MykolaGrymalyuk sound issues

[Music]

especially for anything user so we have to live and de all these and figure out all right what are you do and so for example we have to reverse engineer to lbm Metal Graphics set open Geographics the T and security CH i821 and broadcom and so on and so forth and so even though though we had NE tricks for those first three issues unfortunately injecting Frameworks dynamically is very difficult so instead we actually have to patch the root volume that your machine's booting to add those back in either p p binaries or just downgraded or ones that were

missing so now let's look at the T1 security chip was actually dropped in macoma just this year in June the basic idea of the T1 security chip is that it was released in 2016 as Apple's first foray into a co-processor for their Max it drove the camera touch touch bar Touch ID all those fun things and it was based off the Apple Watch series 2 but the problem with somoma is that it broke communication with this chip specifically it could sometimes see the chip in some areas but when it Tred to send data wouldn't get any back and same vice versa T1 would try to communicate with the operating system but it doesn't want to and so we had multiple areas we

need to fix of course the main one was kernel side where communication is done over USB through kernel relay host but there's a whole bunch of Kernel extensions that remove the logic for communicating with this kernel extension so we need to downgrade Port crypto Apple SS apple key store and so on and then in user space we have a whole bunch of Frameworks and binaries that either were removed or the logic for those Frameworks were strict so for example embedded OS frame install. framework outright removed this year but local authentication framework Biometrics D Damon and so on they're all still there but they don't have the logic to actually speak with that old framework that was ripped

out so to fix this in the kernel side we're going to use open core package as we did with boot. EFI editing we're now going to edit the kernel cach right before the machine boots so we're going to inject those old kernel extensions and then for the user side we got all the Frameworks and binaries we're going to patch them in with open core Legacy Patcher the pyth on front end onto the root and from there mostly works so there's also some other neat tricks we're doing we're also developing a ton of pearl extensions that are editing data as it's p being paged in from memory using the L or being paged in from dis into memory using the L

patching engine for example we have feater unlock.it through for when memory is being paged in and see hey are there any model checks that are arbitrary for example air play to Mac is limited to 2018 and newer side car is 2016 and newer bity camera is uh 2017 and newer well with feature and loock we can find those and strip those requirements out of it because they're actually just arbitrary they just want you to buy a newer M we also have cryex fixa which is using Apple's translation system Rosetta 2 to run our really old machines thanks to compatibility binaries that are available in the operating system for Rosetta we also have user space Damons

that try to help repair Mac after OS updates as it's not too much of a fan of what we're doing and tries to clean up a lot of our work so why do we need all these tools this slide is basically just a clarification of a whole bunch of weird words I just said so in opencore package it's a bootloader your machine boots into before boots Maps this is going to patch out early checks in the operating system like boot. EFI and add additional kernel drivers that we may want all right then we have the kernel running so we have wiu that's going to patch in memory while it's running along the kernel and allow plugins to do

whatever it wants so this is where it restricts events and feature then finally uh in disk or on disk and in user space we have the python front end that will add files to different areas additionally it'll also add to Kernel catches that may not fit in the first one that would be open for page M said three kernel caches that are loaded at different stages in the

OS so let's put all the pieces together how does it actually boot so ignoring this overly complicated diagram the basic idea is that your map poers on it's going to search for file systems that it SE that it recognizes look for boot loaders on those file systems and then it's going to load them so it'll load opencore package for us and then it's going to do its magic one really neat trick we're doing with 5K and 4K IMAX is we're actually hiding through Apple's Diagnostics toing what this does is actually retain Apple's signature so it still thinks it's genuine and not a third party operating system what this does is unlock some additional features that normally would

be locked out like the dual display port timing controller that made the four 5K iMac possible back in 2014 so now we have open core load boot. to memory Apple's boot loader and does whatever it needs so it'll patch out platform support. list and do extra magic then it's going to load the kernel cache de boot kernel collection the first stage cache into memory and do whatever patching it needs it might patch a bit of the kernel it might uh remove kernel extensions that are incompatible or even add other ones such as lelu and its plugins so now open core package is done its me and we'll see MAA boot so of course boot. IFI will start up and look for

that malform file oh can't find it continue on then it's going to boot bootstrap the kernel and let that Mo it's going to set up all the memory regions it's going to do all its magic and then start up additional kernel extensions the early stage ones are going to be acpi PCI so on and so forth and then finally General kernel extensions can load this is where this is where lelu and restrict events and all those fun ones come in so they're going to load up and restrict events is going to do its magic and hook onto the kernel it's going to reroute the value depending on what's Happening and continue on then user space will

start to kick in and then the second stage kernel collection the system kernel collection will start up this holds audio and Graphics just the general stuff there um mainly ones that are not required to boot but are still needed there for useful experience so then let's look at how user space starts up we have the very first uh user space binary and Ma launch D startup and this is going to load the Dage shared cash what this file is is in a sense a giant blob of tons of Frameworks uh in Mac OS all merged into one this is where feature unlock is actually listening in for when it's being paged in from dis into memory it's going to look and see

