

	loc_100001af0:
	r14 = r14 \| r13;
	rbx = strtok(0x0, ",");
	if (rbx != 0x0) goto loc_100001abc;

	loc_100001b09:
	rax = var_C0 + 0x1;
	rdi = var_C8 \| r14;
	r15 = var_D8;
	r14 = var_CC;
	goto loc_100001b39;

	loc_100001b39:
	rax = rax + 0x1;
	if (rax < r14) goto loc_100001a3c;

	loc_100001b44:
	if (sub_100001ff8(rdi) != 0x0) goto loc_100001f13;

	loc_100001b51:
	rdi = "Successfully enabled System Integrity Protection. Please restart the machine for the changes to take effect.";
	goto loc_100001b58;

	loc_100001b58:
	puts(rdi);
	goto loc_100001b5d;

	loc_100001f13:
	rsi = "failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.";
	goto loc_100001f23;

	loc_100001f23:
	rax = errx(0x4d, rsi);
	return rax;

	loc_100001ed5:
	rdi = "invalid option %s.";
	goto loc_100001edc;

	loc_100001b2a:
	rdi = var_C8 & 0xffffffef;
	rax = var_C0;
	goto loc_100001b39;

	loc_100001965:
	var_B0 = 0x0;
	rax = csr_get_active_config(&var_B0, "disable");
	r12 = 0x77;
	if (rax == 0x0) {
	r12 = 0x200 & var_B0 \| 0x77;
	}
	if (r14 < 0x2) goto loc_1000019c8;

	loc_100001998:
	r14 = sign_extend_64(r14);
	rbx = 0x1;
	goto loc_1000019a0;

	loc_1000019a0:
	r13 = (r15 + rbx 0x8 + 0x8);
	if (strcmp(r13, "--no-internal") != 0x0) goto loc_100001ee6;

	loc_1000019bc:
	r12 = r12 & 0xffffffef;
	rbx = rbx + 0x1;
	if (rbx < r14) goto loc_1000019a0;

	loc_1000019c8:
	if (sub_100001ff8(r12) != 0x0) goto loc_100001f13;

	loc_1000019d8:
	rdi = "Successfully disabled System Integrity Protection. Please restart the machine for the changes to take effect.";
	goto loc_100001b58;

	loc_10000193f:
	if (geteuid() != 0x0) goto loc_100001f1c;

	loc_10000194c:
	rax = sub_100001f8a();
	if (rax != 0x0) goto loc_100001f2f;

	loc_100001959:
	rdi = "Successfully cleared System Integrity Protection. Please restart the machine for the changes to take effect.";
	goto loc_100001b58;

	loc_100001f2f:
	rax = errx(0x4d, "failed to clear system integrity configuration. %s", mach_error_string(rax));
	return rax;

	loc_100001f1c:
	rsi = "failed to clear system integrity configuration. This tool needs to be run as root.";
	goto loc_100001f23;
	}