osx-serial-generator/README.md

559 lines
19 KiB
Markdown
Raw Permalink Normal View History

# OSX Serial Generator
![Running mac osx in a docker container](/running-mac-inside-docker-qemu.png?raw=true "OSX KVM DOCKER")
Generate macOS valid serials, uuids, and board serials for good-faith Security Research & Apple Bug Bounty Research.
2021-03-08 13:57:49 +00:00
This project provides two tools for generating serial numbers for Hackintosh, [OpenCore](https://github.com/acidanthera/OpenCorePkg), [Docker-OSX](https://github.com/sickcodes/Docker-OSX) and [OSX-KVM](https://github.com/kholia/OSX-KVM).
Author: Sick.Codes https://github.com/sickcodes | https://sick.codes | https://twitter.com/sickcodes
2021-03-08 14:13:42 +00:00
### Follow @sickcodes on Twitter for updates! [https://twitter.com/sickcodes](https://twitter.com/sickcodes)
Terms & Conditions: Manipulation of serial numbers are an important aspect of conducting Cyber Security Research into the iMessage & Facetime frameworks. Finding and reporting vulnerabilities in Apple software before Threat Actors do is important. To use this project to find & discover vulnerabilities in said protocols, you should agree to [Apple's Security Bounty program](https://developer.apple.com/security-bounty/requirements/).
2021-03-08 13:57:49 +00:00
2021-03-22 14:54:38 +00:00
### Upstream Thanks
This project was created for use with [Docker-OSX](https://github.com/sickcodes/Docker-OSX) and uses `config.plist` files from [@Kholia](https://github.com/kholia)'s project https://github.com/kholia/OSX-KVM.
2021-03-22 14:54:38 +00:00
The `config.plist` files are also curated and maintained upstream by [@thenickdude](https://github.com/thenickdude) and we thank both of them for their excellent work. Upstream KVM changes are made at: [https://github.com/thenickdude/KVM-Opencore](https://github.com/thenickdude/KVM-Opencore)
This project is a wrapper for the [OpenCore project](https://dortania.github.io/getting-started/) bootloader's fantastic tool called [macserial](https://github.com/acidanthera/OpenCorePkg/tree/master/Utilities/macserial).
Many thanks to the [OpenCore Project](https://dortania.github.io/getting-started/) for providing `macserial`.
2021-03-22 14:54:38 +00:00
See the project which drives Hackintosh: [https://github.com/acidanthera/OpenCorePkg](https://github.com/acidanthera/OpenCorePkg)
As seen on Vice: [Open-Source App Lets Anyone Create a Virtual Army of Hackintoshes](https://www.vice.com/en/article/akdmb8/open-source-app-lets-anyone-create-a-virtual-army-of-hackintoshes)
2021-03-22 14:54:38 +00:00
### PR & Contributor Credits
https://github.com/sickcodes/osx-serial-generator/blob/master/CREDITS.md
## Related
- [Docker-OSX](https://github.com/sickcodes/Docker-OSX)
- [OSX-KVM](https://github.com/kholia/OSX-KVM)
- [KVM-Opencore](https://github.com/thenickdude/KVM-Opencore)
- [OpenCore](https://github.com/acidanthera/OpenCorePkg)
- [Hackintosh](https://www.reddit.com/r/hackintosh/)
# Purpose
These shell scripts were written by [@sickcodes](https://github.com/sickcodes) [https://twitter.com/sickcodes](https://twitter.com/sickcodes) and were created for automating the generation of unique & valid values at runtime in [Docker-OSX](https://github.com/sickcodes/Docker-OSX).
This is for generating sets of serial numbers that simply work.
If this is your first time, just `bash ./generate-unique-machine-values.sh` and you will be given 1 complete serial number set.
2021-03-08 14:13:42 +00:00
With your new serial numbers, you can:
- put them in your existing `config.plist` and reboot
- tell the script to make a new `OpenCore.qcow2`
- output as TSV and CSV, and more!
- use `--help` to see all available goodies
2021-03-08 14:13:42 +00:00
Used at runtime in [Docker-OSX](https://github.com/sickcodes/Docker-OSX).
