Post AScoapjynzwfKrcGOG by jawshoeadan@mastodon.social
 (DIR) More posts by jawshoeadan@mastodon.social
 (DIR) Post #AScoapjynzwfKrcGOG by jawshoeadan@mastodon.social
       2023-02-13T03:21:11Z
       
       0 likes, 0 repeats
       
       @zhuowei Would it be possible to use Mac Dirty Cow to communicate with akd on iOS? We're trying to use it to authenticate with Apple for SideStore. https://github.com/SideStore/SideStore
       
 (DIR) Post #AScoaqJ4hW1B5i2I5o by jawshoeadan@mastodon.social
       2023-02-13T03:23:44Z
       
       0 likes, 0 repeats
       
       @zhuowei For some context, this is the error without the exploit. Remote Anisette service returned an error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.ak.anisette.xpc was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.apple.ak.anisette.xpc was invalidated: failed at lookup with error 159 - Sandbox restriction.}
       
 (DIR) Post #AScoaqmqunpya3y4VU by zhuowei@notnow.dev
       2023-02-13T04:07:29.688366Z
       
       0 likes, 0 repeats
       
       @jawshoeadan I have not looked into this: I don't know how to generate a xpc sandbox extension from tccd. Maybe you could either somehow get unsandboxed exec ... somehow. Or patch tccd further. Or overwrite a launchDaemon (from developer disk?) with a second instance of akd that listens on a xpc that we can connect to. Or somehow patch launchd to not check for sandboxing then somehow userspace reboot...but I don't know how to do any that. Maybe ask other people with MacDirtyCow experience?