Last active
September 13, 2025 21:08
-
Star
(119)
You must be signed in to star a gist -
Fork
(18)
You must be signed in to fork a gist
-
-
Save talaviram/1f21e141a137744c89e81b58f73e23c3 to your computer and use it in GitHub Desktop.
Revisions
-
talaviram revised this gist
Jun 25, 2023 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,6 +8,10 @@ # - Modern Logic (on M1s) uses `AUHostingService` which resides within the system thus not patchable and REQUIRES to turn-off SIP. # - Some hosts uses separate plug-in scanning or sandboxing. # if that's the case, it's required to patch those (if needed) and attach debugger to them instead. # # If you see `operation not permitted`, make sure the calling process has Full Disk Access. # For example Terminal.app is showing and has Full Disk Access under System Preferences -> Privacy & Security # app_path=$1 if [ -z "$app_path" ]; -
Dec 28, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,7 @@ fi # This uses local codesign. so it'll be valid ONLY on the machine you've re-signed with. entitlements_plist=/tmp/debug_entitlements.plist echo "Grabbing entitlements from app..." codesign -d --entitlements - "$app_path" --xml >> $entitlements_plist || { exit 1; } echo "Patch entitlements (if missing)..." /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.disable-library-validation bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-unsigned-executable-memory bool true" $entitlements_plist -
Mar 13, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,7 +25,7 @@ echo "Patch entitlements (if missing)..." /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-unsigned-executable-memory bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" $entitlements_plist # allow custom dyld for sanitizers... /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-dyld-environment-variables bool true" $entitlements_plist echo "Re-applying entitlements (if missing)..." codesign --force --options runtime --sign - --entitlements $entitlements_plist "$app_path" || { echo "codesign failed!"; } echo "Removing temporary plist..." -
Mar 13, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,7 +25,7 @@ echo "Patch entitlements (if missing)..." /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-unsigned-executable-memory bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" $entitlements_plist # allow custom dyld for sanitizers... /usr/libexec/PlistBuddy -c "com.apple.security.cs.allow-dyld-environment-variables bool true" $entitlements_plist echo "Re-applying entitlements (if missing)..." codesign --force --options runtime --sign - --entitlements $entitlements_plist "$app_path" || { echo "codesign failed!"; } echo "Removing temporary plist..." -
Mar 10, 2022 . 1 changed file with 8 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,12 @@ # Simple Utility Script for allowing debug of hardened macOS apps. # This is useful mostly for plug-in developer that would like keep developing without turning SIP off. # Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg # Update 2022-03-10: Based on Fabian's feedback, add capability to inject DYLD for sanitizers. # # Please note: # - Modern Logic (on M1s) uses `AUHostingService` which resides within the system thus not patchable and REQUIRES to turn-off SIP. # - Some hosts uses separate plug-in scanning or sandboxing. # if that's the case, it's required to patch those (if needed) and attach debugger to them instead. app_path=$1 if [ -z "$app_path" ]; @@ -18,6 +24,8 @@ echo "Patch entitlements (if missing)..." /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.disable-library-validation bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-unsigned-executable-memory bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" $entitlements_plist # allow custom dyld for sanitizers... /usr/libexec/PlistBuddy -c "com.apple.security.cs.allow-dyld-environment-variables" $entitlements_plist echo "Re-applying entitlements (if missing)..." codesign --force --options runtime --sign - --entitlements $entitlements_plist "$app_path" || { echo "codesign failed!"; } echo "Removing temporary plist..." -
Mar 17, 2021 . 1 changed file with 1 addition and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,9 +10,7 @@ then exit 0 fi # This uses local codesign. so it'll be valid ONLY on the machine you've re-signed with. entitlements_plist=/tmp/debug_entitlements.plist echo "Grabbing entitlements from app..." codesign -d --entitlements :- "$app_path" >> $entitlements_plist || { exit 1; } -
Oct 21, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,7 +11,7 @@ then fi # make sure you use a proper Developer ID. # you'd might need to make this not ambigious if multiple ids exists. dev_id="Developer ID Application" entitlements_plist=/tmp/debug_entitlements.plist echo "Grabbing entitlements from app..." -
Oct 21, 2019 . No changes.There are no files selected for viewing
-
Oct 21, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,6 +21,6 @@ echo "Patch entitlements (if missing)..." /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-unsigned-executable-memory bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" $entitlements_plist echo "Re-applying entitlements (if missing)..." codesign --force --options runtime --sign - --entitlements $entitlements_plist "$app_path" || { echo "codesign failed!"; } echo "Removing temporary plist..." rm $entitlements_plist -
Oct 18, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,26 @@ #! /bin/bash # Simple Utility Script for allowing debug of hardened macOS apps. # This is useful mostly for plug-in developer that would like keep developing without turning SIP off. # Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg app_path=$1 if [ -z "$app_path" ]; then echo "You need to specify app to re-codesign!" exit 0 fi # make sure you use a proper Developer ID. # keep in-mind non paid Apple Developers seems to not work of course... dev_id="Developer ID Application" entitlements_plist=/tmp/debug_entitlements.plist echo "Grabbing entitlements from app..." codesign -d --entitlements :- "$app_path" >> $entitlements_plist || { exit 1; } echo "Patch entitlements (if missing)..." /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.disable-library-validation bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-unsigned-executable-memory bool true" $entitlements_plist /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" $entitlements_plist echo "Re-applying entitlements (if missing)..." codesign --force --sign "$dev_id" --options runtime --entitlements $entitlements_plist --timestamp "$app_path" || { echo "codesign failed!"; } echo "Removing temporary plist..." rm $entitlements_plist