frankiee Posted June 15, 2013 Share Posted June 15, 2013 OK, so it seems that many of you already had success installing Mavericks on a hack, and the list of supported machines also indicates that everything that can run ML can also run Mavericks, but ... will that still be true for the future, especially for a hackintosh? I am on the verge of jumping into the cold water and want to build myself one, bc Apple does not seem to be able to offer me the hardware I need. But of course, I also want my "hack" to be future proof, and one of the worst things I can imagine is to be locked out of future OS updates. One point that worries me is that Apple seems to use more and more proprietary hardware (especially for the new "Mac Pro"), but it was this article that almost scares me and makes me feel a bit uneasy about the future of hacks in general: http://pikeralpha.wordpress.com/2013/06/13/kext-requirements-for-os-x-10-9-mavericks/ In short, the poster claims that: "The /System directory will be locked in the near future and kext in /Library/Extensions must be signed. But more importantly. Kext editing (plists and bin files) will simply be impossible" So, what's your take on this? Do you think this could become a real problem, or nothing to worry about? Link to comment Share on other sites More sharing options...
nyolc8 Posted June 15, 2013 Share Posted June 15, 2013 I read the same page today, and I don't understand how the /System/Library/Extensions will be locked down... I think this lock could be hacked/patched. Btw this codesign security blocking could be in the final 10.9 (apple started to ask developers to register not only for apps, but anything) They want to lock the whole thing... Well we will see... Link to comment Share on other sites More sharing options...
necrophagous Posted June 15, 2013 Share Posted June 15, 2013 you might have to ask somebody like rampagedev or piker or other developers out there i'm sure they could give you an answer ( or answers) Link to comment Share on other sites More sharing options...
frankiee Posted June 15, 2013 Author Share Posted June 15, 2013 I read the same page today, and I don't understand how the /System/Library/Extensions will be locked down... I think this lock could be hacked/patched. I also don't know, (so thats why I am asking) but I assume if Apple really wants, they will find a way. The question is: are they actually concerned about locking out hacks, or are these measures that won't affect us? And, even if that could be bypassed, that also would mean even more patching, maybe using a custom kernel. But on the other hand, this might reduce compability and of course introduce more difficulties in general. Btw this codesign security blocking could be in the final 10.9 Thats one thing I am afraid of ... so this could be a really important issue for everybody imho. Link to comment Share on other sites More sharing options...
Dr. Hurt Posted June 15, 2013 Share Posted June 15, 2013 If Apple implements signature versification via the kernel, I think it'll be very difficult to bypass especially if the kernel itself becomes secured too somehow. Apple has generally been tolerant of the hackintosh community and I don't think they're trying to kill it, but rather limit it a bit by making it more difficult. If Apple does indeed lockup everything in 10.9, it'll mean we'll have a much narrower range of supported hardware. We can still fake dev ids via DSDT to use some stock kexts but we will no longer be able to patch binaries. We'll have to depend more on 3rd party kexts which, unfortunately, won't cover our needs. We can only wait and see. And I'm sure some brilliant hackers around here will find workarounds, eventually. 1 Link to comment Share on other sites More sharing options...
eject Posted June 15, 2013 Share Posted June 15, 2013 wouldn't this mean that 3rd party kexts wouldn't be allowed. This would however limit 3rd party hardware and can't be really in apples interest. If 3rd party hardware kexts are still allowed couldn't we just patch apple kexts an reintroduce them as 3rd party kexts? I don't have much of an insight in such things though. Link to comment Share on other sites More sharing options...
ZikPhil Posted June 15, 2013 Share Posted June 15, 2013 rampagedev already commented on the article itself, i think we are safe. 1 Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted June 15, 2013 Share Posted June 15, 2013 Having kexts signed itself should not be a problem as long as we can sign our own kexts. All it takes is an Apple Developer ID / certificate. Also. Be careful with statement like: "I think we are safe" because that is based on thin air. 4 Link to comment Share on other sites More sharing options...
theconnactic Posted June 16, 2013 Share Posted June 16, 2013 On the other hand, like meklort said: we have physical access to our machines, that's little we cannot do. All the best! Link to comment Share on other sites More sharing options...
