14 KiB
OSX Serial Generator
Generate macOS valid serials, uuids, and board serials for good-faith Security Research & Apple Bug Bounty Research.
This project provides two tools for generating serial numbers for Hackintosh, OpenCore, Docker-OSX and OSX-KVM.
Author: Sick.Codes https://github.com/sickcodes | https://sick.codes | https://twitter.com/sickcodes
Follow @sickcodes on Twitter for updates! https://twitter.com/sickcodes
Terms & Conditions: Manipulation of serial numbers are an important aspect of conducting Cyber Security Research into the iMessage & Facetime frameworks. Finding and reporting vulnerabilities in Apple software before Threat Actors do is important. To use this project to find & discover vulnerabilities in said protocols, you should agree to Apple's Security Bounty program.
Upstream Thanks
This project was created for use with Docker-OSX and uses config.plist files from @Kholia's project https://github.com/kholia/OSX-KVM.
The config.plist files are also curated and maintained upstream by @thenickdude and we thank both of them for their excellent work. Upstream KVM changes are made at: https://github.com/thenickdude/KVM-Opencore
This project is a wrapper for the OpenCore project bootloader's fantastic tool called macserial.
Many thanks to the OpenCore Project for providing macserial.
See the project which drives Hackintosh: https://github.com/acidanthera/OpenCorePkg
As seen on Vice: Open-Source App Lets Anyone Create a Virtual Army of Hackintoshes
PR & Contributor Credits
https://github.com/sickcodes/osx-serial-generator/blob/master/CREDITS.md
Related
Purpose
These shell scripts were written by @sickcodes https://twitter.com/sickcodes and were created for automating the generation of unique & valid values at runtime in Docker-OSX.
This is for generating sets of serial numbers that simply work.
If this is your first time, just bash ./generate-unique-machine-values.sh and you will be given 1 complete serial number set.
With your new serial numbers, you can:
- put them in your existing
config.plistand reboot - tell the script to make a new
OpenCore.qcow2 - output as TSV and CSV, and more!
- use
--helpto see all available goodies
Used at runtime in Docker-OSX.
-
https://github.com/kholia/OSX-KVM: "Run macOS on QEMU/KVM. With OpenCore + Big Sur support now! Only commercial (paid) support is available."
-
https://github.com/sickcodes/Docker-OSX: "Run Mac in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X!"
-
https://github.com/thenickdude/KVM-Opencore: "OpenCore disk image for Proxmox/QEMU"
Requirements
# Ubuntu, Debian, Pop
sudo apt update -y
sudo apt install libguestfs-tools build-essential wget git linux-generic sudo -y
# Fedora, RHEL, CentOS
sudo yum install libguestfs libguestfs-tools wget git kernel-devel sudo -y
sudo yum groupinstall 'Development Tools' -y
# Arch, Manjaro
sudo pacman -Sy libguestfs wget git base-devel linux sudo
Generating New Unique Serial Numbers
Example
# make 1 full serial set
./generate-unique-machine-values.sh \
-c 1 \
--model="iMacPro1,1"
Done!
CSV file and TSV file should be saved in your current working directory.
Slip those values into your config.plist and reboot!
Extended options - Automation?
Need more serials?
# make 100 serial sets
./generate-unique-machine-values.sh \
-c 100 \
--model="iMacPro1,1"
Want to make 50 OpenCore bootdisks AND 50 output plists?
# make 5 serial sets
# but also make config.plist for each set
# and OpenCore-nopicker.qcow2 for each serial set.
./generate-unique-machine-values.sh \
-c 50 \
--create-plists \
--create-bootdisks
Already have your own config.plist?
If you want to automate creating the qcow bootdisk each time, you can use placeholders and let this script build the image each time you change anything.
If you want to use placeholders, you can supply that to either of the scripts in this repo and use:
--custom-plist=./my_config.plist
# make 5 serial sets
# but also use my config.plist for each set
# AND make qcow2 image for each set!
./generate-unique-machine-values.sh \
-c 5 \
--custom-plist=./my_config.plist \
--create-bootdisks
You can also use an URL for the input plist using:
--master-plist-url.
Or you can manually enter the values generated above:
<key>MLB</key>
<string>{{BOARD_SERIAL}}</string>
<key>ROM</key>
<data>{{ROM}}</data>
<key>SpoofVendor</key>
<true/>
<key>SystemProductName</key>
<string>{{DEVICE_MODEL}}</string>
<key>SystemSerialNumber</key>
<string>{{SERIAL}}</string>
<key>SystemUUID</key>
<string>{{UUID}}</string>
...
...
...
