-
Notifications
You must be signed in to change notification settings - Fork 275
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
account
doesn't work on macOS 12+
#417
Comments
Same here (with same macOS Monterey version). I noticed to it stopped working after it updated to Beta 7, |
I can reproduce this. I am also running macOS Monterey beta 7. @lukasmalkmus, @malob, do either or both of you see this when iCloud Private Relay is enabled? Is it reproducible with iCloud Private Relay disabled? |
@chris-araman, unfortunately I’m now away from my macOS machine for a few days, so won’t be able to test this until Thursday. |
I'm able to reproduce this with Private Relay disabled in macOS 12 beta 7. Guessing this is due to an API change in Monterey I ran our
Dumper agrees that these frameworks are missing the binary. I wonder if Monterey has somehow hid them from our prying eyes 👀. |
@phatblat, those binaries don't exist in the file system in Big Sur either, due to the dyld cache. There is some sample code from Apple (search for That said, This is what I was trying to address for Apple Silicon Macs when I last contributed to |
I ran across Extracting libraries from dyld_shared_cache and was impressed with his/her understanding of the process. Using https://github.com/zhuowei/dsc_extractor_badly I was able to get a CommerceKit x86_64 binary. Neither class-dump nor Dumper were able to work with it, but IDA Free is able to understand this file. I'll try updating the headers manually and then see which new methods might return the active account. |
I have the same problem on the latest macOS 12 beta. As I am running tests for my install scripts in the moment it would be very nice to see this fixed. |
Same problem with Release Candidate - macOS 12.0 Beta (21A5552a) |
As Monterey has been released, it would be nice if mas supports it (fully). (I understand it takes a lot of work to play around with private frameworks and fix code for macOS upgrades. Keep up the good work — mas is a very useful tool!) |
I can confirm the same issue on macOS Monterey (
|
mas account
says not signed in but I ammas account
says not signed in but I am
Same issue on macOS 12.0.1, 16" MacBook Pro 2021. |
Same issue on macOS 12.0.1, 13" MacBook Pro 2020 M1 |
Same on macOS 12.0.1, 15.4" MacBook Pro 2018.
|
Same here. |
Hey Team, This replicates on macOS 12.0.1 (21A559), MacBook Air (M1, 2020). Let me know if you need any specific tests/checks. |
Same here |
Repros on 12.1 Beta as well. |
@chris-araman @phatblat |
Hi, all!
You're in the right place. Efforts toward resolving this issue will be tracked here. @phatblat and I are both volunteer maintainers with obligations apart from
We're not aware of a workaround at this time, other than using the App Store app, of course.
As you're probably aware, Apple has made some changes to the private frameworks A few things have to happen in order to resolve this issue:
tl;dr: This is going to take time and effort. We welcome any helpful contributions from subject matter experts! That said, additional reports of |
When you use I'm not sure what the specific issues are with Afaik, IDA still doesn't support the new dyld shard cache format in Monterey (split across several slices), but I have tooling that allows me to re-join the slices. I can then load it up and disassemble individual dylibs cleanly, for the Apple Silicon version (not the intel version, yet). I don't know much about |
Regarding dyld_shared_cache, here are a couple resources for informational purposes. Neither of these help move the ball down the field, but hopefully they offer a bit of insight into the problem space. There's a project called DyldExtractor which unfortunately doesn't work on macOS shared caches; it's iOS only. But looking through it can give you some insight into how hard a problem it is to reconstruct the dylibs. It's a pure python project that does not use And here's a project that essentially cheers, |
Any chance you'd want to open source that? 😁 What are you using for disassembly? FWIW, even the NSA doesn't seem to be able to grock Monterey's |
Unfortunately I can't share the tool since it's work-related As for disassembly, I'm using IDA to load the reconstructed dyld_shared_cache, and then disassemble individual dylibs. So, happy to run any IDA python scripts against my IDB and share the results if that helps. And yeah I filed that bug on Ghidra :-) |
@zcutlip, if you're able to somehow generate headers for these frameworks on macOS 12.0.1 and either post a link to them here, or fork and drop them in a branch for review, it'd be greatly appreciated. Not sure if that's possible given your current tooling. I'm not yet familiar with IDA, let alone Python scripting for it, unfortunately. |
sorry for jumping in, but have you tried my tool ipsw: |
I'm familiar with your tool, but wasn't aware of it's dsc/obj-c capabilities. Giving it at try now. Thanks! |
If you have bat installed (brew install bat) you can pipe the output of my tool to: |
Yeah that's really cool. This gets us really close. I'll see if I can clean up the output to be a proper header file. Very nice work on |
Okay, making progress: I'm dumping JSON from IDA pro, and I've written some python that shells out to I've attached a gist with JSON for CommerceKit as well as C-header formatted output from post-processing the JSON. There's definitely stuff missing, like ivars and properties, and probably a few other things. Also I'm not sure what magic Someone maybe take a look at let me know if we're getting close Cheers |
Oh, I think I get the organization. It's supposed to be one |
I'm now writing out individual I studied what My proposals are:
Here's an example of one of the header files I dumped, @interface CKAuthenticationSettings : NSObject
{
}
// Class methods
+ (_Bool)supportsSecureCoding
// Instance methods
- (id)copyWithZone:(struct _NSZone *)arg1
- (id)init
- (void)encodeWithCoder:(id)arg1
- (id)initWithCoder:(id)arg1
- (void).cxx_destruct
- (id)_password
- (_Bool)showHelp
- (_Bool)createSession
- (void)setShowHelp:(_Bool)arg1
- (id)suggestedUsername
- (void)setSuggestedUsername:(id)arg1
- (id)authenticateArguments
- (void)setAuthenticateArguments:(id)arg1
- (id)createAccountArguments
- (void)setCreateAccountArguments:(id)arg1
- (_Bool)forceAccount
- (void)setForceAccount:(_Bool)arg1
- (void)setCreateSession:(_Bool)arg1
- (void)set_password:(id)arg1
- (_Bool)_loginToiCloud
- (void)set_loginToiCloud:(_Bool)arg1
@end /* CKAuthenticationSettings */ I still need to do ivars and a couple other things, but that shouldn't be too bad. Cheers |
I haven't found time to dive into this gist yet, but I'm hoping to do so this week. Hopefully there are enough breadcrumbs here to piece together a plan for the original issue reported here, among others.
