From b036c40ab1922d9abf4f7d68e34f1eca3b4dc2ad Mon Sep 17 00:00:00 2001 From: David Parsons Date: Thu, 7 Dec 2017 15:31:16 +0000 Subject: [PATCH] Miscellaneous changes to tidy up code. --- darwin.md | 81 ++++++++++++++++++++++++++ dumpsmc.py | 1 - esxi/{esxiconfig.py => esxi-config.py} | 0 esxi/esxi-install.sh | 8 +-- test-unlocker.py | 38 ++++++------ unlocker.py | 15 ++--- 6 files changed, 108 insertions(+), 35 deletions(-) create mode 100644 darwin.md rename esxi/{esxiconfig.py => esxi-config.py} (100%) diff --git a/darwin.md b/darwin.md new file mode 100644 index 0000000..eea8ccd --- /dev/null +++ b/darwin.md @@ -0,0 +1,81 @@ +#Tech Preview SMC +##Darwin + + 0ee83c0: 5945 4b23 0432 3369 7580 0000 0000 0000 YEK#.23iu....... + 0eec7f0: 5945 4b23 0432 3369 7580 0000 0000 0000 YEK#.23iu....... + + 015f380: d401 0000 c745 a030 4b53 4f48 8d1d 9405 .....E.0KSOH.... + 015f410: 4848 83c0 4881 fb30 4b53 4f75 e348 89f9 HH..H..0KSOu.H.. + 015f440: 488d 4db0 4889 dfbe 304b 534f 4c89 e2e8 H.M.H...0KSOL... + + 0eec740: 304b 534f 202a 3868 6380 0000 0000 0000 0KSO *8hc....... + 0ef4200: 304b 534f 202a 3868 6390 0000 0000 0000 0KSO *8hc...... + + 015f4c0: c048 81fb 314b 534f 75e7 4889 f948 01c1 .H..1KSOu.H..H.. + 015f500: 004c 8d75 acbf 314b 534f e952 ffff ff31 .L.u..1KSO.R...1 + + 0eec780: 0000 0000 0000 0000 314b 534f 202a 3868 ........1KSO *8h + 0ef4240: 0000 0000 0000 0000 314b 534f 202a 3868 ........1KSO *8h + +##Linux + + 0f82800: 5945 4b23 0432 3369 7580 0000 0000 0000 YEK#.23iu....... + 0f8a2c0: 5945 4b23 0432 3369 7580 0000 0000 0000 YEK#.23iu....... + + 03bbde0: 3b48 8b00 8138 304b 534f 0f84 a002 0000 ;H...80KSO...... + 03bbe00: 8b32 4889 d048 83c2 4881 fe30 4b53 4f0f .2H..H..H..0KSO. + 03bc050: efc7 4424 1430 4b53 4f49 89d8 e8af 1ece ..D$.0KSOI...... + + 0f8a210: 304b 534f 202a 3868 6390 0000 0000 0000 0KSO *8hc....... + 0f8e640: 304b 534f 202a 3868 6380 0000 0000 0000 0KSO *8hc....... + + 03bc070: ba01 0000 0048 89ef c744 2414 314b 534f .....H...D$.1KSO + 03bc0c0: 0f84 56fd ffff 488b 0081 3831 4b53 4f74 ..V...H...81KSOt + 03bc0e0: 8b1a 4889 d048 83c2 4881 fb31 4b53 4f74 ..H..H..H..1KSOt + + 0f8a250: 0000 0000 0000 0000 314b 534f 202a 3868 ........1KSO *8h + 0f8e680: 0000 0000 0000 0000 314b 534f 202a 3868 ........1KSO *8h + + +###Exports + + appleSMCKeyTableV0 - 158A2A0 + appleSMCKeyTableV1 - 15827E0 + +###Header + + 0x00 08 ptr Offset of #KEY + 0x08 04 int Count of all keys + 0x0C 04 int Count of keys - OSK0/1 + +###Key + + 0x00 04 int Key name (byte reversed e.g. #KEY is #YEK) + 0x04 01 byte Length of returned data + 0x05 04 int Data type of returned data (byte reversed e.g. ui32 is 23iu) + 0x09 01 byte Flag R/W + 0x0a 06 byte Padding + 0x10 08 ptr Internal VMware routine + 0x18 48 byte Data + +##Windows + + 0c9a910: 5945 4b23 0432 3369 7580 0000 0000 0000 YEK#.23iu....... + 0ca23d0: 5945 4b23 0432 3369 7580 0000 0000 0000 YEK#.23iu....... + + 04c1630: 304b 534f 4889 4424 20e8 e232 b7ff 4183 0KSOH.D$ ..2..A. + 04c16a0: 8138 304b 534f 745b ffc1 4883 c048 3bca .80KSOt[..H..H;. + + 0ca2320: 304b 534f 202a 3868 6390 0000 0000 0000 0KSO *8hc....... + 0ca6750: 304b 534f 202a 3868 6380 0000 0000 0000 0KSO *8hc....... + + 04c1650: 4102 488b cfc7 4424 3431 4b53 4f48 8944 A.H...D$41KSOH.D + 04c17a0: ffff ff48 8b00 8138 314b 534f 740f ffc3 ...H...81KSOt... + + 0ca2360: 0000 0000 0000 0000 314b 534f 202a 3868 ........1KSO *8h + 0ca6790: 0000 0000 0000 0000 314b 534f 202a 3868 ........1KSO *8h + +OSK0/1 keys return 32 bytes: + + ourhardworkbythesewordsguardedpl + easedontsteal(c)AppleComputerInc \ No newline at end of file diff --git a/dumpsmc.py b/dumpsmc.py index eadcc04..cce5ca2 100755 --- a/dumpsmc.py +++ b/dumpsmc.py @@ -40,7 +40,6 @@ Offset Length Struct Type Description 0x10/16 0x08/08 Q ptr Internal VMware routine 0x18/24 0x30/48 48B byte Data """ -""" from __future__ import print_function import struct diff --git a/esxi/esxiconfig.py b/esxi/esxi-config.py similarity index 100% rename from esxi/esxiconfig.py rename to esxi/esxi-config.py diff --git a/esxi/esxi-install.sh b/esxi/esxi-install.sh index 6e53796..ac79756 100755 --- a/esxi/esxi-install.sh +++ b/esxi/esxi-install.sh @@ -17,13 +17,9 @@ elif [ "$VER" == "6.5.0" ]; then echo Installing local.sh chmod +x local.sh cp local.sh /etc/rc.local.d/local.sh - python esxiconfig.py on + python esxi-config.py on backup.sh 0 echo "Success - please now restart the server!" else - echo "Unknown ESXi version" + echo "Unknown ESXi version" fi - - - - diff --git a/test-unlocker.py b/test-unlocker.py index 671202e..d6d910b 100644 --- a/test-unlocker.py +++ b/test-unlocker.py @@ -1,56 +1,56 @@ from __future__ import print_function import shutil -import dumpsmc import unlocker def main(): # Test Windows patching + print('Windows Workstation 12') shutil.copyfile('./samples/windows/wks12/vmware-vmx.exe', './tests/windows/wks12/vmware-vmx.exe') unlocker.patchsmc('./tests/windows/wks12/vmware-vmx.exe', False) - dumpsmc.dumpsmc('./tests/windows/wks12/vmware-vmx.exe') - unlocker.patchbase('./tests/windows/wks12/vmware-vmx.exe') - shutil.copyfile('./samples/windows/wks14/vmware-vmx.exe', './tests/windows/wks12/vmware-vmx.exe') - dumpsmc.dumpsmc('./tests/windows/wks14/vmware-vmx.exe') - unlocker.patchsmc('./tests/windows/wks14/vmware-vmx.exe', False) - unlocker.patchbase('./tests/windows/wks14/vmware-vmx.exe') shutil.copyfile('./samples/windows/wks12/vmwarebase.dll', './tests/windows/wks12/vmwarebase.dll') unlocker.patchbase('./tests/windows/wks12/vmwarebase.dll') + + print('Windows Workstation 14') + shutil.copyfile('./samples/windows/wks14/vmware-vmx.exe', './tests/windows/wks14/vmware-vmx.exe') + unlocker.patchsmc('./tests/windows/wks14/vmware-vmx.exe', False) shutil.copyfile('./samples/windows/wks14/vmwarebase.dll', './tests/windows/wks14/vmwarebase.dll') unlocker.patchbase('./tests/windows/wks14/vmwarebase.dll') # Test Linux patching + print('Linux Workstation 12') shutil.copyfile('./samples/linux/wks12/vmware-vmx', './tests/linux/wks12/vmware-vmx') - dumpsmc.dumpsmc('./tests/linux/wks12/vmware-vmx') unlocker.patchsmc('./tests/linux/wks12/vmware-vmx', True) - unlocker.patchbase('./tests/linux/wks12/vmware-vmx') - shutil.copyfile('./samples/linux/wks14/vmware-vmx', './tests/linux/wks14/vmware-vmx') - dumpsmc.dumpsmc('./tests/linux/wks14/vmware-vmx') - unlocker.patchsmc('./tests/linux/wks14/vmware-vmx', True) - unlocker.patchbase('./tests/linux/wks14/vmware-vmx') shutil.copyfile('./samples/linux/wks12/libvmwarebase.so', './tests/linux/wks12/libvmwarebase.so') unlocker.patchbase('./tests/linux/wks12/libvmwarebase.so') + + print('Linux