I'v used command
sudo kextutil -v /Library/Extensions/mykext
but got error:
Error Domain=KMErrorDomain Code=71 "Kernel request failed: (libkern/kext) not loadable (reason unspecified) (-603946989)" UserInfo={NSLocalizedDescription=Kernel request failed: (libkern/kext) not loadable (reason unspecified) (-603946989)}
and SIP is disabled
mac@bogon ~ % csrutil status
System Integrity Protection status: disabled.
maybe, reset nvram is effective. is there anyone have known how to resolve it by other way?
Post
Replies
Boosts
Views
Activity
I have a requirement where I need to monitor writes/reads from arbitrary USB devices. Can I do it with USBDriverKit?
I created a driver using DriverKit on Intel macOS 12.6.1 and Xcode 13.3. I enabled auto-manage signing, and set the signing certificate to 'Sign to Run Locally'. Then, I created a provision profile for the driver and selected my M1 test device. After installing the profile, I ran the app on the M1 device and successfully activated the driver.
However, when I tried to compile the project on M1 macOS 13.3 with Xcode 14.3.1, I encountered an error. It appears that DriverKit does not support the 'Sign to Run Locally' option on M1 devices. To resolve this issue, I switched to using the 'Apple Development' signing certificate. Unfortunately, even after making this change, I still received an error message regarding 'Sign to Run Locally' from the Xcode console.
Both devices are logged in with the same developer account. Could you please advise me on how to resolve this problem?
iig:
#include <Availability.h>
#include <DriverKit/IOService.iig>
#include <DriverKit/IOUserClient.iig>
//class OSAction;
class epusbfilter: public IOService
{
public:
virtual bool init() override;
virtual kern_return_t Start(IOService * provider) override;
virtual kern_return_t Stop(IOService * provider) override;
virtual void free() override;
virtual kern_return_t GetRegistryEntryID(uint64_t * registryEntryID) override;
};
cpp:
#include <os/log.h>
#include <DriverKit/IOUserServer.h>
#include <DriverKit/IOLib.h>
#include <USBDriverKit/IOUSBHostInterface.h>
#include <USBDriverKit/IOUSBHostPipe.h>
#include "epusbfilter.h"
#define Log(fmt, ...) os_log(OS_LOG_DEFAULT, "epusbfilter - no super," fmt "\n", ##__VA_ARGS__)
struct epusbfilter_IVars
{
IOUSBHostInterface *interface;
IOUSBHostPipe *inPipe;
OSAction *ioCompleteCallback;
IOBufferMemoryDescriptor *inData;
uint16_t maxPacketSize;
};
bool epusbfilter::init() {
bool result = false;
Log("init");
result = super::init();
return result;
}
void epusbfilter::free() {
super::free();
Log("free");
}
kern_return_t
IMPL(epusbfilter, Start)
{
kern_return_t ret;
Log("Start");
ret = Start(provider, SUPERDISPATCH);
return ret;
}
kern_return_t
IMPL(epusbfilter, Stop)
{
kern_return_t ret = kIOReturnSuccess;
Log("Stop");
ret = Stop(provider, SUPERDISPATCH);
return ret;
}
kern_return_t
IMPL(epusbfilter, GetRegistryEntryID) {
Log("GetRegistryEntryID");
return GetRegistryEntryID(registryEntryID, SUPERDISPATCH);
}
info.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>IOKitPersonalities</key>
<dict>
<key>epusbfilter</key>
<dict>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleIdentifierKernel</key>
<string>com.apple.kpi.iokit</string>
<key>IOProviderClass</key>
<string>IOUSBHostInterface</string>
<key>IOClass</key>
<string>IOUserUserClient</string>
<!-- <key>IOResourceMatch</key>-->
<!-- <string>IOKit</string>-->
<key>IOUserClass</key>
<string>epusbfilter</string>
<key>IOUserServerName</key>
<string>com.injection.epusbfilter.dext</string>
<key>bConfigurationValue</key>
<integer>1</integer>-->
<key>bInterfaceNumber</key>
<integer>0</integer>
<key>idVendor</key>
<string>*</string>
<key>idProduct</key>
<string>*</string>
<key>UserClientProperties</key>
<dict>
<key>IOClass</key>
<string>IOUserUserClient</string>
<key>IOUserClass</key>
<string>epusbfilter</string>
</dict>
</dict>
</dict>
</dict>
</plist>
entitlemens:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.driverkit</key>
<true/>
<key>com.apple.developer.driverkit.transport.usb</key>
<array>
<dict>
<key>idVendor</key>
<string>*</string>
<key>idProduct</key>
<string>*</string>
</dict>
</array>
</dict>
</plist>
I created a driver using DriverKit on Intel macOS 12.6.1 and Xcode 13.3. I enabled auto-manage signing, and set the signing certificate to 'Sign to Run Locally'. Then, I created a provision profile for the driver and selected my M1 test device. After installing the profile, I ran the app on the M1 device and successfully activated the driver.