Zenith432 Posted June 16, 2013 Share Posted June 16, 2013 There's a new kext AppleKextExcludeList with an Info.plist that looks a list for kexts allowed to load without a signature. It's got an infinite list of kexts that looks like some huge database of all kexts ever made for the Mac. Some stuff in there <key>OSKextSigExceptionList</key> <key>VoodooSDHC</key> <string>1.1d1</string> <key>com.AnV.Software.driver.PCGenRTL8139Ethernet</key> <string>1.4.1</string> <key>com.AnV_Software.driver.AnyAppleUSBKeyboard</key> <string>8.8.8</string> <key>com.AnV_Software.driver.AnyAppleUSBMouse</key> <string>8.8.8</string> <key>com.AnV_Software.driver.AnyCardReader</key> <string>8.8.8</string> <key>com.AnV_Software.driver.AnyiSightCam</key> <string>8.8.8</string> <key>com.AnV_Software.driver.BroadcomAppleBluetooth</key> <string>1111.0</string> <key>com.AnV_Software.driver.CustomPeripheral</key> <string>8.8.8</string> <key>com.AnV_Software.driver.DeviceMergeNub</key> <string>1111.0</string> <key>com.AnV_Software.driver.DeviceMergeNubAPM</key> <string>1.0</string> <key>com.Micky1979.plist.WifiInjector</key> <string>1.0</string> <key>com.Niresh12495.ExtraExtensions</key> <string>1.0</string> <key>com.Niresh12495.Hackintosh.AHCIPortInjector</key> <string>1.0</string> <key>com.Niresh12495.Hackintosh.ATAPortInjector</key> <string>1.0</string> <key>com.Niresh12495.Hackintosh.IOAHCIBlockStorageInjector</key> <string>1.1.1</string> <key>com.tonymacx86.AHCI_3rdParty_SATA</key> <string>1111.0</string> <key>com.tonymacx86.AHCI_3rdParty_eSATA</key> <string>0.3</string> <key>com.tonymacx86.ALC8xxHDA</key> <string>1111.0</string> <key>com.tonymacx86.ATI48xxController</key> <string>9.0.2</string> <key>com.tonymacx86.JMicron36xSATA</key> <string>0.8</string> <key>com.tonymacx86.JMicron36xeSATA</key> <string>0.8</string> <key>com.tonymacx86.Legacy889HDA</key> <string>0.3</string> <key>com.tonymacx86.ati6570pm</key> <string>3.0</string> <key>mohamed.ACPIPS2Nub</key> <string>1.0d1</string> <key>my.name.adlan.BCM5722D</key> <string>1111.0</string> <key>name.perrier.thomas.ATIcceleratorDriver</key> <string>1.0</string> <key>net.osx86.driver.EnsoniqAudioPCI</key> <string>1.0.3</string> <key>net.osx86.driver.VMsvga2</key> <string>1.3d7</string> <key>net.osx86.driver.VMsvga2Accel</key> <string>1.3d7</string> <key>net.osx86.kexts.GenericUSBXHCI</key> <string>1.2d11</string> <key>org.chameleon.plist.AHCIPortInjector</key> <string>1111.0</string> <key>org.chameleon.plist.AHCI_Intel_SATA</key> <string>1.0</string> <key>org.chameleon.plist.ATAPortInjector</key> <string>1.0</string> <key>org.chameleon.plist.AppleIntelSNBGraphicsFB</key> <string>1.0</string> <key>org.chameleon.plist.IOAHCIBlockStorageInjector</key> <string>1111.0</string> <key>org.chameleon.plist.JMicronATAInjector</key> <string>1.0</string> <key>org.netkas.FakeSMC</key> <string>1111.0</string> <key>org.netkas.HPETDevice</key> <string>1.0</string> <key>org.netkas.driver.FakeSMC</key> <string>1111.0</string> <key>org.netkas.fakesmc</key> <string>1111.0</string> <key>org.netkas.hda</key> <string>900.0</string> <key>org.slice.ACPIMonitor</key> <string>1111.0</string> <key>org.slice.ACPISensors</key> <string>1111.0</string> <key>org.slice.HWInfo</key> <string>1.0</string> <key>org.slice.IntelCPUMonitor</key> <string>1.1</string> <key>org.slice.NSCPC8739x</key> <string