Workstation 14') + shutil.copyfile('./samples/linux/wks14/vmware-vmx', './tests/linux/wks14/vmware-vmx') + unlocker.patchsmc('./tests/linux/wks14/vmware-vmx', True) + unlocker.patchbase('./tests/linux/wks14/vmware-vmx') shutil.copyfile('./samples/linux/wks14/libvmwarebase.so', './tests/linux/wks14/libvmwarebase.so') unlocker.patchbase('./tests/linux/wks14/libvmwarebase.so') # Test macOS patching + print('macOS Fusion 8') shutil.copyfile('./samples/macos/fus8/vmware-vmx', './tests/macos/fus8/vmware-vmx') unlocker.patchsmc('./tests/macos/fus8/vmware-vmx', False) + + print('macOS Fusion 10') shutil.copyfile('./samples/macos/fus10/vmware-vmx', './tests/macos/fus10/vmware-vmx') unlocker.patchsmc('./tests/macos/fus10/vmware-vmx', False) # Test ESXi patching + print('ESXi 6.0') shutil.copyfile('./samples/esxi/esxi600/vmx', './tests/esxi/esxi600/vmx') - dumpsmc.dumpsmc('./tests/esxi/esxi600/vmx') unlocker.patchsmc('./tests/esxi/esxi600/vmx', True) - unlocker.patchbase('./tests/esxi/esxi600/vmx') - shutil.copyfile('./samples/esxi/esxi650/vmx', './tests/esxi/esxi650/vmx') - dumpsmc.dumpsmc('./tests/esxi/esxi650/vmx') - unlocker.patchsmc('./tests/esxi/esxi650/vmx', True) - unlocker.patchbase('./tests/esxi/esxi650/vmx') shutil.copyfile('./samples/esxi/esxi600/libvmkctl.so', './tests/esxi/esxi600/libvmkctl.so') unlocker.patchvmkctl('./tests/esxi/esxi600/libvmkctl.so') + + print('ESXi 6.5') + shutil.copyfile('./samples/esxi/esxi650/vmx', './tests/esxi/esxi650/vmx') + unlocker.patchsmc('./tests/esxi/esxi650/vmx', True) shutil.copyfile('./samples/esxi/esxi650/lib/libvmkctl.so', './tests/esxi/esxi650/lib/libvmkctl.so') unlocker.patchvmkctl('./tests/esxi/esxi650/lib/libvmkctl.so') shutil.copyfile('./samples/esxi/esxi650/lib64/libvmkctl.so', './tests/esxi/esxi650/lib64/libvmkctl.so') diff --git a/unlocker.py b/unlocker.py index e89fb9b..94d29e0 100755 --- a/unlocker.py +++ b/unlocker.py @@ -44,9 +44,10 @@ Offset Length Struct Type Description from __future__ import print_function import codecs import os -import sys +import six import struct import subprocess +import sys if sys.version_info < (2, 7): sys.stderr.write('You need Python 2.7 or later\n') @@ -302,12 +303,8 @@ def patchbase(name): # Entry to search for in GOS table # Should work for 12 & 14 of Workstation... - darwin = ( - '\x10\x00\x00\x00\x10\x00\x00\x00' - '\x02\x00\x00\x00\x00\x00\x00\x00' - '\x00\x00\x00\x00\x00\x00\x00\x00' - '\x00\x00\x00\x00\x00\x00\x00\x00' - ) + darwin = b'\x10\x00\x00\x00\x10\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00' \ + '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # Read file into string variable base = f.read() @@ -416,9 +413,9 @@ def main(): if vmwarebase != '': patchbase(vmwarebase) else: - print('Patching vmwarebase is not required on this system') + pass - # Now using sed in the local.sh script + # Patch libvmkctl to return Apple SMC present if osname == 'vmkernel': # Patch ESXi 6.0 and 6.5 32 bit .so patchvmkctl(libvmkctl32)