- [https://github.com/kholia/OSX-KVM](https://github.com/kholia/OSX-KVM): "Run macOS on QEMU/KVM. With OpenCore + Big Sur support now! Only commercial (paid) support is available."
- [https://github.com/sickcodes/Docker-OSX](https://github.com/sickcodes/Docker-OSX): "Run Mac in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X!"
- [https://github.com/thenickdude/KVM-Opencore](https://github.com/thenickdude/KVM-Opencore): "OpenCore disk image for Proxmox/QEMU"
# Requirements
```bash
# Ubuntu, Debian, Pop
2021-03-08 14:24:00 +00:00
sudo apt update -y
sudo apt install libguestfs-tools build-essential wget git linux-generic gcc uuid-runtime sudo -y
# Fedora, RHEL, CentOS
sudo yum install libguestfs libguestfs-tools wget git kernel-devel gcc sudo -y
sudo yum groupinstall 'Development Tools' -y
# Arch, Manjaro
sudo pacman -Sy libguestfs wget git base-devel linux gcc sudo
```
# Generating New Unique Serial Numbers
Example
```bash
# make 1 full serial set
2021-03-08 14:13:42 +00:00
./generate-unique-machine-values.sh \
-c 1 \
--model="iMacPro1,1"
```
Done!
2021-03-08 14:29:02 +00:00
CSV file and TSV file should be saved in your current working directory.
Slip those values into your config.plist and reboot!
2021-03-08 14:13:42 +00:00
## Extended options - Automation?
### Need more serials?
```bash
git clone https://github.com/sickcodes/osx-serial-generator
cd osx-serial-generator
# make 100 serial sets
2021-03-08 14:13:42 +00:00
./generate-unique-machine-values.sh \
-c 100 \
--model="iMacPro1,1"
```
2021-03-08 14:29:02 +00:00
### Want to make 50 OpenCore bootdisks AND 50 output plists?
```bash
2021-03-08 14:13:42 +00:00
# make 5 serial sets
# but also make config.plist for each set
# and OpenCore-nopicker.qcow2 for each serial set.
./generate-unique-machine-values.sh \
2021-03-08 14:29:02 +00:00
-c 50 \
2021-03-08 14:13:42 +00:00
--create-plists \
--create-bootdisks
```
## Already have your own `config.plist`?
If you want to automate creating the qcow bootdisk each time, you can use placeholders and let this script build the image each time you change anything.
2021-03-08 14:13:42 +00:00
If you want to use placeholders, you can supply that to either of the scripts in this repo and use:
`--custom-plist=./my_config.plist`
```bash
2021-03-08 14:13:42 +00:00
# make 5 serial sets
# but also use my config.plist for each set
# AND make qcow2 image for each set!
./generate-unique-machine-values.sh \
-c 5 \
--custom-plist=./my_config.plist \
--create-bootdisks
```
2021-03-08 14:13:42 +00:00
You can also use an URL for the input plist using:
`--master-plist-url`.
Or you can manually enter the values generated above:
```xml
2021-03-08 14:13:42 +00:00
<key>MLB</key>
<string>{{BOARD_SERIAL}}</string>
<key>ROM</key>
<data>{{ROM}}</data>
<key>SpoofVendor</key>
<true/>
<key>SystemProductName</key>
<string>{{DEVICE_MODEL}}</string>
<key>SystemSerialNumber</key>
<string>{{SERIAL}}</string>
<key>SystemUUID</key>
<string>{{UUID}}</string>
...
...
...
<string>{{WIDTH}}x{{HEIGHT}}@32</string>
2021-12-19 18:50:54 +00:00
...
...
...
