Skip to content

Commit

Permalink
Merge pull request sickcodes#155 from sickcodes/custom-identity
Browse files Browse the repository at this point in the history
Custom Serial Numbers (iMessage/iCloud security analysis)
  • Loading branch information
sickcodes authored Feb 26, 2021
2 parents 7dc344e + 60132b6 commit 27efe66
Show file tree
Hide file tree
Showing 10 changed files with 1,960 additions and 84 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
|Version|Date|Notes|
|---|---|---|
| |2021-02-26|Change `-e NOPICKER=true` to simply do `sed -i '/^.*InstallMedia.*/d' Launch.sh` and `export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2`.|
|3.2|2021-02-25|Add a script to generate unique machine serial numbers. Add a script to generate a bootdisk from given serial numbers. Add Linux for libguestfs which allows the docker container to make QEMU bootdisks with specific serial numbers.|
| |2021-02-21|Add NOPICKER environment variable to ALL images.|
|3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.|
| |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.|
Expand Down
89 changes: 80 additions & 9 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
# Repo: https://github.com/sickcodes/Docker-OSX/
# Title: Mac on Docker (Docker-OSX)
# Author: Sick.Codes https://sick.codes/
# Version: 3.1
# Version: 3.2
# License: GPLv3+
#
# All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm
Expand Down Expand Up @@ -52,7 +52,7 @@

FROM archlinux:base-devel

MAINTAINER 'https://sick.codes' <https://sick.codes>
MAINTAINER 'https://twitter.com/sickcodes' <https://sick.codes>

SHELL ["/bin/bash", "-c"]

Expand Down Expand Up @@ -91,7 +91,7 @@ RUN if [[ "${RANKMIRRORS}" ]]; then \
# RUN tee -a /etc/pacman.conf <<< '[community-testing]' \
# && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist'

RUN pacman -Syu git vim nano alsa-utils openssh --noconfirm \
RUN pacman -Syu git zip vim nano alsa-utils openssh --noconfirm \
&& ln -s /bin/vim /bin/vi \
&& useradd arch -p arch \
&& tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \
Expand Down Expand Up @@ -174,6 +174,19 @@ RUN python fetch-macOS.py --version "${VERSION}" \
WORKDIR /home/arch/OSX-KVM
ARG LINUX=true
# required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly
RUN if [[ "${LINUX}" == true ]]; then \
sudo pacman -Syu linux libguestfs --noconfirm \
&& patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst \
&& curl -LO "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/${patched_glibc}" \
&& bsdtar -C / -xvf "${patched_glibc}" || echo "Everything is fine." \
; fi
# temporary branch, remove in final PR
RUN git clone --branch custom-identity https://github.com/sickcodes/Docker-OSX.git
RUN touch Launch.sh \
&& chmod +x ./Launch.sh \
&& tee -a Launch.sh <<< '#!/bin/sh' \
Expand All @@ -183,15 +196,15 @@ RUN touch Launch.sh \
&& tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-8}000 \' \
&& tee -a Launch.sh <<< '-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \' \
&& tee -a Launch.sh <<< '-machine q35,accel=kvm:tcg \' \
&& tee -a Launch.sh <<< '-smp ${SMP:-4},cores=${CORES:-4} \' \
&& tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \
&& tee -a Launch.sh <<< '-usb -device usb-kbd -device usb-tablet \' \
&& tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \
&& tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \
&& tee -a Launch.sh <<< '-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \' \
&& tee -a Launch.sh <<< '-smbios type=2 \' \
&& tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \
&& tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \
&& tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \' \
&& tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2} \' \
&& tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \
&& tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \
&& tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \' \
Expand All @@ -204,6 +217,8 @@ RUN touch Launch.sh \
&& tee -a Launch.sh <<< '${EXTRA:-}'

# docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh
# This is now a legacy command.
# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk
RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \
&& chmod +x ./Launch-nopicker.sh \
&& sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh
Expand All @@ -212,22 +227,78 @@ USER arch

ENV USER arch

ENV BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2

ENV DISPLAY=:0.0

ENV ENV=/env

ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img

ENV NETWORKING=e1000-82545em
# ENV NETWORKING=vmxnet3

ENV NOPICKER=false

ENV UNIQUE=false
# Boolean for generating a bootdisk with new serials.

