|
|
|
|
|
|
by bdash
661 days ago
|
|
|
As someone with a good understanding of the technologies involved I came away rather confused by the article. There are a few things that are obviously incorrect, and others that don't make much sense. Some of them could be perhaps be explained if the author is doing their work on an outdated version of macOS, but I'd expect that to have been mentioned explicitly in the introduction to the article. Entitlements aren't stored in Info.plist. They're embedded in a binary's code signature. It demonstrates code injection via Mach APIs starting with `task_for_pid` when `task_for_pid` is only usable by root or by a process signed with specific entitlements. VeraCrypt does use the hardened runtime and so the `DYLD_INSERT_LIBRARIES` example cannot work with it. It gives an example of using `emond` for persistence, but that was removed from macOS several releases ago. |
|
|