<key>boot-args</key>
<string>-v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}}</string>
```
```
{{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}},
2021-12-19 18:50:54 +00:00
{{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}}, {{KERNEL_ARGS}}
```
```bash
General options:
--count, -n, -c <count> Number of serials to generate
--model, -m <model> Device model, e.g. 'iMacPro1,1'
--csv <filename> Optionally change the CSV output filename
--tsv <filename> Optionally change the TSV output filename
--output-dir <directory> Optionally change the script output location
--width <string> Resolution x axis length in px, default 1920
--height <string> Resolution y axis length in px, default 1080
2021-12-19 18:50:54 +00:00
--kernel-args <string> Additional boot-args
--master-plist-url <url> Specify an alternative master plist, via URL
--master-plist <filename> Optionally change the input plist
--custom-plist <filename> Same as --master-plist
--output-bootdisk <filename> Optionally change the bootdisk filename
--envs Create all corresponding sourcable envs
--plists Create all corresponding config.plists
--bootdisks Create all corresponding bootdisks [SLOW]
--help, -h, help Display this help and exit
Additional options only if you are creating ONE serial set:
--output-bootdisk <filename> Optionally change the bootdisk filename
--output-env <filename> Optionally change the serials env filename
Custom plist placeholders:
{{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}},
2021-12-19 18:50:54 +00:00
{{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}}, {{KERNEL_ARGS}}
Example:
./generate-unique-machine-values.sh --count 1 --plists --bootdisks --envs
Defaults:
- One serial, for 'iMacPro1,1', in the current working directory
- CSV and TSV output
- plists in ./plists/ & bootdisks in ./bootdisks/ & envs in ./envs
- if you set --bootdisk name, --bootdisks is assumed
- if you set --custom-plist, --plists is assumed
- if you set --output-env, --envs is assumed
```
# Generating A Bootdisk Using Specific Serial Numbers
If you already know the serial numbers, or you've generated them above in the past, then you can use this script:
```bash
Required options:
--model <string> Device model, e.g. 'iMacPro1,1'
--serial <string> Device Serial number
--board-serial <string> Main Logic Board Serial number (MLB)
--uuid <string> SMBIOS UUID (SmUUID)
--mac-address <string> Used for both the MAC address and to set ROM
ROM is lowercased sans any colons
Optional options:
--width <integer> Resolution x axis length in px, default 1920
--height <integer> Resolution y axis length in px, default 1080
2021-12-19 18:50:54 +00:00
--kernel-args <string> Additional boot-args
--master-plist-url <url> Specify an alternative master plist, via URL
--custom-plist <filename>
|| --master-plist <filename> Optionally change the input plist.
--output-bootdisk <filename> Optionally change the bootdisk filename
--output-plist <filename> Optionally change the output plist filename
--help, -h, help Display this help and exit
Placeholders: {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, {{UUID}},
2021-12-19 18:50:54 +00:00
{{ROM}}, {{WIDTH}}, {{HEIGHT}}, {{KERNEL_ARGS}}
2021-03-08 14:13:42 +00:00
```
2021-03-08 14:13:42 +00:00
Example using your serials generated earlier:
2021-03-08 14:13:42 +00:00
```bash
CUSTOM_PLIST=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist
./generate-specific-bootdisk.sh \
--input-plist-url="${CUSTOM_PLIST}" \
--model iMacPro1,1 \
--serial C02TW0WAHX87 \
--board-serial C027251024NJG36UE \
--uuid 5CCB366D-9118-4C61-A00A-E5BAF3BED451 \
--mac-address A8:5C:2C:9A:46:2F \
--output-bootdisk ./OpenCore-nopicker.qcow2 \
--width 1920 \
2021-12-19 18:50:54 +00:00
--height 1080 \
--kernel-args "-pmap_trace"
```
# Examples from Docker-OSX
In the case example of why these scripts were written is:
`GENERATE_UNIQUE` is used as a Docker argument to randomly generate 1 set at runtime, for every new container.
`GENERATE_SPECIFIC` is used to specify an already known model, serial, board-serial, uuid and MAC address.
```bash
[[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" 2>/dev/null \
; ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}"
```
# Special Update Notes
2021-10-28 - `OpenCore-Catalina/OpenCore.qcow2` was moved to `OpenCore/OpenCore.qcow2` in [https://github.com/kholia/OSX-KVM/commit/1cc6430f96b452cb78b9a079c34bb9933144ce18](https://github.com/kholia/OSX-KVM/commit/1cc6430f96b452cb78b9a079c34bb9933144ce18)
2021-06-15 13:55:21 +00:00
2021-06-15 - On June 15th 2021 we updated the config.plist from v12 to v13 via [@thenickdude](https://github.com/thenickdude)'s upstream `config.plist` files from [KVM-Opencore](https://github.com/thenickdude/KVM-Opencore).
