Fix obfuscated pointers #470

GLinnik21 · 2024-05-06T18:51:22Z

With the release of iOS 12, a new encoding scheme for tagged pointers was introduced, along with enhanced obfuscation techniques. From the Objective-C sources:

The tagged pointer obfuscator is intended to make it more difficult for an attacker to construct a particular object as a tagged pointer, in the presence of a buffer overflow or other write control over some memory. The obfuscator is XORed with the tagged pointers when setting or retrieving payload values. They are filled with randomness on first use.

https://github.com/apple-oss-distributions/dyld/blob/25174f1accc4d352d9e7e6294835f9e6e9b3c7bf/include/mach-o/dyld_priv.h#L246 https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-runtime-new.mm#L9340-L9356

Like what? Who does it work?

This reverts commit ae6a5c5.

.swiftpm/xcode/xcshareddata/xcschemes/KSCrash-Package.xcscheme

And add links to LLVM

bamx23

Can't say I understand everything here, but I trust re-enabled tests. Thanks a lot for digging into this beautiful world of runtime ~~hacks~~ tricks!

GLinnik21 added 6 commits May 6, 2024 19:00

Update KSObjCApple.h with latest Obj-C sources

7866a7a

Use new functions

0f58950

Move all content of objc-internal.h

8938c14

fix NSNumber tagged pointer extraction

d080ad1

Try to fix tagged NSDate

0995c07

Like what? Who does it work?

GLinnik21 linked an issue May 6, 2024 that may be closed by this pull request

2.0 Evolution #464

Open

11 tasks

GLinnik21 mentioned this pull request May 6, 2024

2.0 Evolution #464

Open

11 tasks

GLinnik21 added 4 commits May 7, 2024 18:01

Add unit-tests run on the oldest OSs

ae6a5c5

Enable KSObjC_Tests tests

29fe642

Revert "Add unit-tests run on the oldest OSs"

f29d139

This reverts commit ae6a5c5.

Disable failing array tests

6a59500

bamx23 reviewed May 7, 2024

View reviewed changes

.swiftpm/xcode/xcshareddata/xcschemes/KSCrash-Package.xcscheme Show resolved Hide resolved

GLinnik21 and others added 5 commits May 7, 2024 22:57

Eventually disable KSDebug_Tests

4049ab2

Update deployment target in podspec

a22f394

Merge branch 'release-2.0' into fix-obfuscated-poiters

142804b

Fix tagged pointer compilation for i386

59d8e54

Make extractTaggedNSDate nice

e72ca14

And add links to LLVM

GLinnik21 marked this pull request as ready for review May 8, 2024 23:34

Return __unused back

f1f90a1

GLinnik21 requested a review from bamx23 May 8, 2024 23:39

bamx23 approved these changes May 9, 2024

View reviewed changes

Fix i386 validation

eab6bf5

GLinnik21 merged commit a3c5059 into release-2.0 May 9, 2024
14 checks passed

GLinnik21 deleted the fix-obfuscated-poiters branch May 9, 2024 13:22

bamx23 mentioned this pull request May 9, 2024

Run tests on different OS versions #475

Merged

GLinnik21 removed a link to an issue May 24, 2024

2.0 Evolution #464

Open

11 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix obfuscated pointers #470

Fix obfuscated pointers #470

GLinnik21 commented May 6, 2024 •

edited

Loading

bamx23 left a comment

Fix obfuscated pointers #470

Fix obfuscated pointers #470

Conversation

GLinnik21 commented May 6, 2024 • edited Loading

bamx23 left a comment

Choose a reason for hiding this comment

GLinnik21 commented May 6, 2024 •

edited

Loading