Friday, August 28, 2020

macSubstrate - Tool For Interprocess Code Injection On macOS


macSubstrate is a platform tool for interprocess code injection on macOS, with the similar function to Cydia Substrate on iOS. Using macSubstrate, you can inject your plugins (.bundle or .framework) into a mac app (including sandboxed apps) to tweak it in the runtime.
  • All you need is to get or create plugins for your target app.
  • No trouble with modification and codesign for the original target app.
  • No more work after the target app is updated.
  • Super easy to install or uninstall a plugin.
  • Loading plugins automatically whenever the target app is relaunched.
  • Providing a GUI app to make injection much easier.

Prepare
  • Disable SIP
  • Why should disable SIP
    System Integrity Protection is a new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.

Usage
  1. download macSubstrate.app, put into /Applications and launch it.
    StatusBar
  2. grant authorization if needed.
  3. install a plugin by importing or dragging into macSubstrate.
    ToInstall
  4. launch the target app.
    step 3 and step 4 can be switched
    Once a plugin is installed by macSubstrate, it will take effect immediately. But if you want it to work whenever the target app is relaunched or macOS is restarted, you need to keep macSubstrate running and allow it to automatically launch at login.
  5. uninstall a plugin when you do not need it anymore.
    Installed

Plugin
macSubstrate supports plugins of .bundle or .framework, so you just need to create a valid .bundle or .framework file. The most important thing is to add a key macSubstratePlugin into the info.plist, with the dictionary value:
Key Value
TargetAppBundleID the target app's CFBundleIdentifier, this tells macSubstrate which app to inject.
Description brief description of the plugin
AuthorName author name of the plugin
AuthorEmail author email of the plugin
Please check the demo plugins demo.bundle and demo.framework for details.

Xcode Templates
macSubstrate also provides Xcode Templates to help you create plugins conveniently:
  1. ln -fhs ./macSubstratePluginTemplate ~/Library/Developer/Xcode/Templates/macSubstrate\ Plugin
  2. Launch Xcode, and there will be 2 new plugin templates for you.

Security
  1. SIP is a new security policy on macOS, which will help to keep you away from potential security risk. Disable it means you will lose the protection from SIP.
  2. If you install a plugin from a developer, you should be responsible for the security of the plugin. If you do not trust it, please do not install it. macSubstrate will help to verify the code signature of a plugin, and I suggest you to scan it using VirusTotal. Anyway, macSubstrate is just a tool, and it is your choice to decide what plugin to install.


Related articles


  1. Hacking Tools For Windows Free Download
  2. Pentest Tools Subdomain
  3. Blackhat Hacker Tools
  4. Pentest Tools Subdomain
  5. Hack Tools For Games
  6. What Are Hacking Tools
  7. Hacking Tools For Windows 7
  8. Hack Website Online Tool
  9. Hack Tools For Ubuntu
  10. How To Install Pentest Tools In Ubuntu
  11. Hacker Tools Linux
  12. Pentest Tools For Android
  13. Hacker Hardware Tools
  14. Hacker Tools Linux
  15. Hack Tools Pc
  16. Best Hacking Tools 2020
  17. Pentest Tools Find Subdomains
  18. Pentest Tools For Ubuntu
  19. Best Pentesting Tools 2018
  20. Hacker Tool Kit
  21. Hacking Tools Hardware
  22. Hack Tools Github
  23. Blackhat Hacker Tools
  24. Pentest Tools Free
  25. Pentest Tools Free
  26. Top Pentest Tools
  27. Pentest Tools Alternative
  28. Hacking Tools For Games
  29. Hacking Tools Usb
  30. Hacker Tools
  31. Hacker
  32. Hacker Techniques Tools And Incident Handling
  33. Hacking Tools For Kali Linux
  34. Hacking Tools Hardware
  35. Pentest Tools Github
  36. Wifi Hacker Tools For Windows
  37. Hacker Security Tools
  38. Hacking Tools Download
  39. Hacker Hardware Tools
  40. How To Install Pentest Tools In Ubuntu
  41. Easy Hack Tools
  42. Pentest Tools For Windows
  43. Install Pentest Tools Ubuntu
  44. Hacking Tools For Mac
  45. Hacking Tools 2019
  46. Underground Hacker Sites
  47. Termux Hacking Tools 2019
  48. Game Hacking
  49. Install Pentest Tools Ubuntu
  50. Hacking Tools For Beginners
  51. Pentest Tools Subdomain
  52. Hacking Tools For Pc
  53. Pentest Tools Open Source
  54. Pentest Tools Github
  55. Best Hacking Tools 2019
  56. Hacking Tools Name
  57. Hacking Tools For Games
  58. Hacker Tools Apk Download
  59. Hacking Tools Online
  60. Wifi Hacker Tools For Windows
  61. Hacking Tools For Beginners
  62. Hacking Tools Kit
  63. Pentest Tools Review
  64. Pentest Tools For Android
  65. Hacker Tools Linux
  66. Pentest Tools Free
  67. Pentest Tools Subdomain
  68. Pentest Tools Port Scanner
  69. What Is Hacking Tools
  70. Pentest Tools List
  71. Black Hat Hacker Tools
  72. Hacking Apps
  73. Hacker Tools Free
  74. Hack Tools 2019
  75. Pentest Tools Online
  76. Beginner Hacker Tools
  77. Hacking Tools Windows
  78. Hacking Tools Windows
  79. Hacking Tools Windows
  80. Hack Website Online Tool
  81. Pentest Tools Tcp Port Scanner
  82. Hacking Tools Mac
  83. Hacker Tools For Ios
  84. Pentest Box Tools Download
  85. Tools Used For Hacking
  86. Hacker Tools For Windows
  87. Hack Apps
  88. Hacker Tools Free
  89. Hak5 Tools
  90. Hack Tool Apk No Root
  91. Pentest Tools Apk
  92. Pentest Tools Nmap
  93. Pentest Tools Github
  94. Hacker Tools List
  95. Hack Tools Online
  96. Hacker Tools Software
  97. Pentest Tools Website
  98. Hacker
  99. Hack Tools For Mac
  100. Hacking Tools Hardware
  101. Pentest Tools Windows
  102. Pentest Tools Apk
  103. Hack App
  104. Hacking Tools Kit
  105. Top Pentest Tools
  106. Hacking Tools 2020
  107. Top Pentest Tools
  108. Pentest Automation Tools
  109. Hack Tools Online
  110. Hacking Tools Download
  111. Hacking Tools For Kali Linux
  112. Hacker Tools For Ios
  113. Hacking Tools Online
  114. Hack Tools For Windows
  115. Hacking Tools Mac
  116. Pentest Tools Nmap
  117. Hacker Tools For Pc
  118. Pentest Tools Url Fuzzer
  119. Pentest Tools Website Vulnerability
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)