```bash
wget https://github.com/thenickdude/KVM-Opencore/compare/v12...v13.patch
patch -F 10 -p1 --verbose config-nopicker-custom.plist v12...v13.patch
patch -F 10 -p1 --verbose config-custom.plist v12...v13.patch
```
Rejected patch lines:
```patch
--- EFI/OC/config.plist
+++ EFI/OC/config.plist
@@ -644,43 +644,6 @@
</array>
<key>Patch</key>
<array>
- <dict>
- <key>Arch</key>
- <string>Any</string>
- <key>Base</key>
- <string>_cpu_topology_sort</string>
- <key>Comment</key>
- <string>algrey - cpu_topology_sort -disable _x86_validate_topology</string>
- <key>Count</key>
- <integer>1</integer>
- <key>Enabled</key>
- <true/>
- <key>Find</key>
- <data>
- 6AAA//8=
- </data>
- <key>Identifier</key>
- <string>kernel</string>
- <key>Limit</key>
- <integer>0</integer>
- <key>Mask</key>
- <data>
- /wAA//8=
- </data>
- <key>MaxKernel</key>
- <string>20.99.99</string>
- <key>MinKernel</key>
- <string>17.0.0</string>
- <key>Replace</key>
- <data>
- Dx9EAAA=
- </data>
- <key>ReplaceMask</key>
- <data>
- </data>
- <key>Skip</key>
- <integer>0</integer>
- </dict>
<dict>
<key>Arch</key>
<string>Any</string>
@@ -922,17 +891,19 @@
<key>Arguments</key>
<string></string>
<key>Auxiliary</key>
- <false/>
+ <true/>
<key>Comment</key>
<string>Memory testing utility</string>
<key>Enabled</key>
<false/>
+ <key>Flavour</key>
+ <string>MemTest</string>
<key>Name</key>
- <string>memcheck</string>
+ <string>memtest86</string>
<key>Path</key>
- <string>memcheck/memcheck.efi</string>
+ <string>memtest86/BOOTX64.efi</string>
<key>RealPath</key>
- <false/>
+ <true/>
<key>TextMode</key>
<false/>
</dict>
@@ -981,11 +954,13 @@
<key>boot-args</key>
<string>keepsyms=1</string>
<key>csr-active-config</key>
- <data>AAAAAA==</data>
+ <data>Jg8=</data>
<key>prev-lang:kbd</key>
<data>ZW4tVVM6MA==</data>
<key>run-efi-updater</key>
<string>No</string>
+ <key>ForceDisplayRotationInEFI</key>
+ <integer>0</integer>
</dict>
</dict>
<key>Delete</key>
--- Makefile
+++ Makefile
@@ -63,7 +63,7 @@ OpenCore-$(RELEASE_VERSION).iso : OpenCore-$(RELEASE_VERSION).dmg
OpenCoreEFIFolder-$(RELEASE_VERSION).zip : Makefile $(EFI_FILES)
rm -f $@
- zip -r $@ EFI
+ zip -X -r $@ EFI
%.gz : %
gzip -f --keep $<
--- src/AppleALC
+++ src/AppleALC
@@ -1 +1 @@
-Subproject commit 3c2f6315e6aed0cc3c45a9f01f84ef42fb497044
+Subproject commit 93be275a4495a1bdb7ff2c3238053f66b9c5195d
--- src/Lilu
+++ src/Lilu
@@ -1 +1 @@
-Subproject commit 5aeba9f98106a5a8a3057712b74e1608faf5e276
+Subproject commit 614712caa9d84b6e90305839bd74f3872a44a522
--- src/MacKernelSDK
+++ src/MacKernelSDK
@@ -1 +1 @@
-Subproject commit 2b584e8e2081ed22fc619151518921c8636d4639
+Subproject commit e73a6fcd42c94b6a908ad9fe197034c8f4bf442a
--- src/OcBinaryData
+++ src/OcBinaryData
@@ -1 +1 @@
-Subproject commit ccf3d0c36784100293ccfb2865e10cd37f7a78ee
+Subproject commit 6dd2d92383edee522052ebbe2c634c92894b37e6
--- src/OpenCorePkg
+++ src/OpenCorePkg
@@ -1 +1 @@
-Subproject commit 5668fb62b50e8141d93ae6fce3e3fe238822f6ef
+Subproject commit ae515dd0b1efe79940ce94bfd235399ba873a3f0
--- src/VirtualSMC
+++ src/VirtualSMC
@@ -1 +1 @@
-Subproject commit 2a7455daf65c356c867a1d65b8f2520ae575ee3e
+Subproject commit 30a3fa2bd920a15e41ef1439585bcc19885b89e3
--- src/WhateverGreen
+++ src/WhateverGreen
@@ -1 +1 @@
-Subproject commit 1daa2563b5e6e40f195aba5dc006e14c1d55dfd6
+Subproject commit 79efd986ac5f4f17e09b880f25ea45be64863b2f
```
Delete lines 641 - 675 in both `config-custom.plist` and `config-nopicker-custom.plist` which is `_cpu_topology_sort`.
