diff --git a/dumpsmc.py b/dumpsmc.py index 65fff8a..7ed11ef 100755 --- a/dumpsmc.py +++ b/dumpsmc.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python """ The MIT License (MIT) @@ -22,14 +23,14 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. vSMC Header Structure -Offset Length struct Type Description +Offset Length Struct Type Description ---------------------------------------- 0x00/00 0x08/08 Q ptr Offset to key table 0x08/08 0x04/4 I int Number of private keys 0x0C/12 0x04/4 I int Number of public keys vSMC Key Data Structure -Offset Length struct Type Description +Offset Length Struct Type Description ---------------------------------------- 0x00/00 0x04/04 4s int Key name (byte reversed e.g. #KEY is YEK#) 0x04/04 0x01/01 B byte Length of returned data diff --git a/esxi-build.sh b/esxi-build.sh new file mode 100755 index 0000000..a1fe36c --- /dev/null +++ b/esxi-build.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -e +#set -x + +# Ensure we only use unmodified commands +export PATH=/bin:/sbin:/usr/bin:/usr/sbin + +# Copy patch to local.sh +cp local-prefix.sh local.sh +cat unlocker.py >> local.sh +cat local-suffix.sh >> local.sh +chmod +x local.sh diff --git a/esxi-config.py b/esxi-config.py new file mode 100644 index 0000000..8e1f180 --- /dev/null +++ b/esxi-config.py @@ -0,0 +1,38 @@ +#!/usr/bin/env python +""" +This is a simple method to modify the hostd XML file +Not using XML on ESXi Python as it does not preserve +formatting or comments. + +(This could be sed but cannot find a suitable regex.) + +""" +from __future__ import print_function + + +def main(): + vmsvc = ' \n' + sandbox = ' false\n' + + with open('/etc/vmware/hostd/config.xml', 'r+') as f: + data = f.readlines() + i = data.index(vmsvc) + try: + j = data.index(sandbox) + except ValueError: + j = 0 + + # Simple toggle on or off depending if found + if j == 0: + data.insert(i+1, sandbox) + else: + del data[j] + + # Rewrite the config.xml file + f.seek(0) + f.write(''.join(data)) + f.truncate() + f.close() + +if __name__ == '__main__': + main() diff --git a/esxi-install.sh b/esxi-install.sh index 30ceb96..9c07489 100755 --- a/esxi-install.sh +++ b/esxi-install.sh @@ -1,6 +1,6 @@ #!/bin/sh set -e -set -x +#set -x echo VMware Unlocker 2.0.9 echo =============================== @@ -9,49 +9,10 @@ echo Copyright: Dave Parsons 2011-16 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin -# Ensure we run from the patcher directory -cd "`dirname $0`" - - # Create tmp folder for patching the files -echo Creating unlocker vmtar disk - -# Create tmp folder for patching the files -mkdir -p tmp/bin -mkdir -p tmp/lib - -cp -v /bin/vmx tmp/bin -cp -v /bin/vmx-debug tmp/bin -cp -v /bin/vmx-stats tmp/bin - -# Now using sed in the local.sh script -#cp -v /lib/libvmkctl.so tmp/lib -# -#if [ -f /lib64/libvmkctl.so ]; then -# mkdir -p tmp/lib64 -# cp -v /lib64/libvmkctl.so tmp/lib64 -#fi - -# Patch the files -python unlocker.py - -# Create the vmtar file for ESXi kernel -#if [ -f /lib64/libvmkctl.so ]; then -# tar cvf tmp/unlocker.tar -C tmp bin lib lib64 -#else -# tar cvf tmp/unlocker.tar -C tmp bin lib -#fi -tar cvf tmp/unlocker.tar -C tmp bin -vmtar -c tmp/unlocker.tar -v -o tmp/unlocker.vmtar -gzip tmp/unlocker.vmtar -mv tmp/unlocker.vmtar.gz tmp/unlocker.vgz - -# Copy to bootbank and setup local.sh -echo Copying unlocker.vgz to bootbank... -cp tmp/unlocker.vgz /bootbank +# Copy patch to local.sh +echo Installing local.sh chmod +x local.sh cp local.sh /etc/rc.local.d/local.sh - -# Clean up -#rm -rfv tmp - +python esxi-config.py +backup.sh 0 echo Success - please now restart the server! diff --git a/esxi-uninstall.sh b/esxi-uninstall.sh index 3a45bd8..ee76fc0 100755 --- a/esxi-uninstall.sh +++ b/esxi-uninstall.sh @@ -1,6 +1,6 @@ #!/bin/sh set -e -set -x +#set -x echo VMware Unlocker 2.0.9 echo =============================== @@ -9,9 +9,8 @@ echo Copyright: Dave Parsons 2011-16 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin -# Remove entry from the boot configuration file -echo Deleting unlocker.vgz from bootbank... -rm /bootbank/unlocker.vgz -rm /etc/rc.local.d/local.sh - -echo Please now reboot the host system! +echo Uninstalling local.sh +cp /etc/rc.local.d/.#local.sh /etc/rc.local.d/local.sh +python esxi-config.py +backup.sh 0 +echo Success - please now restart the server! diff --git a/gettools.py b/gettools.py index d808a6c..f92d9ad 100755 --- a/gettools.py +++ b/gettools.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python """ The MIT License (MIT) diff --git a/local-prefix.sh b/local-prefix.sh new file mode 100755 index 0000000..ef923e4 --- /dev/null +++ b/local-prefix.sh @@ -0,0 +1,65 @@ +#!/bin/sh +set -e +set -x + +echo VMware ESXi 6.x Unlocker 2.0.9 +echo =============================== +echo Copyright: Dave Parsons 2011-16 + +# Ensure we only use unmodified commands +export PATH=/bin:/sbin:/usr/bin:/usr/sbin + +# Exit if boot option specified +if bootOption -o | grep -q 'nounlocker'; then + logger -t unlocker Disbaled via nounlocker boot option + exit 0 +fi + +# Make sure working files are removed +if [ -d /unlocker ]; then + logger -t unlocker Removing current patches + rm -rfv /unlocker +fi + +# Create new RAM disk and map to /unlocker +logger -t unlocker Creating RAM disk +mkdir /unlocker +localcli system visorfs ramdisk add -m 200 -M 200 -n unlocker -p 0755 -t /unlocker +logger -t unlocker Stopping hostd daemon +/etc/init.d/hostd stop + +# Copy the vmx files +logger -t unlocker Copying vmx files +mkdir /unlocker/bin +cp /bin/vmx /unlocker/bin/ +cp /bin/vmx-debug /unlocker/bin/ +cp /bin/vmx-stats /unlocker/bin/ + +# Setup symlink from /bin +logger -t unlocker Setup vmx sym links +rm -fv /bin/vmx +ln -s /unlocker/bin/vmx /bin/vmx +rm -fv /bin/vmx-debug +ln -s /unlocker/bin/vmx-debug /bin/vmx-debug +rm -fv /bin/vmx-stats +ln -s /unlocker/bin/vmx-stats /bin/vmx-stats + +# Copy the libvmkctl.so files +logger -t unlocker Copying 32-bit lib files +mkdir /unlocker/lib +cp /lib/libvmkctl.so /unlocker/lib/ +logger -t unlocker Setup 32-bit lib sym links +rm -fv /lib/libvmkctl.so +ln -s /unlocker/lib/libvmkctl.so /lib/libvmkctl.so +if [ -f /lib64/libvmkctl.so ]; then + logger -t unlocker Copying 64-bit lib files + mkdir /unlocker/lib64 + cp /lib64/libvmkctl.so /unlocker/lib64/ + logger -t unlocker Setup 64-bit lib sym links + rm -fv /lib64/libvmkctl.so + ln -s /unlocker/lib64/libvmkctl.so /lib64/libvmkctl.so +fi + +# Patch the vmx files +logger -t unlocker Patching vmx files +python <> /var/log/unlocker.log - -else - - echo Unlocker running >> /var/log/unlocker.log - - /etc/init.d/hostd status >> /var/log/unlocker.log - /etc/init.d/hostd stop >> /var/log/unlocker.log - - vmkramdisk /bootbank/unlocker.vgz >> /var/log/unlocker.log - - sed -i 's/applesmc/vmkernel/g' /lib/libvmkctl.so - if [ -f /lib64/libvmkctl.so ]; then - sed -i 's/applesmc/vmkernel/g' /lib64/libvmkctl.so - fi - - /etc/init.d/hostd start >> /var/log/unlocker.log - /etc/init.d/hostd status >> /var/log/unlocker.log - + logger -t unlocker Disbaled via nounlocker boot option + exit 0 fi -exit 0 +# Make sure working files are removed +if [ -d /unlocker ]; then + logger -t unlocker Removing current patches + rm -rfv /unlocker +fi + +# Create new RAM disk and map to /unlocker +logger -t unlocker Creating RAM disk +mkdir /unlocker +localcli system visorfs ramdisk add -m 200 -M 200 -n unlocker -p 0755 -t /unlocker +logger -t unlocker Stopping hostd daemon +/etc/init.d/hostd stop + +# Copy the vmx files +logger -t unlocker Copying vmx files +mkdir /unlocker/bin +cp /bin/vmx /unlocker/bin/ +cp /bin/vmx-debug /unlocker/bin/ +cp /bin/vmx-stats /unlocker/bin/ + +# Setup symlink from /bin +logger -t unlocker Setup vmx sym links +rm -fv /bin/vmx +ln -s /unlocker/bin/vmx /bin/vmx +rm -fv /bin/vmx-debug +ln -s /unlocker/bin/vmx-debug /bin/vmx-debug +rm -fv /bin/vmx-stats +ln -s /unlocker/bin/vmx-stats /bin/vmx-stats + +# Copy the libvmkctl.so files +logger -t unlocker Copying 32-bit lib files +mkdir /unlocker/lib +cp /lib/libvmkctl.so /unlocker/lib/ +logger -t unlocker Setup 32-bit lib sym links +rm -fv /lib/libvmkctl.so +ln -s /unlocker/lib/libvmkctl.so /lib/libvmkctl.so +if [ -f /lib64/libvmkctl.so ]; then + logger -t unlocker Copying 64-bit lib files + mkdir /unlocker/lib64 + cp /lib64/libvmkctl.so /unlocker/lib64/ + logger -t unlocker Setup 64-bit lib sym links + rm -fv /lib64/libvmkctl.so + ln -s /unlocker/lib64/libvmkctl.so /lib64/libvmkctl.so +fi + +# Patch the vmx files +logger -t unlocker Patching vmx files +python < -1 else c + return ''.join(rotchar(c) for c in s) + + +def bytetohex(data): + if sys.version_info > (3, 0): + # Python 3 code in this block + return "".join("{:02X} ".format(c) for c in data) + else: + # Python 2 code in this block + return "".join("{:02X} ".format(ord(c)) for c in data) + + +def joinpath(folder, filename): + return os.path.join(folder, filename) + + +def printkey(i, offset, smc_key, smc_data): + print(str(i + 1).zfill(3) + + ' ' + hex(offset) + + ' ' + smc_key[0][::-1].decode('UTF-8') + + ' ' + str(smc_key[1]).zfill(2) + + ' ' + smc_key[2][::-1].replace(b'\x00', b' ').decode('UTF-8') + + ' ' + '{0:#0{1}x}'.format(smc_key[3], 