Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Retr0id 5 days ago

> Just recompile the kernel and change the functions it uses to hide the possible cheat and bypass all checks.

You can do this on macOS too, by the way. XNU is open-source.

gjsman-1000 5 days ago | parent | next [-]

… well, technically speaking, most of it is open source. However, some parts regarding Apple Pay, FileVault, FairPlay DRM, any iOS compatibility, it’s excised.

Retr0id 5 days ago | parent [-]

Right, but you can splice your recompiled version back into the original binary, complete with proprietary components. I've done this before, maybe I should write up the process.

commandersaki 5 days ago | parent | next [-]

With SIP enabled?

Retr0id 5 days ago | parent [-]

For my particular use case I disabled SIP and everything was fine, but workarounds should be possible.

porridgeraisin 5 days ago | parent | prev [-]

Please do!

hollerith 5 days ago | parent | prev | next [-]

Is that really true?

How would one get the modified XNU past the verified-boot process? Turn off verified boot?

Retr0id 5 days ago | parent [-]

The overall process is documented here: https://kernelshaman.blogspot.com/2021/02/building-xnu-for-m...

chuckadams 5 days ago | parent | prev [-]

Good luck booting a custom kernel with SIP enabled, and I'm pretty sure any anti-cheat will nope out immediately if SIP is disabled.

15155 5 days ago | parent | next [-]

So intercept whatever mechanism it's using to detect SIP enabled status...?

ChocolateGod 4 days ago | parent | next [-]

You would have to somehow compromise the security coprocessors, even on Android where more of the system is open source, Play Integrity relying on this has killed pretty much all methods of tricking application code that the system is stock outside of downgrade attacks (by convincing the application the phone doesn't support newer verification methods).

We can run tasks on them that only produces valid output if the boot chains is verified.

Mindwipe 4 days ago | parent | prev [-]

If Apple launches an attestation API that has key material that they control on the hardware co-processor that it authenticates with Apple servers and passes the result back to the game server, then there's no mechanism to intercept it.

Retr0id 5 days ago | parent | prev [-]

You do have to disable it, but you can patch the kernel to lie to userland about SIP status.