>1111.0</string> <key>org.slice.PC8739x</key> <string>1111.0</string> <key>org.slice.RadeonMonitor</key> <string>2.0</string> <key>org.slice.sensor.X3100</key> <string>1.0</string> <key>org.tgwbd.driver.ACPIPS2Nub</key> <string>1.0d1</string> <key>org.tgwbd.driver.ElliottForceLegacyRTC</key> <string>1111.0</string> <key>org.tgwbd.driver.LegacyAppleAHCIPort</key> <string>1.5.1</string> <key>org.tgwbd.driver.LegacyAppleIntelPIIXATA</key> <string>1.0d1</string> <key>org.tgwbd.driver.LegacyIOAHCIBlockStorage</key> <string>1.1.1</string> <key>org.tgwbd.driver.LegacyJMicronATA</key> <string>1.0d1</string> <key>org.tgwbd.driver.NullCPUPowerManagement</key> <string>1111.0</string> <key>org.tgwbd.iokit.AppleYukon2</key> <string>3.1.12b14</string> <key>org.tgwbd.iokit.LegacyAppleYukon2.10.5.7</key> <string>9.0</string> <key>org.voodoo.VoodooSDHC</key> <string>1111.0</string> <key>org.voodoo.driver.PS2Controller</key> <string>1111.0</string> <key>org.voodoo.driver.PS2Keyboard</key> <string>1111.0</string> <key>org.voodoo.driver.PS2Mouse</key> <string>1111.0</string> <key>org.voodoo.driver.PS2Trackpad</key> <string>1111.0</string> <key>org.voodoo.driver.VoodooHDA</key> <string>1111.0</string> <key>org.voodoo.driver.VoodooPS2ElanTrackpad</key> <string>1.1.1</string> <key>org.voodoo.driver.VoodooTSCSync</key> <string>1111.0</string> Even FakeSMC is in there 9 Link to comment Share on other sites More sharing options...
nyolc8 Posted June 16, 2013 Share Posted June 16, 2013 I think Exclude means it will not load them... They basically blocking all those kexts with this thing. Link to comment Share on other sites More sharing options...
Zenith432 Posted June 16, 2013 Share Posted June 16, 2013 The list OSKextSigExceptionList is definitely the exception list, because I see some of the names when rebuilding kernelcache manually with kextcache. OTOH, the OSKextExcludeList list only contains a few vmware kexts are not part of the public released distribution of VMware Fusion. Link to comment Share on other sites More sharing options...
nyolc8 Posted June 16, 2013 Share Posted June 16, 2013 So they basically made DP1 hackintosh compatible with this list? Uhm... lol? And all I need to do is to rename any kext to the ones in the list and it will load? Nice security... Link to comment Share on other sites More sharing options...
xpamamadeus Posted June 16, 2013 Share Posted June 16, 2013 So they basically made DP1 hackintosh compatible with this list? Uhm... lol? And all I need to do is to rename any kext to the ones in the list and it will load? Nice security... No,they are forcing us to rename our kexts Link to comment Share on other sites More sharing options...
Zenith432 Posted June 16, 2013 Share Posted June 16, 2013 I tried editing AppleKextExcludeList.kext/Contents/Info.plist and it works (!). But then when I run 'kextcache -v -system-prelinked-kernel', it warns that AppleKextExcludeList in non-authentic. However, the kext on my modified Info.list is reported as allowed. And all I need to do is to rename any kext to the ones in the list and it will load? Nice security... Link to comment Share on other sites More sharing options...
theconnactic Posted June 16, 2013 Share Posted June 16, 2013 It's proven now: Apple does want OSX86 alive and well. Link to comment Share on other sites More sharing options...