4) + + ' ' + hex(smc_key[4]) + + ' ' + bytetohex(smc_data)) + + +E_CLASS64 = 2 +E_SHT_RELA = 4 + + +def patchelf(f, oldoffset, newoffset): + f.seek(0) + magic = f.read(4) + if not magic == b'\x7fELF': + raise Exception('Magic number does not match') + + ei_class = struct.unpack('=B', f.read(1))[0] + if ei_class != E_CLASS64: + raise Exception('Not 64bit elf header: ' + ei_class) + + f.seek(40) + e_shoff = struct.unpack('=Q', f.read(8))[0] + f.seek(58) + e_shentsize = struct.unpack('=H', f.read(2))[0] + e_shnum = struct.unpack('=H', f.read(2))[0] + e_shstrndx = struct.unpack('=H', f.read(2))[0] + + print('e_shoff: 0x{:x} e_shentsize: 0x{:x} e_shnum:0x{:x} e_shstrndx:0x{:x}'.format(e_shoff, e_shentsize, + e_shnum, e_shstrndx)) + + for i in range(0, e_shnum): + f.seek(e_shoff + i * e_shentsize) + e_sh = struct.unpack('=LLQQQQLLQQ', f.read(e_shentsize)) + # e_sh_name = e_sh[0] + e_sh_type = e_sh[1] + e_sh_offset = e_sh[4] + e_sh_size = e_sh[5] + e_sh_entsize = e_sh[9] + if e_sh_type == E_SHT_RELA: + e_sh_nument = int(e_sh_size / e_sh_entsize) + # print 'RELA at 0x{:x} with {:d} entries'.format(e_sh_offset, e_sh_nument) + for j in range(0, e_sh_nument): + f.seek(e_sh_offset + e_sh_entsize * j) + rela = struct.unpack('=QQq', f.read(e_sh_entsize)) + r_offset = rela[0] + r_info = rela[1] + r_addend = rela[2] + if r_addend == oldoffset: + r_addend = newoffset + f.seek(e_sh_offset + e_sh_entsize * j) + f.write(struct.pack('=QQq', r_offset, r_info, r_addend)) + print('Relocation modified at: ' + hex(e_sh_offset + e_sh_entsize * j)) + + +def patchkeys(f, key): + # Setup struct pack string + key_pack = '=4sB4sB6xQ' + smc_old_memptr = 0 + smc_new_memptr = 0 + + # Do Until OSK1 read + i = 0 + while True: + + # Read key into struct str and data byte str + offset = key + (i * 72) + f.seek(offset) + smc_key = struct.unpack(key_pack, f.read(24)) + smc_data = f.read(smc_key[1]) + + # Reset pointer to beginning of key entry + f.seek(offset) + + if smc_key[0] == b'SKL+': + # Use the +LKS data routine for OSK0/1 + smc_new_memptr = smc_key[4] + print('+LKS Key: ') + printkey(i, offset, smc_key, smc_data) + + elif smc_key[0] == b'0KSO': + # Write new data routine pointer from +LKS + print('OSK0 Key Before:') + printkey(i, offset, smc_key, smc_data) + f.seek(offset) + f.write(struct.pack(key_pack, smc_key[0], smc_key[1], smc_key[2], smc_key[3], smc_new_memptr)) + f.flush() + + # Write new data for key + f.seek(offset + 24) + smc_new_data = rot13('bheuneqjbexolgurfrjbeqfthneqrqcy') + f.write(smc_new_data.encode('UTF-8')) + f.flush() + + # Re-read and print key + f.seek(offset) + smc_key = struct.unpack(key_pack, f.read(24)) + smc_data = f.read(smc_key[1]) + print('OSK0 Key After:') + printkey(i, offset, smc_key, smc_data) + + elif smc_key[0] == b'1KSO': + # Write new data routine pointer from +LKS + print('OSK1 Key Before:') + printkey(i, offset, smc_key, smc_data) + f.seek(offset) + f.write(struct.pack(key_pack, smc_key[0], smc_key[1], smc_key[2], smc_key[3], smc_new_memptr)) + f.flush() + + # Write