diff --git a/esxi-config.py b/esxi-config.py index 901b314..f1f3b61 100755 --- a/esxi-config.py +++ b/esxi-config.py @@ -24,8 +24,7 @@ def main(): starttag = '' endtag = '' - # with open('/etc/vmware/hostd/config.xml', 'r+') as f: - with open('samples/config.xml', 'r+') as f: + with open('/etc/vmware/hostd/config.xml', 'r+') as f: data = f.readlines() # Search for the relevant XML tags diff --git a/esxi-install.sh b/esxi-install.sh index f8f2e8c..9bad0f3 100755 --- a/esxi-install.sh +++ b/esxi-install.sh @@ -4,7 +4,7 @@ set -e echo VMware Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/esxi-uninstall.sh b/esxi-uninstall.sh index d20e634..18389ad 100755 --- a/esxi-uninstall.sh +++ b/esxi-uninstall.sh @@ -4,7 +4,7 @@ set -e echo VMware Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/lnx-install.sh b/lnx-install.sh index f4429eb..8d4d22e 100755 --- a/lnx-install.sh +++ b/lnx-install.sh @@ -3,7 +3,7 @@ set -e echo VMware Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/lnx-uninstall.sh b/lnx-uninstall.sh index 3d4602e..30beea4 100755 --- a/lnx-uninstall.sh +++ b/lnx-uninstall.sh @@ -3,7 +3,7 @@ set -e echo VMware Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/local-prefix.sh b/local-prefix.sh index dadbf40..07fa890 100755 --- a/local-prefix.sh +++ b/local-prefix.sh @@ -4,7 +4,7 @@ set -x echo VMware ESXi 6.x Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/local.sh b/local.sh index 75f644c..bf87575 100755 --- a/local.sh +++ b/local.sh @@ -4,7 +4,7 @@ set -x echo VMware ESXi 6.x Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/osx-install.sh b/osx-install.sh index d35f203..27226d6 100755 --- a/osx-install.sh +++ b/osx-install.sh @@ -3,7 +3,7 @@ set -e echo VMware Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/osx-uninstall.sh b/osx-uninstall.sh index 947c5e4..5409d71 100755 --- a/osx-uninstall.sh +++ b/osx-uninstall.sh @@ -3,7 +3,7 @@ set -e echo VMware Unlocker 2.0.9 echo =============================== -echo Copyright: Dave Parsons 2011-16 +echo Copyright: Dave Parsons 2011-17 # Ensure we only use unmodified commands export PATH=/bin:/sbin:/usr/bin:/usr/sbin diff --git a/readme.txt b/readme.txt index 0575d8d..2f94c2f 100644 --- a/readme.txt +++ b/readme.txt @@ -1,5 +1,5 @@ -Mac OS X Unlocker for VMware V2.0 -================================= +macOS Unlocker for VMware V2.0 +============================== +-----------------------------------------------------------------------------+ | IMPORTANT: | @@ -13,7 +13,8 @@ Mac OS X Unlocker for VMware V2.0 1. Introduction --------------- -Unlocker 2 is designed for Workstation 11/12, Player 7/12, ESXi 6 and Fusion 7/8. +Unlocker 2 is designed for Workstation 11/12/14, Player 7/12/14, ESXi 6.5 +and Fusion 7/8/10. If you are using an earlier product please continue using Unlocker 1 @@ -162,9 +163,8 @@ History - Get latest VMware tools command - Removed firmware files - Moved to PyInstaller 3.0 -29/12/16 2.0.9 - New version to support ESXi 6.5 - - Disable new hostd VMX sandbox - - Fix ESXI 6.5 libvmkctl.so patching for 32 and 64-bit versions +05/10/17 2.0.9 - New version to support ESXi 6.5, Workstation/Player 14 and Fusion 10 + - Removed support for ESXi 6.0 - Added ESXi boot option to disable unlocker (nounlocker) -(c) 2011-2016 Dave Parsons \ No newline at end of file +(c) 2011-2017 Dave Parsons \ No newline at end of file diff --git a/test-unlocker.py b/test-unlocker.py new file mode 