hey I see airplace support. framework hey you have that arbitrary model check rip it out and then it loads in then we have our general Frameworks and libraries additional ones we patched using python front end and then we have the third stage kernel uh cach loading the auxiliary kernel collection this holds third party device drivers as well as anything that we might not have been able to patch in earlier as easily finally you have Windows Server kick in the graphical user interface okay but is Apple really letting us do all this stuff this seems a little sketchy surprisingly they don't mind for the most part at least on Macos they have been reluctant but they still allow

a lot of configuration in the oper so as I mentioned early on every major Macos update generally changes something about the security architecture of the platform every other year is Major uh changes and then the other ones are minor however every time a new security feature is added there's generally been some way to lower it disable it or bypass it uh from the end users point however as Max have become more iOS like there have genu been genuine concerns that Apple might W this down in the future but funny enough that WWDC 2020 Apple silicon Maxs were shown to still be just as configured we can still configure secure boot group volume authentication system Integrity

protection and so on of course they're pivoting this towards researchers and hobbyists but we kind of count as

fs and so as of right now zero threats from Apple however it's not all perfect ma patchers in general not just open cor Le

patchers you're basically leasing it for your machine and so every year there'll be drastic changes even midcycle month to month there might be drastic changes that you might not realize that'll your machine you're also developing a close Source operating system even though parts of the X andu yeah are open source the majority of it is not or at least that we care about for example the virtualization stack on Apple silicon outright missing in the open source Cur no and so 95% of our reverse engineering and understanding what is math was doing so it requires a lot of skill developers with deep understanding of mcwest some background in software senders hopefully and also to uh restore Hardware support

you unfortunately need to lower some security features we were patching in Frameworks onto dis it means we got to lower the f file system protections to allow our files we also expecting a small group of hobbyists to maintain the same level of work as a trillion dooll company is not possible so then just oh there we go so then let's look at how Macos patchers have affected the world uh so they of course allow machines to be use longer reducing unnecessary e waste and they also allow lower income families to keep their machines around longer and not buy new hardware when they're not ready for example if the latest Adobe Acrobat Suite requires you to install the Las

version of Macos that doesn't mean your machine becomes suddenly obsolete you can't use it for class there are still ways to get the machine running longer if we look at Brazil they're the third largest user bases of open core leater just due to the challenges of affording new hardware so for example the iPhone 15 is almost double the price in Brazil than in the United States if we look at this pie chart here we started recording um somewhat Anonymous data on where users are not that are using our products and what's really interesting is even though we still have a large of the us our our bases of the US it's not it's actually very well distributed for what you'd

expect so of course 22% us 10% Germany 6% Brazil five UK four France three China and so on and so forth what this shows is that not just third world countries and not just First World countries want to have their maches last long everyone wants their machine to last

longer so then Apple in the environment every keynote they're always talking about recycle the Loom how much they care about the environment so on and so but by letting these machines go offo they're adding to the length if we look at Google they're not going to be supporting no sorry no it's all good we're trying to fix audio online they're not getting any audio unfortunately why did that cut video though oh

yeah oh there

that's actually a really good point um I do believe that regulation can help with this because Apple's not going to just suddenly have goodness in their heart and extend life these machines for an extra seven years they do need to be forced so regulation is actually example um in California they have a bill where machines have to be repairable for seven years parts that long I think it might actually be more I need to check but that's where legislation helped the end user because they could still buy

parts and so another thing to keep in mind is Services users they're being left behind you can't use all those fancy i+ features so what's the point of another thing that's really important is some people try to defend Apple by saying oh it's really hard to develop an operating system and to support so many machines they're a trillion dooll

company but then let's look at the flip side by keeping older machines around longer you're unfortunately keeping vable machines in the workplace and in environments for for example that includes both Hardware vulnerabilities like on Intel CPUs with Spectre and mown as well as like the t2 security chip that Apple developed with Czech M also there's software issues for example on 3 T2 machines they don't secure and so Mikey Jin has a really Obed by the C 6.0 where he was able to just swap the kernel C for something malicious without much issue and also by having more machines around you're having more Hardware drivers and a lot of drivers still will sit in Cel space and that means more

vectors of attack another thing to keep in mind is by keeping these old maches around you're keeping fall back codable and so for a lot of machines they might not be able to uh be used to their full potential for example there is the lack of Hardware device at a station for machines on 3T machines so if you run a mobile device management instance and you need to verify if your machine is genuine and someone's not spoofing it well you still need to have fallback code to say oh well that machine might just be an

