Contribute
Register

Gatebreak: Signed Kexts for Everyone

Status
Not open for further replies.
Joined
Dec 3, 2010
Messages
460
Motherboard
Gigabyte GA-H55M-S2V
CPU
Intel i3-530
Graphics
HIS HD 6570
Mac
  1. iMac
Mobile Phone
  1. Android
Tired of the -67050 (errSecCSReqFailed) error, or just want to try your hand at signing kexts? Worried Apple might remove support for hackintoshes soon? Gatebreak aims to solve these problems simply. The edit it performs is very simple and could be duplicated by anyone: change the code requirements embedded in kextutil, kextd, and kextcache so they allow root certificates other than Apple's, then re-sign those binaries with a Trusted certificate. While anyone could perform the edits, I'm offering my version, as the discoverer, as protected and fully secure. The installer pkg below includes two signed sub-packages which can be redistributed (intact) by anyone: the Gatebreak utilities installer which backs up the old binaries before replacing them, and the Gatebreak certificate authority's root certificate; and a special version of FakeSMC (patches available) which allows NVRAM overrides of any configuration property, including the FakeSMC plugins.
awy2mOz.png


Security
The methods used to create the package were secure, and described in How to Make a Certificate Authority, but more generally the certificate chain was produced once on an air-gapped machine running the Snow Leopard Install CD. All USB drives were wiped and did not mount, then wiped again before files were moved out. The USB drives were never in the presence of the unencrypted private keys, the entire procedure was performed in memory inside of a ramdisk which was reclaimed before any drives were attached. The USB drives have been set aside for this purpose. Anyone interested in the Gatebreak certificate authority can visit http://www.gatebreak.org.

Technical Details
The critical part of modifying a binary is to ensure the replacement code is the same length as what it replaces, and we can use the code requirement language's synonyms to satisfy this. The original string is 178 bytes, which can be compressed directly to 151 bytes then reexpanded slightly back to 178 bytes after adding our additional anchor
Before:
Code:
anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[field.1.2.840.113635.100.6.1.18]
After:
Code:
((anchor apple generic and cert 1[field.1.2.840.113635.100.6.2.6]) or anchor trusted) and (cert leaf[field.1.2.840.113635.100.6.1.13] and cert 0[field.1.2.840.113635.100.6.1.18])

Installing
Because Gatekeeper itself has expanded in Mavericks, you will not only need to right-click Open the pkg, but also authenticate. There is also a friendlier solution which doesn't require a password. Next, ignore the "invalid certificate" warning. Note that it doesn't say "invalid signature" (because it's properly signed), but invalid certificate because the certificate isn't accepted by OS X (yet). After the Root is trusted, only the Gatekeeper check will remain.

Additional
As an aside to all this code signing, you might be interested in your running processes. This php shell script attempts to resolve all processes to their binaries and checks their signatures.

--edit
Gatebreak has been reissued with a new certificate authority and root certificate. Update existing systems by removing the previous root from the System keychain in Keychain Access, then installing. Please continue to report issues expeditiously.

--edit
Gatebreak for Yosemite is now available
 

Attachments

  • gatebreak.zip
    535.4 KB · Views: 934
  • gatebreak-yosemite.zip
    553.6 KB · Views: 767
I've been trying to install Gatebreak, and the installation fails every time with the following in the Console log:

10/30/13 7:21:25.845 AM com.apple.kextd[15]: ERROR: invalid signature for org.gatebreak.driver.FakeSMC, will not load
10/30/13 7:21:27.346 AM Installer[1438]: The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.

Any ideas? My goal is to try to get USB 3.0 working again (GenericUSBXHCI.kext has stopped loading, apparently). I've tried adding

Code:
<key>net.osx86.kexts.GenericUSBXHCI</key>
<string>1.2.7</string>

to /S/L/E/AppleKextExcludeList.kext/Contents/Info.plist, but that doesn't seem to make any difference.

EDIT: I went back and removed and reinstalled GenericUSBXHCI.kext (1.2.7) using KextUtility this time instead of KextBeast, and this time it worked. In addition, the Gatebreak installation completed successfully. I don't understand why it worked this time and not before.
 
I hope you realize that editing AppleKextExcludeList's Info.plist invalidates the kext's signature, that's the whole point of the thread.
 
I hope you realize that editing AppleKextExcludeList's Info.plist invalidates the kext's signature, that's the whole point of the thread.

I guess I totally misunderstood the purpose of Gatebreak... I thought it was supposed to allow you to make changes inside signed kexts without invalidating the signature. So what does it do then? And what should I have done to solve my problem?
 
Warning to all Gatebreak users, an issue was discovered in the Gatebreak CA, which will require a rebuild, to be posted tomorrow. Users should take care that their version of FakeSMC doesn't expire in the meantime.
 
after editing a signed kext, it must be re-signed using a trusted certificate, see above.
 
any Console or Installer log entries? i need something to go on
 
Status
Not open for further replies.
Back
Top