This does not support updated Intel Macs

[joshuajohncohen]

Intel Macs only support Monterey, so to work on most updated Intel Macs this tool would need to support the latest versions of Monterey.

[0xdevalias]

Intel Macs only support Monterey

That's not true..? My Intel Mac is currently on Ventura, and I can upgrade it to Sonoma as well.

[jetfir3]

Ventura seems to have cut off support for 2015/2016 (and some 2017) and earlier devices. Any Intel device newer than that could certainly update beyond 12.x. https://support.apple.com/102861

12.7.2 is the current latest Monterey build -- feel free to upload the /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd binary somewhere so the offsets can be added.

This situation has pretty much been covered in previously submitted Issues. If a macOS version isn't supported, add the offsets via PR or share the binary so someone else can.

[0xdevalias]

This situation has pretty much been covered in previously submitted Issues. If a macOS version isn't supported, add the offsets via PR or share the binary so someone else can.

I wonder if an update to the README or issue templates or similar might help guide people towards doing that better?

[jetfir3]

I wonder if an update to the README or issue templates or similar might help guide people towards doing that better?

Certainly something worth considering. Some initial thoughts are:

• if they aren't reading open and closed issues -- where will they read? Perhaps BOTH the README and an issues template would cover those bases... but either would be better than nothing, for sure. A Discussion post or FAQ/Wiki entry would be easier to ignore/miss and probably not be as effective.
• but if additional text is added somewhere -- what is the best protocol for sharing a binary? Should it always be uploaded to an external source and not attached directly in github to avoid potential legal issues? Does "officially" asking people to share binaries open up any legal issues?

I'm probably overthinking it :)

[joshuajohncohen]

Here is the binary for 12.7.2:

• identityservicesd.zip
  (Zipped because GH doesn't allow binary upload)

[joshuajohncohen]

I made a PR in #25

[0xdevalias]

Here is the binary for 12.7.2:

⇒ sha256sum macos-12.7.2-monterey-identityservicesd
01aaa511c5d32c5766256a40b5ae8f42fb49b74074dce5936f315244236f15a0  macos-12.7.2-monterey-identityservicesd

Using my automated script (see #9), this is the output it gave:

⇒ ./find_fat_binary_offsets.py samples/macos-12.7.2-monterey-identityservicesd
-= Universal Binary Sections =-
Architecture 0 (x86_64):
  CPU Type: 16777223 (0x1000007)
  CPU Subtype: 3 (0x3)
  CPU Subtype Capability: 0 (0x0)
  Offset: 0x4000 (Valid Mach-O Header: Yes)
  Size: 7442432
  Align: 14
Architecture 1 (arm64e):
  CPU Type: 16777228 (0x100000c)
  CPU Subtype: 2 (0x2)
  CPU Subtype Capability: 128 (0x80)
  Offset: 0x720000 (Valid Mach-O Header: Yes)
  Size: 8707856
  Align: 14

-= Found Symbol Offsets =-
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture x86_64: 0x0b2278
Offset of _IDSProtoKeyTransparencyTrustedServiceReadFrom in architecture arm64e: 0x0b562c

-= Found Hex Offsets (with pure python fixed sequence search + regex) =-
Architecture 0 (x86_64):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xb2278
  NACInitAddress: 0x4132e0
  NACKeyEstablishmentAddress: 0x465e00
  NACSignAddress: 0x103f47; 0x405c10
Architecture 1 (arm64e):
  IDSProtoKeyTransparencyTrustedServiceReadFrom: 0xb562c; 0x31a038; 0x33203c
  NACInitAddress: 0x43d408
  NACKeyEstablishmentAddress: 0x3fdafc
  NACSignAddress: 0x3f2844

Note that there are multiple offsets listed for some parts, so those would need to be narrowed down further via manual/other methods to get the full proper offsets needed.

[jetfir3]

Added a PR for 12.7.2 support - #29

Didn't realize until after disassembling that the offsets match the already-existing 12.7.1 offsets, just needed to update the binary hash. :|