old so then in conclusion older operating systems just don't last as long only get a couple years of shuing and of course they leave you vulnerable if you sit on them also Macs are dying at a quicker rate and we don't know if this is temporary of course Apple silicon might be accelerating the process but does that mean that years after Intel's gone and we're just on Apple silic we don't know and so unfortunately to get more life out of your machine you have to either install a third party operating system like Windows we return to H problems gonna give you no love and by doing all this by leaving these machines abandoning they're contributing to their carbon

footprint and before I finish up I just want to thank so many amazing uh projects uh developers and community members that are helping they're doing amazing work otherwise it's Q&A thank you so much for listening me ramble top link is open core Legacy Patcher other stuff is personal info if you

care

oh um I am unfortunately an apple simp so I do not have a good good explanation for that unfortunately

sorry

yes

at least for how I see it is a lot of people buy a Mac to run Mac OS when it no longer can run Mac OS they want to throw it out they want to get a new machine so by being able to still run macwest for longer it keeps those machines alive for those users of course yeah windows and Linux like in installing either of those those are probably the better bets for long term but of course it's a third party operating system you're gambling with the OS vendor of they're going to be maintaining support for your machine like Linux is mostly a community

project

so once uh Apple strips that x86 code from the operating system there's nothing we can really do unfortunately um of course if Rosetta so Apple's translation system if it's kept around funny enough we actually have a very good path forward with that for the most part but that's gambling a lot on an oper on an OS vendor who doesn't really care about us they just care about keeping their machines

going uh so this is this is actually goes back to uh how Apple made secure Boot and a lot of security prop or features uh configurable on Apple silicon Max that what's allows a lot of hobbyists and researchers to do what they want but iOS devices don't have that there is a security research program that they give a very few iPhones to very select few individuals so unfortunately for the most part there is very little chance unless you can find a jailbreak to get running and also I can't comment on if iPhones are dying quicker as well but I do see that overall they're not lasting as long as they

should uh so our user base I hope hopefully for the most part is personal devices I'm terrified to think about people deploying this Enterprise unfortunately I do know people are deploying this Enterprise to meet security compliance to get on the latest OS that's terrifying I don't want to think about that um but on so for how you actually find this project most of the time it's literally I want to install mac inro on my Mac it'll show up on GitHub and you find our guide there's a whole bunch of YouTube videos like the community really loves the project overall and so they love to make documentation they love to help we have a community Discord server

where people pop in and ask questions and so

forth oh I don't know if I want to talk about that um it's basically we have some machines on hand um so of course we're reverse engineering we're just doing small testing on ourselves like our own machines that we can figure out and then for the most part we have public betas people chime in if there's issues we try to see what we can do the problem is we're developing against a Clos Source operating system we don't have the source code we can't edit it we need to basically bin patch we need to do hooks we need to do a lot of work on our on our

end uh yes I'm in the four or going to be in the fourth semester third semester right now ISS oh thank

you that's a it's very much dependent on yourself how much you can tolerate so for example like I have a 2008 Mac Pro under my desk runs fine for the most part I don't mind it but the thing is of course I have machines I can use I have proper machines at work and so forth but for a lot of people it's the only machine they have and if they need to run the newest neurer 's for their software they don't really have a choice and so at least they have an option

here uh officially none they will never acknowledge us um for private support like the thing is it's not a company in a sense it's just individual Engineers we do know Engineers use our projects internally for fun uh like just on their own personal machines also a good chunk of Apple's coreos team at least I know some of them are uh previous Hackintosh users and so that's how they transitioned into working for

Apple

unfortunately yeah you're running up against like genuine CPU feature limitations um at least for that model I can't remember when it was dropped I think might have been 10.7 or maybe it was L Capitan because if it was El Capitan there's unfortunately no way to patch It Forward yeah because um on one of the the slides I actually had a whole bunch of other macus patchers like over the years that have existed and those ones work for a lot of older machines so but yeah unfortunately for that machine there's not much you can do um for that 2007 funny enough you could probably do a CPU upgrade if you want to desolder it I actually know a friend who can do that

but that's going a bit

far

so we never give timelines um basically our recommend we basically always say six months from the release that's just a random number we throw around generally it's sooner than that but that's just like for initial testing we know that people want a number so we give them a number but it's not really a genuine number um So within the first day we of course get the operating system we download it we try to boot it first and see okay what dies at which stage okay and then we start to slowly backpedal all right it died at the bootloader stage what changed in the bootloader between last year and this year do start doing like string

comparisons so we'll just like uh export all the strings into a file see there then we'll also export the function or function name see what was added what was removed what arguments might have been changed so on and so forth and so then just fight on from there and figure out what in the world broke oh

oh that's a good uh so for example on pre 2012 machines uh they are using the open G Graphics stack for rendering and then in 2012 they switched over to the Metal Graphics rendering stack and unfortunately that means a lot of Metal Graphics apps like Final Cut pro video editing and such they won't run on those older machines just because the drivers don't

support correct yeah otherwise I think that's everything thank you so [Music] much