<key>Resolution</key>
<string>{{WIDTH}}x{{HEIGHT}}@32</string>
<key>SanitiseClearScreen</key>
{{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}},
{{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}}
General options:
--count, -n, -c <count> Number of serials to generate
--model, -m <model> Device model, e.g. 'iMacPro1,1'
--csv <filename> Optionally change the CSV output filename
--tsv <filename> Optionally change the TSV output filename
--output-dir <directory> Optionally change the script output location
--width <string> Resolution x axis length in px, default 1920
--height <string> Resolution y axis length in px, default 1080
--master-plist-url <url> Specify an alternative master plist, via URL
--master-plist <filename> Optionally change the input plist
--custom-plist <filename> Same as --master-plist
--output-bootdisk <filename> Optionally change the bootdisk filename
--envs Create all corresponding sourcable envs
--plists Create all corresponding config.plists
--bootdisks Create all corresponding bootdisks [SLOW]
--help, -h, help Display this help and exit
Additional options only if you are creating ONE serial set:
--output-bootdisk <filename> Optionally change the bootdisk filename
--output-env <filename> Optionally change the serials env filename
Custom plist placeholders:
{{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}},
{{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}}
Example:
./generate-unique-machine-values.sh --count 1 --plists --bootdisks --envs
Defaults:
- One serial, for 'iMacPro1,1', in the current working directory
- CSV and TSV output
- plists in ./plists/ & bootdisks in ./bootdisks/ & envs in ./envs
- if you set --bootdisk name, --bootdisks is assumed
- if you set --custom-plist, --plists is assumed
- if you set --output-env, --envs is assumed
Generating A Bootdisk Using Specific Serial Numbers
If you already know the serial numbers, or you've generated them above in the past, then you can use this script:
Required options:
--model <string> Device model, e.g. 'iMacPro1,1'
--serial <string> Device Serial number
--board-serial <string> Main Logic Board Serial number (MLB)
--uuid <string> SMBIOS UUID (SmUUID)
--mac-address <string> Used for both the MAC address and to set ROM
ROM is lowercased sans any colons
Optional options:
--width <integer> Resolution x axis length in px, default 1920
--height <integer> Resolution y axis length in px, default 1080
--master-plist-url <url> Specify an alternative master plist, via URL
--custom-plist <filename>
|| --master-plist <filename> Optionally change the input plist.
--output-bootdisk <filename> Optionally change the bootdisk filename
--output-plist <filename> Optionally change the output plist filename
--help, -h, help Display this help and exit
Placeholders: {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, {{UUID}},
{{ROM}}, {{WIDTH}}, {{HEIGHT}}
Example using your serials generated earlier:
CUSTOM_PLIST=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist
./generate-specific-bootdisk.sh \
--input-plist-url="${CUSTOM_PLIST}" \
--model iMacPro1,1 \
--serial C02TW0WAHX87 \
--board-serial C027251024NJG36UE \
--uuid 5CCB366D-9118-4C61-A00A-E5BAF3BED451 \
--mac-address A8:5C:2C:9A:46:2F \
--output-bootdisk ./OpenCore-nopicker.qcow2 \
--width 1920 \
--height 1080
Examples from Docker-OSX
In the case example of why these scripts were written is:
GENERATE_UNIQUE is used as a Docker argument to randomly generate 1 set at runtime, for every new container.
GENERATE_SPECIFIC is used to specify an already known model, serial, board-serial, uuid and MAC address.
[[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" 2>/dev/null \
; ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}"
Special Update Notes
2021-05-04 - On May 4th 2021 we updated from v11 to v12 via @thenickdude's upstream config.plist files from KVM-Opencore.
As seen in a PR to OSX-KVM upstream: https://github.com/kholia/OSX-KVM/pull/173
wget https://github.com/thenickdude/KVM-Opencore/compare/v11...v12.patch
patch -F 10 -p1 --verbose config-nopicker-custom.plist v11...v12.patch
patch -F 10 -p1 --verbose config-custom.plist v11...v12.patch
Rejected patch lines:
--- EFI/OC/config.plist
+++ EFI/OC/config.plist
@@ -224,17 +344,17 @@
</dict>
<dict>
<key>Base</key>
- <string></string>
+ <string>\_SB.PCI0.LPCB.HPET</string>
<key>BaseSkip</key>
<integer>0</integer>
<key>Comment</key>
- <string>_Q12 to XQ12</string>
+ <string>HPET _CRS to XCRS</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<false/>
<key>Find</key>
- <data>X1ExMg==</data>
+ <data>X0NSUw==</data>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
@@ -1056,9 +1302,9 @@
<key>AppleEvent</key>
<string>Builtin</string>
<key>CustomDelays</key>
- <string>Auto</string>
+ <false/>
<key>KeyInitialDelay</key>
- <integer>0</integer>
+ <integer>50</integer>
<key>KeySubsequentDelay</key>
<integer>5</integer>
<key>PointerSpeedDiv</key>
--- src/OpenCorePkg
+++ src/OpenCorePkg
@@ -1 +1 @@
-Subproject commit 5cd223f03dd555c2ad0c6f45181808a5105bb605
+Subproject commit 5668fb62b50e8141d93ae6fce3e3fe238822f6ef
Replaced
<key>Comment</key>
<string>_Q12 to XQ12</string>
with
<key>Base</key>
<string>\_SB.PCI0.LPCB.HPET</string>
<key>BaseSkip</key>
<integer>0</integer>
<key>Comment</key>
<string>HPET _CRS to XCRS</string>
and
- <data>X1ExMg==</data>
+ <data>X0NSUw==</data>
Ignored:
@@ -1056,9 +1302,9 @@
<key>AppleEvent</key>
<string>Builtin</string>
<key>CustomDelays</key>
- <string>Auto</string>
+ <false/>
<key>KeyInitialDelay</key>
- <integer>0</integer>
+ <integer>50</integer>
<key>KeySubsequentDelay</key>
<integer>5</integer>
<key>PointerSpeedDiv</key>