MAJOR
- Added
SnakeVIII
class.
- Added
spbl_compilator_wrapper.c
for compiling Sandbox Profile files .sb
.
- Added
make_plist.py
for converting XML back to PLIST.
- Added
sandbox_inspector
for various tasks related to App Sandbox (it is standalone, but I also implemented all functionalities to the latest SnakeVIII)
- Added
sandbox_validator
for checking if a given operation is allowed for the sandboxed process
- Added
sandbox_detector
for checking if the process is sandboxed
- Some modifications & additions to the current code (see below).
SnakeI
- Added
--dump_binary
for extracting binary from Fat archives.
- Modified
--dump_section
to dump raw bytes (no more b'\x01......') just raw binary to stdout.
- Modified
getStringSection
so it now returns strings in the order they appear in the binary (not in random order like previously)
def getStringSection(self):
'''Return strings from the __cstring (string table).'''
extracted_strings = []
for section in self.binary.sections:
if section.type == lief.MachO.SECTION_TYPES.CSTRING_LITERALS:
strings_bytes = section.content.tobytes()
strings = strings_bytes.decode('utf-8', errors='ignore')
extracted_strings.extend(strings.split('\x00'))
return extracted_strings
- Bug patch in
MachOFileFinder.py
, it did not print file type correctly, due to lief
update.
print(f"{binary.header.file_type.__name__}:{file_path}")
SnakeAppExtension
- Added
--bundle_id
flag for printing the CFBundleIdentifier
value from the Info.plist
file if it exists.
MINOR
- Added decompiled code of Sandbox components.
- Added
sandbox_operations_extractor.py
a simple script for extracting Sandbox Operations from Sandbox.kext
- Added
sonoma_sandbox_operations.txt
list of all Sandbox Operations extracted from Sandbox.kext
on Sonoma using sandbox_operations_extractor.py
- Added
SBPL Compilator
article link.
- Added
Sandbox Detector
article link.
- Added
Sandbox Validator
article link.
- Added
Unexpected but expected behavior
article link.
- Updated README.md
- Patched one of the helper testing functions because it could not handle some bytes while decoding. Now it looks like this:
def run_and_get_stdout(command):
command_with_stdout = f"{command} 2>&1"
# Run the command and capture the output in bytes
result = subprocess.run(command_with_stdout, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
# Decode with utf-8, ignoring invalid characters or replacing them
return result.stdout.decode('utf-8', errors='replace').strip()