new data for key + f.seek(offset + 24) + smc_new_data = rot13('rnfrqbagfgrny(p)NccyrPbzchgreVap') + f.write(smc_new_data.encode('UTF-8')) + f.flush() + + # Re-read and print key + f.seek(offset) + smc_key = struct.unpack(key_pack, f.read(24)) + smc_data = f.read(smc_key[1]) + print('OSK1 Key After:') + printkey(i, offset, smc_key, smc_data) + + # Finished so get out of loop + break + + else: + pass + + i += 1 + return smc_old_memptr, smc_new_memptr + + +def patchsmc(name, sharedobj): + with open(name, 'r+b') as f: + + smc_old_memptr = 0 + smc_new_memptr = 0 + + # Read file into string variable + vmx = f.read() + + print('File: ' + name) + + # Setup hex string for vSMC headers + # These are the private and public key counts + smc_header_v0 = b'\xF2\x00\x00\x00\xF0\x00\x00\x00' + smc_header_v1 = b'\xB4\x01\x00\x00\xB0\x01\x00\x00' + + # Setup hex string for #KEY key + key_key = b'\x59\x45\x4B\x23\x04\x32\x33\x69\x75' + + # Setup hex string for $Adr key + adr_key = b'\x72\x64\x41\x24\x04\x32\x33\x69\x75' + + # Find the vSMC headers + smc_header_v0_offset = vmx.find(smc_header_v0) - 8 + smc_header_v1_offset = vmx.find(smc_header_v1) - 8 + + # Find '#KEY' keys + smc_key0 = vmx.find(key_key) + smc_key1 = vmx.rfind(key_key) + + # Find '$Adr' key only V1 table + smc_adr = vmx.find(adr_key) + + # Print vSMC0 tables and keys + print('appleSMCTableV0 (smc.version = "0")') + print('appleSMCTableV0 Address : ' + hex(smc_header_v0_offset)) + print('appleSMCTableV0 Private Key #: 0xF2/242') + print('appleSMCTableV0 Public Key #: 0xF0/240') + + if (smc_adr - smc_key0) != 72: + print('appleSMCTableV0 Table : ' + hex(smc_key0)) + smc_old_memptr, smc_new_memptr = patchkeys(f, smc_key0) + elif (smc_adr - smc_key1) != 72: + print('appleSMCTableV0 Table : ' + hex(smc_key1)) + smc_old_memptr, smc_new_memptr = patchkeys(f, smc_key1) + + print() + + # Print vSMC1 tables and keys + print('appleSMCTableV1 (smc.version = "1")') + print('appleSMCTableV1 Address : ' + hex(smc_header_v1_offset)) + print('appleSMCTableV1 Private Key #: 0x01B4/436') + print('appleSMCTableV1 Public Key #: 0x01B0/432') + + if (smc_adr - smc_key0) == 72: + print('appleSMCTableV1 Table : ' + hex(smc_key0)) + smc_old_memptr, smc_new_memptr = patchkeys(f, smc_key0) + elif (smc_adr - smc_key1) == 72: + print('appleSMCTableV1 Table : ' + hex(smc_key1)) + smc_old_memptr, smc_new_memptr = patchkeys(f, smc_key1) + + print() + + # Find matching RELA record in .rela.dyn in ESXi ELF files + # This is temporary code until proper ELF parsing written + if sharedobj: + print('Modifying RELA records from: ' + hex(smc_old_memptr) + ' to ' + hex(smc_new_memptr)) + patchelf(f, smc_old_memptr, smc_new_memptr) + + # Tidy up + f.flush() + f.close() + + +def patchbase(name): + # Patch file + print('GOS Patching: ' + name) + f = open(name, 'r+b') + + # Entry to search for in GOS table + darwin = ( + '\x10\x00\x00\x00\x10\x00\x00\x00' + '\x02\x00\x00\x00\x00\x00\x00\x00' + '\x00\x00\x00\x00\x00\x00\x00\x00' + '\x00\x00\x00\x00\x00\x00\x00\x00' + '\xBE' + ) + + # Read file into string variable + base = f.read() + + # Loop thorugh each entry and set top bit + # 0xBE --> 0xBF + offset = 0 + while offset < len(base): + offset = base.find(darwin, offset) + if offset == -1: + break + f.seek(offset + 32) + flag = f.read(1) + if flag == '\xBE': + f.seek(offset + 32) + f.write('\xBF') + print('GOS Patched flag @: ' + hex(offset)) + else: + print('GOS Unknown flag @: ' + hex(offset) + '/' + hex(int(flag))) + + offset += 33 + + # Tidy up + f.flush() + f.close() + print('GOS Patched: ' + name) + + +def patchvmkctl(name): + # Patch file + print('smcPresent Patching: ' + name) + f = open(name, 'r+b') + + # Read file into string variable + vmkctl = f.read() + applesmc = vmkctl.find(b'applesmc') + f.seek(applesmc) + f.write(b'vmkernel') + + # Tidy up + f.flush() + f.close() + print('smcPresent Patched: ' + name) + + +def main(): + # Work around absent Platform module on VMkernel + if os.name == 'nt' or os.name == 'cli': + osname = 'windows' + else: + osname = os.uname()[0].lower() + + vmwarebase = '' + libvmkctl32 = '' + libvmkctl64 = '' + vmx_so = False + + # Setup default paths + if osname == 'darwin': + vmx_path = '/Applications/VMware Fusion.app/Contents/Library/' + vmx = joinpath(vmx_path, 'vmware-vmx') + vmx_debug = joinpath(vmx_path, 'vmware-vmx-debug') + vmx_stats = joinpath(vmx_path, 'vmware-vmx-stats') + + elif osname == 'linux': + vmx_path = '/usr/lib/vmware/bin/' + vmx = joinpath(vmx_path, 'vmware-vmx') + vmx_debug = joinpath(vmx_path, 'vmware-vmx-debug') + vmx_stats = joinpath(vmx_path, 'vmware-vmx-stats') + vmx_version = subprocess.check_output(["vmplayer", "-v"]) + if vmx_version.startswith('VMware Player 12'): + vmx_so = True + vmwarebase = '/usr/lib/vmware/lib/libvmwarebase.so/libvmwarebase.so' + else: + vmwarebase = '/usr/lib/vmware/lib/libvmwarebase.so.0/libvmwarebase.so.0' + + elif osname == 'vmkernel': + vmx_path = os.path.dirname(os.path.abspath(__file__)) + vmx = joinpath(vmx_path, '/unlocker/bin/vmx') + vmx_debug = joinpath(vmx_path, '/unlocker/bin/vmx-debug') + vmx_stats = joinpath(vmx_path, '/unlocker/bin/vmx-stats') + vmx_so = True + libvmkctl32 = joinpath(vmx_path, '/unlocker/lib/libvmkctl.so') + libvmkctl64 = joinpath(vmx_path, '/unlocker/lib64/libvmkctl.so') + + elif osname == 'windows': + reg = ConnectRegistry(None, HKEY_LOCAL_MACHINE) + key = OpenKey(reg, r'SOFTWARE\Wow6432Node\VMware, Inc.\VMware Workstation') + vmwarebase_path = QueryValueEx(key, 'InstallPath')[0] + vmx_path = QueryValueEx(key, 'InstallPath64')[0] + vmx = joinpath(vmx_path, 'vmware-vmx.exe') + vmx_debug = joinpath(vmx_path, 'vmware-vmx-debug.exe') + vmx_stats = joinpath(vmx_path, 'vmware-vmx-stats.exe') + vmwarebase = joinpath(vmwarebase_path, 'vmwarebase.dll') + + else: + print('Unknown Operating System: ' + osname) + return + + # Patch the vmx executables skipping stats version for Player + patchsmc(vmx, vmx_so) + patchsmc(vmx_debug, vmx_so) + if