100644 index 0000000..940f77a --- /dev/null +++ b/test-unlocker.py @@ -0,0 +1,54 @@ +from __future__ import print_function +import unlocker +import dumpsmc +import shutil + + +def main(): + # Test Windows patching + shutil.copyfile('./samples/windows/wks12/vmware-vmx.exe', './tests/windows/wks12/vmware-vmx.exe') + unlocker.patchsmc('./tests/windows/wks12/vmware-vmx.exe', False) + dumpsmc.dumpsmc('./tests/windows/wks12/vmware-vmx.exe') + shutil.copyfile('./samples/windows/wks14/vmware-vmx.exe', './tests/windows/wks12/vmware-vmx.exe') + dumpsmc.dumpsmc('./tests/windows/wks14/vmware-vmx.exe') + unlocker.patchsmc('./tests/windows/wks14/vmware-vmx.exe', False) + shutil.copyfile('./samples/windows/wks12/vmwarebase.dll', './tests/windows/wks12/vmwarebase.dll') + unlocker.patchbase('./tests/windows/wks12/vmwarebase.dll') + shutil.copyfile('./samples/windows/wks14/vmwarebase.dll', './tests/windows/wks14/vmwarebase.dll') + unlocker.patchbase('./tests/windows/wks14/vmwarebase.dll') + + # Test Linux patching + shutil.copyfile('./samples/linux/wks12/vmware-vmx', './tests/linux/wks12/vmware-vmx') + dumpsmc.dumpsmc('./tests/linux/wks12/vmware-vmx') + unlocker.patchsmc('./tests/linux/wks12/vmware-vmx', True) + shutil.copyfile('./samples/linux/wks14/vmware-vmx', './tests/linux/wks14/vmware-vmx') + dumpsmc.dumpsmc('./tests/linux/wks14/vmware-vmx') + unlocker.patchsmc('./tests/linux/wks14/vmware-vmx', True) + shutil.copyfile('./samples/linux/wks12/libvmwarebase.so', './tests/linux/wks12/libvmwarebase.so') + unlocker.patchbase('./tests/linux/wks12/libvmwarebase.so') + shutil.copyfile('./samples/linux/wks14/libvmwarebase.so', './tests/linux/wks14/libvmwarebase.so') + unlocker.patchbase('./tests/linux/wks14/libvmwarebase.so') + + # Test macOS patching + shutil.copyfile('./samples/macos/fus8/vmware-vmx', './tests/macos/fus8/vmware-vmx') + unlocker.patchsmc('./tests/macos/fus8/vmware-vmx', False) + shutil.copyfile('./samples/macos/fus10/vmware-vmx', './tests/macos/fus10/vmware-vmx') + unlocker.patchsmc('./tests/macos/fus10/vmware-vmx', False) + + # Test ESXi patching + shutil.copyfile('./samples/esxi/esxi600/vmx', './tests/esxi/esxi600/vmx') + dumpsmc.dumpsmc('./tests/esxi/esxi600/vmx') + unlocker.patchsmc('./tests/esxi/esxi600/vmx', True) + shutil.copyfile('./samples/esxi/esxi650/vmx', './tests/esxi/esxi650/vmx') + dumpsmc.dumpsmc('./tests/esxi/esxi600/vmx') + unlocker.patchsmc('./tests/esxi/esxi650/vmx', True) + shutil.copyfile('./samples/esxi/esxi600/libvmkctl.so', './tests/esxi/esxi600/libvmkctl.so') + unlocker.patchvmkctl('./tests/esxi/esxi600/libvmkctl.so') + shutil.copyfile('./samples/esxi/esxi650/lib/libvmkctl.so', './tests/esxi/esxi650/lib/libvmkctl.so') + unlocker.patchvmkctl('./tests/esxi/esxi650/lib/libvmkctl.so') + shutil.copyfile('./samples/esxi/esxi650/lib64/libvmkctl.so', './tests/esxi/esxi650/lib64/libvmkctl.so') + unlocker.patchvmkctl('./tests/esxi/esxi650/lib64/libvmkctl.so') + + +if __name__ == '__main__': + main() diff --git a/unlocker.py b/unlocker.py index dee08b2..6d508aa 100755 --- a/unlocker.py +++ b/unlocker.py @@ -58,13 +58,6 @@ if sys.platform == 'win32' \ from _winreg import * -def rot13(s): - chars = 'AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz' - trans = chars[26:] + chars[:26] - rotchar = lambda c: trans[chars.find(c)] if chars.find(c) > -1 else c - return ''.join(rotchar(c) for c in s) - - def bytetohex(data): if sys.version_info > (3, 