3.14r2 Posted June 16, 2013 Share Posted June 16, 2013 There's a new kext AppleKextExcludeList with an Info.plist that looks a list for kexts allowed to load without a signature. It's got an infinite list of kexts that looks like some huge database of all kexts ever made for the Mac. Some stuff in there Even FakeSMC is in there it's good that it's not the April 1th, otherwise I'd consider this a joke (good one) 3 Link to comment Share on other sites More sharing options...
Onixs Posted June 17, 2013 Share Posted June 17, 2013 So basically we add our own patched kext which are not included in the list so it will load even without a valid signature. As for me, instead of editingAppleKextExcludeList, I added all the list to fakesmc so it wont get overwritten when update comes. Feel free where you want to put it. Nice find Zenith432 Link to comment Share on other sites More sharing options...
nyolc8 Posted June 17, 2013 Share Posted June 17, 2013 So basically we add our own patched kext which are not included in the list so it will load even without a valid signature. As for me, instead of editingAppleKextExcludeList, I added all the list to fakesmc so it wont get overwritten when update comes. Feel free where you want to put it. Nice find Zenith432 So you saying that the info plist can be in any kext, the OS will read that list from any kext? How did you test this? Btw if we edit the list in the original place, the AppleKextExcludeList will lose it's signature and that could cause problems too. Link to comment Share on other sites More sharing options...
frankiee Posted June 17, 2013 Author Share Posted June 17, 2013 Well, so Apple is managing a plist (within a kext) which is supposed to allow certain (3rd party) kexts to be loaded (without signing) and all of these "hack kexts" are in that list? Hmmmmm! Now that is interesting, but I am still not sure what that means. I really cannot imagine that Apple sort of inofficially supports Hacks by this way ... but why is all this stuff in there then? Because I think it would be more typical for Apple that this list is made for lockdown and exclusion of hacks, and not for (even unofficial) support. Also, in a follow up comment to the article I mentioned above, the original poster stated that: The thing is that Apple has more on their sleeves but that info isn’t even shared, but I have said too much already – since this info was meant to be confidentially – so I just let them be what they are… uninformed. I don't know if he is just making this up, but it sounds not completely uncredible - and quite mysterious - to me. Link to comment Share on other sites More sharing options...
nyolc8 Posted June 17, 2013 Share Posted June 17, 2013 I still don't get it... So they lock down the S/L/E/, and we can only use signed kexts in L/E/... So... I rename any kext to "org.netkas.hda" (I just picked one from the "allowed to load without signing" list) and it will load up? You just have to rename any kext and it will load up... I still don't get it why this feature will be then... Because then it's pointless. Because if this is a security feature, then the hacker or the man who want his "bad" kext to be installed, he just rename his malicious kext to an allowed one and he infected osx like before. Link to comment Share on other sites More sharing options...
Maniac10 Posted June 17, 2013 Share Posted June 17, 2013 Stop speculating, just wait till this is tested and explained properly. Pike said it was coming but it's not active yet so keep doing things like always and you'll be fine. Link to comment Share on other sites More sharing options...
frankiee Posted June 17, 2013 Author Share Posted June 17, 2013 Well, if I am about to shell out some thousand bucks for a new shiny "Hack Pro", it wouldn't be so nice if some months later it will be locked out of future updates. So, since there is a real possibilty of this happening, I think it would be better to defer my investment at least until Mavericks comes out? Link to comment Share on other sites More sharing options...
Maniac10 Posted June 17, 2013 Share Posted June 17, 2013 That's why I said to wait until it's explained properly. I'm sure it will be fine, there's always a way. Link to comment Share on other sites More sharing options...
nyolc8 Posted June 17, 2013 Share Posted June 17, 2013 ... As for me, instead of editingAppleKextExcludeList, I added all the list to fakesmc so it wont get overwritten when update comes. Feel free where you want to put it. ... I tried this, I added the list to fakesmc, added my kexts to the list and it's not worked. Could you tell us how you exactly did that? Edit: I edited the AppleKextExcludeList info.plist and added my modified kexts, then I added the AppleKextExcludeList too into itself, and not a single "WARNING" message on kextcache creation 4 Link to comment Share on other sites More sharing options...
Recommended Posts