VOLUME ["/tmp/.X11-unix"]

CMD case "$(file --brief /image)" in \
QEMU*) export IMAGE_PATH=/image && sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true;; \
directory*) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img;; \
# check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image
# NOPICKER is used to skip the disk selection screen
# GENERATE_UNIQUE is used to generate serial numbers on boot.
# /env is a file that you can generate and save using -v source.sh:/env
# the env file is a file that you can carry to the next container which will supply the serials numbers.
# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using:
# -e DEVICE_MODEL="iMacPro1,1" \
# -e SERIAL="C02TW0WAHX87" \
# -e BOARD_SERIAL="C027251024NJG36UE" \
# -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
# -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \

# the output will be /bootdisk.
# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk.

# if you don't set any of the above:
# the default serial numbers are already contained in ./OpenCore-Catalina/OpenCore.qcow2
# And the default serial numbers

CMD sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; case "$(file --brief /image)" in \
QEMU\ QCOW2\ Image* ) export IMAGE_PATH=/image \
;; \
directory* ) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img \
;; \
esac \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 \
; } \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" || exit 1 \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" \
|| ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" || exit 1 \
; } \
; case "$(file --brief /bootdisk)" in \
QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \
;; \
directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
;; \
esac \
; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \
; ./enable-ssh.sh && envsubst < ./Launch.sh | bash

# virt-manager mode: eta son
Expand Down
41 changes: 36 additions & 5 deletions Dockerfile.auto
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
#
# Title: Mac on Docker (Docker-OSX) [AUTOINSTALL]
# Author: Sick.Codes https://twitter.com/sickcodes
# Version: 3.1
# Version: 3.2
# License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX
#
Expand Down Expand Up @@ -128,10 +128,12 @@ RUN if [[ "${COMPLETE}" ]]; then \
&& wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \
; fi

RUN mv ./Launch-nopicker.sh ./Launch.sh
ENV BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2

ENV DISPLAY=:99

ENV ENV=/env

ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img

ENV NOPICKER=true
Expand All @@ -141,15 +143,44 @@ ENV TERMS_OF_USE=i_agree
ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree"

CMD echo "${BOILERPLATE}" \
&& [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \
; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \
; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \
; echo "Disk is being copied between layers... Please wait a minute..." \
; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 \
; } \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" || exit 1 \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" \
|| ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" || exit 1 \
; } \
; case "$(file --brief /bootdisk)" in \
QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \
;; \
directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
;; \
esac \
; [[ "${DISPLAY}" = ':99' ]] && { \
nohup Xvfb :99 -screen 0 1920x1080x16 \
& until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 0.1 ; done \
; } \
; echo "Checking whether /image is a directory or a QEMU disk." \
; case "$(file --brief /image)" in \
QEMU*) export IMAGE_PATH=/image && sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true;; \
QEMU*) export IMAGE_PATH=/image;; \
directory*) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img;; \
esac \
; stat "${IMAGE_PATH}" \
Expand Down
44 changes: 37 additions & 7 deletions Dockerfile.naked
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
#
# Title: Mac on Docker (Docker-OSX) [AUTOINSTALL]
# Author: Sick.Codes https://twitter.com/sickcodes
# Version: 3.1
# Version: 3.2
# License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX
#
Expand Down Expand Up @@ -101,17 +101,47 @@ RUN mkdir -p ~/.ssh \
&& tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
&& tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null'

ENV NOPICKER=true
ENV BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2

ENV DISPLAY=:99

ENV ENV=/env

ENV IMAGE_PATH=/image

CMD [[ "${DISPLAY}" = ':99' ]] && { \
ENV NOPICKER=true

CMD sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; [[ "${DISPLAY}" = ':99' ]] && { \
nohup Xvfb :99 -screen 0 1920x1080x16 \
& until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \
; } \
; sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true \
; ./enable-ssh.sh \
; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \
; envsubst < ./Launch.sh | bash
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 \
; } \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" || exit 1 \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" \
|| ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" || exit 1 \
; } \
; case "$(file --brief /bootdisk)" in \
QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \
;; \
directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
;; \
esac \
; ./enable-ssh.sh && envsubst < ./Launch.sh | bash
Loading

0 comments on commit 27efe66

Please sign in to comment.