os.path.isfile(vmx_stats): + patchsmc(vmx_stats, vmx_so) + + # Patch vmwarebase for Workstation and Player + # Not required on Fusion or ESXi as table already has correct flags + if vmwarebase != '': + patchbase(vmwarebase) + else: + print('Patching vmwarebase is not required on this system') + + # Now using sed in the local.sh script + if osname == 'vmkernel': + # Patch ESXi 6.0 and 6.5 32 bit .so + patchvmkctl(libvmkctl32) + + # Patch ESXi 6.5 64 bit .so + if os.path.isfile(libvmkctl64): + patchvmkctl(libvmkctl64) + + +if __name__ == '__main__': + main() +END +logger -t unlocker Starting hostd daemon +/etc/init.d/hostd start +exit 0 \ No newline at end of file diff --git a/smctest.sh b/smctest.sh index ca77bec..737836f 100755 --- a/smctest.sh +++ b/smctest.sh @@ -1,2 +1,3 @@ #!/bin/sh +grep -il \(c\)AppleComputerInc /bin/vmx* vim-cmd hostsvc/hosthardware | grep smcPresent | cut -d ',' -f 1 | sed 's/^[ \t]*//' diff --git a/unlocker.py b/unlocker.py index 161b8c5..664c11d 100755 --- a/unlocker.py +++ b/unlocker.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python """ The MIT License (MIT) @@ -22,14 +23,14 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. vSMC Header Structure -Offset Length struct Type Description +Offset Length Struct Type Description ---------------------------------------- 0x00/00 0x08/08 Q ptr Offset to key table 0x08/08 0x04/4 I int Number of private keys 0x0C/12 0x04/4 I int Number of public keys vSMC Key Data Structure -Offset Length struct Type Description +Offset Length Struct Type Description ---------------------------------------- 0x00/00 0x04/04 4s int Key name (byte reversed e.g. #KEY is YEK#) 0x04/04 0x01/01 B byte Length of returned data @@ -379,12 +380,12 @@ def main(): elif osname == 'vmkernel': vmx_path = os.path.dirname(os.path.abspath(__file__)) - vmx = joinpath(vmx_path, 'tmp/bin/vmx') - vmx_debug = joinpath(vmx_path, 'tmp/bin/vmx-debug') - vmx_stats = joinpath(vmx_path, 'tmp/bin/vmx-stats') + vmx = joinpath(vmx_path, '/unlocker/bin/vmx') + vmx_debug = joinpath(vmx_path, '/unlocker/bin/vmx-debug') + vmx_stats = joinpath(vmx_path, '/unlocker/bin/vmx-stats') vmx_so = True - libvmkctl32 = joinpath(vmx_path, 'tmp/lib/libvmkctl.so') - libvmkctl64 = joinpath(vmx_path, 'tmp/lib64/libvmkctl.so') + libvmkctl32 = joinpath(vmx_path, '/unlocker/lib/libvmkctl.so') + libvmkctl64 = joinpath(vmx_path, '/unlocker/lib64/libvmkctl.so') elif osname == 'windows': reg = ConnectRegistry(None, HKEY_LOCAL_MACHINE) @@ -414,13 +415,13 @@ def main(): print('Patching vmwarebase is not required on this system') # Now using sed in the local.sh script - # if osname == 'vmkernel': - # # Patch ESXi 6.0 and 6.5 32 bit .so - # patchvmkctl(libvmkctl32) - # - # # Patch ESXi 6.5 64 bit .so - # if os.path.isfile(libvmkctl64): - # patchvmkctl(libvmkctl64) + if osname == 'vmkernel': + # Patch ESXi 6.0 and 6.5 32 bit .so + patchvmkctl(libvmkctl32) + + # Patch ESXi 6.5 64 bit .so + if os.path.isfile(libvmkctl64): + patchvmkctl(libvmkctl64) if __name__ == '__main__':