rainyx · December 3, 2020 04:44
diff --git a/bypass64.sh b/bypass64.sh
 #/bin/bash
 echo Please type an input file path. \(e.g. "/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib"\)
 read input_file
 #input_file='/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib'
 sym_addr=$(nm -a -P -t d $input_file | grep -m 1 '__ZN12tls_stream_t18verify_certificateEv' | awk '{print $3}')
 if [ ! $sym_addr ]
 then
  echo Symbol \"tls_stream_t::verify_certificate\" can not found in the input file.
  exit
 fi
 bytes=$(xxd -p -l 3 -s $sym_addr $input_file)
 if [ $bytes == 'c20000' ] # c20000 means retn 0 for x64.
 then
  echo The input file has already been patched!
  exit
 fi

 echo Symbol \"tls_stream_t::verify_certificate\" address is $(printf "0x%016x" $sym_addr), start patching.
 backup_file=$input_file"_bak"

 cp $input_file $backup_file

 printf '\xc2\x00\x00' | dd of=$input_file bs=1 count=3 seek=$sym_addr conv=notrunc

 echo Done, backup file created at \"$backup_file\".
	#/bin/bash
	echo Please type an input file path. \(e.g. "/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib"\)
	read input_file
	#input_file='/Applications/ida750/ida.app/Contents/MacOS/libida64.dylib'
	sym_addr=$(nm -a -P -t d $input_file \| grep -m 1 '__ZN12tls_stream_t18verify_certificateEv' \| awk '{print $3}')
	if [ ! $sym_addr ]
	then
	echo Symbol \"tls_stream_t::verify_certificate\" can not found in the input file.
	exit
	fi
	bytes=$(xxd -p -l 3 -s $sym_addr $input_file)
	if [ $bytes == 'c20000' ] # c20000 means retn 0 for x64.
	then
	echo The input file has already been patched!
	exit
	fi

	echo Symbol \"tls_stream_t::verify_certificate\" address is $(printf "0x%016x" $sym_addr), start patching.
	backup_file=$input_file"_bak"

	cp $input_file $backup_file

	printf '\xc2\x00\x00' \| dd of=$input_file bs=1 count=3 seek=$sym_addr conv=notrunc

	echo Done, backup file created at \"$backup_file\".