When I plugin the USB device, I can see the following log:
DK: epusbfilter-0x100009dce::start(IOUSBHostInterface-0x10000946d) ok
epusbfilter - init
com.injection.epusbfilter.dext[57573] Corpse failure, too many 6
I also found a crash log
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: com.injection.epusbfilter.dext [53185]
Path: /Library/SystemExtensions/*/com.injection.epusbfilter.dext
Identifier: com.injection.epusbfilter.dext
Version: 1.0 (1)
Code Type: ARM-64 (Native)
Parent Process: launchd [1]
User ID: 270
Date/Time: 2023-09-19 15:01:01.8502 +0800
OS Version: macOS 13.2 (22D49)
Report Version: 12
Anonymous UUID: 5EB7EBD9-A435-FC45-73E6-C2C5844A8082
Time Awake Since Boot: 79000 seconds
System Integrity Protection: disabled
Crashed Thread: 1 Dispatch queue: Root
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Application Specific Information:
abort() called
Thread 0:
0 libsystem_kernel.dylib 0x1d5043b78 __semwait_signal_nocancel + 8
1 libsystem_c.dylib 0x1d4fcfec8 nanosleep$NOCANCEL + 212
2 libsystem_c.dylib 0x1d4fee204 sleep$NOCANCEL + 48
3 libdispatch.dylib 0x1d4f807b4 _dispatch_queue_cleanup2 + 200
4 libsystem_pthread.dylib 0x1d50fbc50 _pthread_tsd_cleanup + 132
5 libsystem_pthread.dylib 0x1d50f3220 _pthread_exit + 88
6 libsystem_pthread.dylib 0x1d50f4180 pthread_exit + 88
7 libdispatch.dylib 0x1d4f7bbcc dispatch_main + 128
8 DriverKit 0x1d4d33178 DriverExecutableMain + 84
9 dyld 0x104e95e50 start + 2544
Thread 1 Crashed:: Dispatch queue: Root
0 libsystem_kernel.dylib 0x1d5043720 __pthread_kill + 8
1 libsystem_pthread.dylib 0x1d50f40ec pthread_kill + 268
2 libsystem_c.dylib 0x1d5033cac abort + 180
3 DriverKit 0x1d4d5f890 panic + 256
4 DriverKit 0x1d4d5fa60 __assert_rtn + 88
5 DriverKit 0x1d4d60010 OSMetaClassBase::Invoke(IORPC) (.cold.1) + 44
6 DriverKit 0x1d4d32064 OSMetaClassBase::Invoke(IORPC) + 1396
7 DriverKit 0x1d4d32c5c Server(void*, mach_msg_header_t*, mach_msg_header_t*) + 520
8 DriverKit 0x1d4d3b420 uiomessage(void*) + 180
9 DriverKit 0x1d4d34694 uiomachchannel(void*, dispatch_mach_reason_t, dispatch_mach_msg_s*, int) + 380
10 libdispatch.dylib 0x1d4f8868c _dispatch_mach_msg_invoke + 472
11 libdispatch.dylib 0x1d4f74484 _dispatch_lane_serial_drain + 380
12 libdispatch.dylib 0x1d4f89620 _dispatch_mach_invoke + 852
13 libdispatch.dylib 0x1d4f74484 _dispatch_lane_serial_drain + 380
14 libdispatch.dylib 0x1d4f75130 _dispatch_lane_invoke + 436
15 libdispatch.dylib 0x1d4f7640c _dispatch_workloop_invoke + 1784
16 libdispatch.dylib 0x1d4f7ff5c _dispatch_workloop_worker_thread + 652
17 libsystem_pthread.dylib 0x1d50f5024 _pthread_wqthread + 404
18 libsystem_pthread.dylib 0x1d50fc678 start_wqthread + 8
Thread 2:
0 libsystem_pthread.dylib 0x1d50fc670 start_wqthread + 0
Thread 3:
0 libsystem_kernel.dylib 0x1d504401c __sigsuspend_nocancel + 8
1 libdispatch.dylib 0x1d4f808b4 _dispatch_sigsuspend + 48
2 libdispatch.dylib 0x1d4f80884 _dispatch_sig_thread + 56
Thread 1 crashed with ARM Thread State (64-bit):
x0: 0x0000000000000000 x1: 0x0000000000000000 x2: 0x0000000000000000 x3: 0x0000000000000000
x4: 0xffffa0016a011948 x5: 0x0000000000000010 x6: 0x00006000010481b0 x7: 0x0000000000000000
x8: 0x725b4b6e56620c88 x9: 0x725b4b6f3d67bc88 x10: 0x00000000000001b0 x11: 0x0000600001048000
x12: 0x0000000000000090 x13: 0x00000000ffffff92 x14: 0x00000000000007fb x15: 0x0000000080636ffb
x16: 0x0000000000000148 x17: 0x00000001d7176c60 x18: 0x0000000000000000 x19: 0x0000000000000006
x20: 0x0000000000004003 x21: 0x000000016b05b0e0 x22: 0x0000000000000000 x23: 0x00006000010480e8
x24: 0x0000600001048058 x25: 0xd200fde7d57ecca6 x26: 0x0000000000000085 x27: 0x000060000374c328
x28: 0x0000600001d4c000 fp: 0x000000016b059a90 lr: 0x00000001d50f40ec
sp: 0x000000016b059a70 pc: 0x00000001d5043720 cpsr: 0x40001000
far: 0x0000600002c48000 esr: 0x56000080 Address size fault
Binary Images:
0x1d503a000 - 0x1d5075fe3 libsystem_kernel.dylib (*) <60df52bd-fc1a-3888-b05b-24b44be3af15> /System/DriverKit/usr/lib/system/libsystem_kernel.dylib
0x1d4fc6000 - 0x1d5039fff libsystem_c.dylib (*) <eee04d9a-7574-3a74-8f4e-cfb05f89f7da> /System/DriverKit/usr/lib/system/libsystem_c.dylib