Add
```diff
+ <key>ForceDisplayRotationInEFI</key>
+ <integer>0</integer>
```
-----------------
2021-05-04 - On May 4th 2021 we updated from v11 to v12 via [@thenickdude](https://github.com/thenickdude)'s upstream `config.plist` files from [KVM-Opencore](https://github.com/thenickdude/KVM-Opencore).
As seen in a PR to OSX-KVM upstream: [https://github.com/kholia/OSX-KVM/pull/173](https://github.com/kholia/OSX-KVM/pull/173)
```bash
wget https://github.com/thenickdude/KVM-Opencore/compare/v11...v12.patch
patch -F 10 -p1 --verbose config-nopicker-custom.plist v11...v12.patch
patch -F 10 -p1 --verbose config-custom.plist v11...v12.patch
```
Rejected patch lines:
```patch
--- EFI/OC/config.plist
+++ EFI/OC/config.plist
@@ -224,17 +344,17 @@
</dict>
<dict>
<key>Base</key>
- <string></string>
+ <string>\_SB.PCI0.LPCB.HPET</string>
<key>BaseSkip</key>
<integer>0</integer>
<key>Comment</key>
- <string>_Q12 to XQ12</string>
+ <string>HPET _CRS to XCRS</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<false/>
<key>Find</key>
- <data>X1ExMg==</data>
+ <data>X0NSUw==</data>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
@@ -1056,9 +1302,9 @@
<key>AppleEvent</key>
<string>Builtin</string>
<key>CustomDelays</key>
- <string>Auto</string>
+ <false/>
<key>KeyInitialDelay</key>
- <integer>0</integer>
+ <integer>50</integer>
<key>KeySubsequentDelay</key>
<integer>5</integer>
<key>PointerSpeedDiv</key>
--- src/OpenCorePkg
+++ src/OpenCorePkg
@@ -1 +1 @@
-Subproject commit 5cd223f03dd555c2ad0c6f45181808a5105bb605
+Subproject commit 5668fb62b50e8141d93ae6fce3e3fe238822f6ef
```
Replaced
```xml
<key>Comment</key>
<string>_Q12 to XQ12</string>
```
with
```xml
<key>Base</key>
<string>\_SB.PCI0.LPCB.HPET</string>
<key>BaseSkip</key>
<integer>0</integer>
<key>Comment</key>
<string>HPET _CRS to XCRS</string>
```
and
```diff
- <data>X1ExMg==</data>
+ <data>X0NSUw==</data>
```
Ignored:
```diff
@@ -1056,9 +1302,9 @@
<key>AppleEvent</key>
<string>Builtin</string>
<key>CustomDelays</key>
- <string>Auto</string>
+ <false/>
<key>KeyInitialDelay</key>
- <integer>0</integer>
+ <integer>50</integer>
<key>KeySubsequentDelay</key>
<integer>5</integer>
<key>PointerSpeedDiv</key>
```
-----------------