0): # Python 3 code in this block @@ -74,8 +67,8 @@ def bytetohex(data): return "".join("{:02X} ".format(ord(c)) for c in data) -def joinpath(folder, file): - return os.path.join(folder, file) +def joinpath(folder, filename): + return os.path.join(folder, filename) def printkey(i, offset, smc_key, smc_data): @@ -89,6 +82,18 @@ def printkey(i, offset, smc_key, smc_data): + ' ' + bytetohex(smc_data)) +def set_bit(value, bit): + return value | (1 << bit) + + +def clear_bit(value, bit): + return value & ~(1 << bit) + + +def test_bit(value, bit): + return value & bit + + E_CLASS64 = 2 E_SHT_RELA = 4 @@ -116,7 +121,7 @@ def patchelf(f, oldoffset, newoffset): for i in range(0, e_shnum): f.seek(e_shoff + i * e_shentsize) e_sh = struct.unpack('=LLQQQQLLQQ', f.read(e_shentsize)) - e_sh_name = e_sh[0] + # e_sh_name = e_sh[0] e_sh_type = e_sh[1] e_sh_offset = e_sh[4] e_sh_size = e_sh[5] @@ -140,7 +145,7 @@ def patchelf(f, oldoffset, newoffset): def patchkeys(f, key): # Setup struct pack string key_pack = '=4sB4sB6xQ' - smc_old_memptr = 0 + # smc_old_memptr = 0 smc_new_memptr = 0 # Do Until OSK1 read @@ -166,7 +171,7 @@ def patchkeys(f, key): # Write new data routine pointer from +LKS print('OSK0 Key Before:') printkey(i, offset, smc_key, smc_data) - smc_old_memptr = smc_key[4] + # smc_old_memptr = smc_key[4] f.seek(offset) f.write(struct.pack(key_pack, smc_key[0], smc_key[1], smc_key[2], smc_key[3], smc_new_memptr)) f.flush() @@ -296,33 +301,32 @@ def patchbase(name): f = open(name, 'r+b') # Entry to search for in GOS table + # Should work for 12 & 14 of Workstation... darwin = ( '\x10\x00\x00\x00\x10\x00\x00\x00' '\x02\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00' - '\xBE' ) # Read file into string variable base = f.read() - # Loop thorugh each entry and set top bit - # 0xBE --> 0xBF + # Loop through each entry and set top bit + # 0xBE --> 0xBF (WKS 12) + # 0x3E --> 0x3F (WKS 14) offset = 0 while offset < len(base): offset = base.find(darwin, offset) if offset == -1: break f.seek(offset + 32) - flag = f.read(1) - if flag == '\xBE': - f.seek(offset + 32) - f.write('\xBF') - print('GOS Patched flag @: ' + hex(offset)) - else: - print('GOS Unknown flag @: ' + hex(offset) + '/' + hex(int(flag))) - + flag = ord(f.read(1)) + flag = set_bit(flag, 0) + flag = chr(flag) + f.seek(offset + 31) + f.write(flag) + print('GOS Patched flag @: ' + hex(offset)) offset += 33 # Tidy up diff --git a/win-install.cmd b/win-install.cmd index 86957bb..1c33630 100644 --- a/win-install.cmd +++ b/win-install.cmd @@ -2,7 +2,7 @@ setlocal ENABLEEXTENSIONS echo VMware Unlocker 2.0.9 echo ======================== -echo (c) Dave Parsons 2011-16 +echo (c) Dave Parsons 2011-17 net session >NUL 2>&1 if %errorlevel% neq 0 ( diff --git a/win-test-install.cmd b/win-test-install.cmd index 01d9017..209aa29 100644 --- a/win-test-install.cmd +++ b/win-test-install.cmd @@ -2,7 +2,7 @@ setlocal ENABLEEXTENSIONS echo VMware Unlocker 2.0.9 echo ======================== -echo (c) Dave Parsons 2011-16 +echo (c) Dave Parsons 2011-17 net session >NUL 2>&1 if %errorlevel% neq 0 ( diff --git a/win-uninstall.cmd b/win-uninstall.cmd index 6d81a02..5f5e4c6 100644 --- a/win-uninstall.cmd +++ b/win-uninstall.cmd @@ -2,7 +2,7 @@ setlocal ENABLEEXTENSIONS echo VMware Unlocker 2.0.9 echo ======================== -echo (c) Dave Parsons 2011-16 +echo (c) Dave Parsons 2011-17 net session >NUL 2>&1 if %errorlevel% neq 0 (