0x1d4f62000 - 0x1d4fadfff libdispatch.dylib (*) <4e310a5c-9629-305e-a1dd-6632bddd3362> /System/DriverKit/usr/lib/system/libdispatch.dylib
0x1d50ee000 - 0x1d50fdff3 libsystem_pthread.dylib (*) <c1ed564d-b480-3058-937e-b40c3d3df09d> /System/DriverKit/usr/lib/system/libsystem_pthread.dylib
0x1d4d27000 - 0x1d4d6b00d DriverKit (*) <839dc0a2-1e69-38e8-8bf5-ff0ecc531539> /System/DriverKit/System/Library/Frameworks/DriverKit.framework/DriverKit
0x104e90000 - 0x104f1bfff dyld (*) <fe8a9d9e-f65d-34ca-942c-175b99c0601b> /usr/lib/dyld
Could anyone please help me with resolving this problem?
Is there a way to synchronously retrieve configuration information from the app or read configuration information from a file within the Start method of DriverKit?
I have attempted to use OSMappedFile to read a file, but my driver crashes or I receive the error message "Sandbox: com.injection.epusbfilter.dext(20610) deny(1) file-read-data /private/tmp/driverkit_config.txt" in the console, even though I have set com.apple.security.app-sandbox to false.
OSMappedFile *mappedFile;
do {
const char *path = "/private/tmp/cfg";
// 创建 OSMappedFile 实例
kern_return_t result = OSMappedFile::createFromPath(path, 0, 0, &mappedFile);
if (result != KERN_SUCCESS) {
Log("Failed to create and map the file.");
ret = -1;
break;
}
*size = mappedFile->size();
// 获取映射到内存中的数据
char *charData = reinterpret_cast<char *>(const_cast<void *>(mappedFile->data()));
Log("get cfg:%s", charData);
if (strlen(charData) > 0) {
if (charData[0] == '1') {
ret = 1;
break;
}
}
else {
ret = -2;
break;
}
} while(false);
mappedFile->free();
I want to use DriverKit to develop a USBDriver, which serves as a bridge between USB devices and the system. All messages between USB devices and the system will be forwarded through the USBDriver.
Can anyone give me some tips or suggestions? What API should I use? I couldn't find anything like this in the documentation or sample code.
class MyUSBDriver: public IOUserClient
{
public:
virtual bool init() override;
virtual kern_return_t Start(IOService * provider) override;
virtual kern_return_t Stop(IOService * provider) override;
virtual void free() override;
virtual kern_return_t GetRegistryEntryID(uint64_t * registryEntryID) override;
virtual kern_return_t NewUserClient(uint32_t type, IOUserClient** userClient) override;
virtual kern_return_t ExternalMethod(uint64_t selector,
IOUserClientMethodArguments* arguments,
const IOUserClientMethodDispatch* dispatch,
OSObject* target,
void* reference) override;
};
I am now able to retrieve the device descriptor in the Start method
IOUSBHostDevice *device = OSDynamicCast(IOUSBHostDevice, provider);
if (device) {
const IOUSBDeviceDescriptor *deviceDescriptor = device->CopyDeviceDescriptor();
if (deviceDescriptor) {
uint16_t idVendor = deviceDescriptor->idVendor;
uint16_t idProduct = deviceDescriptor->idProduct;
uint8_t iSerialNumber = deviceDescriptor->iSerialNumber;
IOUSBHostFreeDescriptor(deviceDescriptor);
}
}
I have created a USB filter using Mac DriverKit, but the filter is unable to retrieve configuration information during startup.
After the USB filter has started and registered the service, my app can send the configuration information to the filter. Therefore, I would like to know if there is a way to exit the USB filter and allow the system to take control of the USB device once the filter has exited.
I have tried calling Terminate(0), but it did not work as even after the USB filter exited, the Finder still couldn't display the USB device.
My app uses CGEventTapCreateForPid to monitor keyboard events of a corresponding process. My app has already enabled the Accessibility permission, and AXIsProcessTrustedWithOptions returns true. However, CGEventTapCreateForPid returns null. What could be the problem? Does anyone know? I tested and found that if CGEventTapCreateForPid returns null, I can reset the Accessibility permission using tccutil reset Accessibility myapp_bundleid without restarting my app. But my app can still get the permission through AXIsProcessTrustedWithOptions