Home

Awesome

kextd_patcher

kextd_patcher is a python script for patching the kextd binary to support loading of unsigned kernel extensions on OS X.

In the latest version this utility only patches SecStaticCodeCheckValidity to always return 0.

See Breaking OS X signed kernel extensions with a NOP for more info.

Dependencies

The scripts uses radare2 to do the heavy lifting of analyzing the binary and finding which instructions should be patched. You will need to build radare2 from git and have the r2 binary in your PATH.

To removing the code signature from kextd after the patching, the script uses ldid, so you will also need to have ldid in your path.

Usage

Start by running the script:

$ ./kextd_patcher.py

Patched SecStaticCodeCheckValidity
Removing code signature...
Patched file is located at: /var/folders/db/kt60mzx93p110r61jzjbf3nw0000gn/T/tmpM12eNq

If you want to apply the patch do the following:

$ sudo cp /usr/libexec/kextd /usr/libexec/kextd_backup
$ sudo mv /var/folders/db/kt60mzx93p110r61jzjbf3nw0000gn/T/tmpM12eNq /usr/libexec/kextd

The temporary path that the script will output the patched binary to will differ, so you'll need to adjust the path in the command above.