Yep!
Option 1 would probably be best in the long run if you were able to publish your IDA scripts as open source. That way, we could try to integrate the functionality directly into Great work on this, @zcutlip. I really appreciate the time and effort you're putting into this, and I'm sure others here do too. |
It looks like several of the interfaces used by I took a look at your progress, and I agree we're getting close. Your to-do list looks accurate. I haven't noticed anything else we'd need from a class dumper. (To be clear, though, Apple still may not have left enough surface area to fix the |
I'll absolutely share the IDA plugin. I'm in the process of doing the following:
At that point, based on feedback,I can revise the JSON output to include any additional details as required |
Got ivars going. Here's a sample /*
* CKAccountStore.h
* ./classdump.py ../build/Release/formatType ./CommerceKit/ ../../IDA-ObjCExplorer/CommerceKit.json
*/
@interface CKAccountStore
{
CKStoreClient *_storeClient _storeClient;
}
// Class methods
+ (id)accountStoreForStoreClient:(id)arg1;
+ (id)sharedAccountStore;
// Instance methods
- (void).cxx_destruct;
- (id)accounts;
- (id)primaryStoreAccount;
- (void)addAccount:(id)arg1;
- (id)primaryAccount;
- (id)accountWithAppleID:(id)arg1;
- (_Bool)isDemoModeEnabled;
- (id)initWithStoreClient:(id)arg1;
- (id)demoAccount;
- (id)storeClient;
- (id)storeAccountForDSID:(id)arg1;
- (id)addAccountObserver:(id)arg1;
- (id)_initWithStoreClient:(id)arg1;
- (id)knownAccounts;
- (void)signOutWithCompletionHandler:(id /* CDUnknownBlockType */)arg1;
- (void)removeAccountObserver:(id)arg1;
- (id)storeAccountForAppleID:(id)arg1;
- (void)getEligibilityForService:(long long)arg1 completionBlock:(id /* CDUnknownBlockType */)arg2;
- (_Bool)primaryAccountIsPresentAndSignedIn;
- (void)signOut;
- (id)addPrimaryAccountObserverWithBlock:(id /* CDUnknownBlockType */)arg1;
- (void)removePrimaryAccountObserver:(id)arg1;
- (id)accountForDSID:(id)arg1;
- (void)signIn;
- (void)signInWithSuggestedAppleID:(id)arg1 allowChangeOfAppleID:(_Bool)arg2 completionHandler:(id /* CDUnknownBlockType */)arg3;
- (void)viewAccount;
- (id)eligibilityForService:(long long)arg1;
- (void)getPasswordSettingsWithCompletionBlock:(id /* CDUnknownBlockType */)arg1;
- (void)updatePasswordSettings:(id)arg1 completionBlock:(id /* CDUnknownBlockType */)arg2;
- (void)setTouchIDStateForAccount:(id)arg1 state:(long long)arg2 completionBlock:(id /* CDUnknownBlockType */)arg3;
- (void)getTouchIDStateForAccount:(id)arg1 completionBlock:(id /* CDUnknownBlockType */)arg2;
@end /* CKAccountStore */
I haven't looked at properties yet, but ivars weren't too bad. Hopefully properties will be equally straightforward. I'm attaching a zip file of all the headers I've spit out so far, along with the JSON I spit out from IDA. Cheers EDIT: Note, many/most of the headers in the zip file are superfluous, but as mentioned previously, I'm not sure of a way to programmatically filter out the ones that don't need to be generated. So for now they're all in there, and we can work on a better way next. |
I don't see |
I haven't started I'll check on |
It appears As far as |
|
I should add that I'm happy to share my IDB if it's helpful. It's quite large though, around 18GB, so I'm not sure the best way to do that. |
@zcutlip, thanks for the offer. I think we could rebuild an IDB if needed. Tooling to generate new headers will be more valuable than a one-time snapshot in the long run. |
- .osx script was missing - homebrew cask did not allow for apps installed by other sources, like kandji - mas doesn't work on m1 mac yet: mas-cli/mas#417 - some visual studio code extensions migrated to new names - fixed path issues with visual studio code tasks
for those subcommands are no longer supported by `mas` on the recent versions of macOS - mas-cli/mas#164 - mas-cli/mas#417 - https://github.com/mas-cli/mas#%EF%B8%8F-known-issues
mas account
doesn't work on macOS 12 and lateraccount
doesn't work on macOS 12+
Your Environment
mas version
: 1.8.3system_profiler SPSoftwareDataType -detailLevel mini
): 12.0 (21A5522h)mas Install Method
brew install mas
(homebrew-core).pkg
installer from releasesDescribe the Bug
mas account
says I'm not signed in, although I am:To Reproduce
Steps to reproduce the behavior:
mas account
mas account
againExpected Behavior
Getting no error and being able to use other
mas
commands that depend on being signed din.Actual Behavior
Screenshots, Terminal Output
Additional Context
It stopped working around 2 weeks ago I guess? Maybe it worked with the previous version?
The text was updated successfully, but these errors were encountered: