apple-data 1.0.601 → 1.0.602
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apple_data/version.rb +1 -1
- data/share/img4.yaml +176 -12
- data/share/syscfg.yaml +100 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dd760aa9e09e4a1a3262b1b7ba1a2142d79572876b78c969dd8f40542eee852b
|
4
|
+
data.tar.gz: 2ec56bb95e0d0097fad7234484ed395f196b5256e77cf852773e4e04aa5ac8e9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f51754e3f65ff1c507e6894dc872a0390601d0f1af783825546da153710c711b39c5685781196094364fcea8c1e0205d1b12b09dcf73ad9c85e1cbf14a578044
|
7
|
+
data.tar.gz: 7e36ea6e0a9bde9de0244fe2d4a6e647ce4e101bbec978b01b2ebb07fe30847415b53973937b31e144e039e1745e3b553e985af43bb74b354eaad9e072ed746d
|
data/lib/apple_data/version.rb
CHANGED
data/share/img4.yaml
CHANGED
@@ -43,13 +43,53 @@ img4_tags:
|
|
43
43
|
aupr:
|
44
44
|
description:
|
45
45
|
auxi:
|
46
|
-
|
46
|
+
title: Auxiliary Kernel Collection (AuxKC) Image4 Manifest Hash (`auxi`)
|
47
|
+
description: >
|
48
|
+
After the system verifies that the UAKL hash matches what’s found in the `auxp` field of the
|
49
|
+
LocalPolicy, it requests that the AuxKC be signed by the Secure Enclave processor application that’s
|
50
|
+
responsible for LocalPolicy signing. Next, an SHA384 hash of the AuxKC Image4 manifest signature is placed
|
51
|
+
into the LocalPolicy to avoid the potential for mixing and matching previously signed AuxKCs to an operating
|
52
|
+
system at boot time. If iBoot finds the auxi field in the LocalPolicy, it attempts to load the AuxKC from
|
53
|
+
storage and validate its signature. It also verifies that the hash of the Image4 manifest attached to the
|
54
|
+
AuxKC matches the value found in the auxi field. If the AuxKC fails to load for any reason, the system
|
55
|
+
continues to boot without this boot object and (so) without any third-party kexts loaded. The auxp field
|
56
|
+
is a prerequisite for setting the auxi field in the LocalPolicy. Users change the auxi value implicitly
|
57
|
+
when they change the UAKL by approving a kext from the Security & Privacy pane in System Preferences.
|
58
|
+
type: binary
|
59
|
+
subtype: sha2-384
|
60
|
+
access:
|
61
|
+
write:
|
62
|
+
- macOS
|
47
63
|
auxk:
|
48
64
|
description: Auxiliary Kernel Cache
|
49
65
|
auxp:
|
50
|
-
|
66
|
+
title: Auxiliary Kernel Collection (AuxKC) Policy Hash (auxp)
|
67
|
+
description: >
|
68
|
+
The `auxp` is an SHA384 hash of the user-authorized kext list (UAKL) policy. This is used at
|
69
|
+
AuxKC generation time to help ensure that only user-authorized kexts are included in the AuxKC. `smb2`
|
70
|
+
is a prerequisite for setting this field. Users change the `auxp` value implicitly when they change the
|
71
|
+
UAKL by approving a kext from the Security & Privacy pane in System Preferences.
|
72
|
+
type: binary
|
73
|
+
subtype: sha2-384
|
74
|
+
access:
|
75
|
+
write:
|
76
|
+
- macOS
|
51
77
|
auxr:
|
52
|
-
|
78
|
+
title: Auxiliary Kernel Collection (AuxKC) Receipt Hash (auxr)
|
79
|
+
description: >
|
80
|
+
The `auxr` is an SHA384 hash of the AuxKC receipt, which indicates the exact set of kexts that
|
81
|
+
were included into the AuxKC. The AuxKC receipt can be a subset of the UAKL, because kexts can be excluded
|
82
|
+
from the AuxKC even if they’re user authorized if they’re known to be used for attacks. In addition,
|
83
|
+
some kexts that can be used to break the user-kernel boundary may lead to decreased functionality,
|
84
|
+
such as an inability to use Apple Pay or play 4K and HDR content. Users who want these capabilities
|
85
|
+
opt in to a more restrictive AuxKC inclusion. The auxp field is a prerequisite for setting the auxr
|
86
|
+
field in the LocalPolicy. Users change the auxr value implicitly when they build a new AuxKC from
|
87
|
+
the Security & Privacy pane in System Preferences.
|
88
|
+
type: binary
|
89
|
+
subtype: sha2-384
|
90
|
+
access:
|
91
|
+
write:
|
92
|
+
- macOS
|
53
93
|
avef:
|
54
94
|
description: AV Encryption (DRM) Firmware
|
55
95
|
bat0:
|
@@ -105,7 +145,16 @@ img4_tags:
|
|
105
145
|
cmsv:
|
106
146
|
description:
|
107
147
|
coih:
|
108
|
-
|
148
|
+
title: CustomOS Image4 Manifest Hash (coih)
|
149
|
+
description: >
|
150
|
+
The `coih` is an SHA384 hash of CustomOS Image4 manifest. The payload for that manifest is used
|
151
|
+
by iBoot (instead of the XNU kernel) to transfer control. Users change the `coih` value implicitly when
|
152
|
+
they use the `kmutil` configure-boot command-line tool in 1TR.
|
153
|
+
type: binary
|
154
|
+
subtype: sha2-384
|
155
|
+
access:
|
156
|
+
write:
|
157
|
+
- 1TR
|
109
158
|
CPRO:
|
110
159
|
description: Chip promotion fuse value (what is burned in)
|
111
160
|
alias:
|
@@ -161,6 +210,18 @@ img4_tags:
|
|
161
210
|
- effective-production-status-ap
|
162
211
|
esca:
|
163
212
|
description:
|
213
|
+
hrlp:
|
214
|
+
title: Has Secure Enclave Signed recoveryOS Local Policy (hrlp)
|
215
|
+
description: >
|
216
|
+
The `hrlp` indicates whether or not the `prot` value is the measurement of a Secure Enclave–signed
|
217
|
+
recoveryOS LocalPolicy. If not, then the recoveryOS LocalPolicy is signed by the Apple online signing server,
|
218
|
+
which signs things such as macOS Image4 files.
|
219
|
+
type: boolean
|
220
|
+
access:
|
221
|
+
write:
|
222
|
+
- 1TR
|
223
|
+
- recoveryOS
|
224
|
+
- macOS
|
164
225
|
esdm:
|
165
226
|
description: Extended Security Domain fuses
|
166
227
|
alias:
|
@@ -261,7 +322,18 @@ img4_tags:
|
|
261
322
|
krnl:
|
262
323
|
description: Kernel
|
263
324
|
kuid:
|
264
|
-
|
325
|
+
title: Key encryption key (KEK) Group UUID (kuid)
|
326
|
+
description: >
|
327
|
+
The kuid indicates the volume that was booted. The key encryption key has typically been used
|
328
|
+
for Data Protection. For each LocalPolicy, it’s used to protect the LocalPolicy signing key. The
|
329
|
+
kuid is set by the user implicitly when creating a new operating system install.
|
330
|
+
type: binary
|
331
|
+
subtype: sha2-384
|
332
|
+
access:
|
333
|
+
write:
|
334
|
+
- 1TR
|
335
|
+
- recoveryOS
|
336
|
+
- macOS
|
265
337
|
lamo:
|
266
338
|
description:
|
267
339
|
lckr:
|
@@ -273,9 +345,17 @@ img4_tags:
|
|
273
345
|
logo:
|
274
346
|
description: Apple logo image
|
275
347
|
love:
|
276
|
-
|
348
|
+
title: Local Operating System Version (love)
|
349
|
+
description: >
|
350
|
+
The love indicates the OS version that the LocalPolicy is created for. The version is obtained from the
|
351
|
+
next state manifest during LocalPolicy creation and is used to enforce recoveryOS pairing restrictions.
|
277
352
|
type: string
|
278
353
|
example: "21.3.66.0.0,0"
|
354
|
+
access:
|
355
|
+
write:
|
356
|
+
- 1TR
|
357
|
+
- recoveryOS
|
358
|
+
- macOS
|
279
359
|
prtp:
|
280
360
|
description: Product ID String
|
281
361
|
type: string
|
@@ -287,7 +367,26 @@ img4_tags:
|
|
287
367
|
lphp:
|
288
368
|
description:
|
289
369
|
lpnh:
|
290
|
-
|
370
|
+
title: LocalPolicy Nonce Hash (lpnh)
|
371
|
+
description: >
|
372
|
+
The lpnh is used for anti-replay of the LocalPolicy. This is an SHA384 hash of the LocalPolicy Nonce
|
373
|
+
(LPN), which is stored in the Secure Storage Component and accessible using the Secure Enclave Boot
|
374
|
+
ROM or Secure Enclave. The raw nonce is never visible to the Application Processor, only to the
|
375
|
+
sepOS. An attacker wanting to convince LLB that a previous LocalPolicy they had captured was valid
|
376
|
+
would need to place a value into the Secure Storage Component, which hashes to the same lpnh value
|
377
|
+
found in the LocalPolicy they want to replay. Normally there is a single LPN valid on the system—except
|
378
|
+
during software updates, when two are simultaneously valid—to allow for the possibility of falling back
|
379
|
+
to booting the old software in the event of an update error. When any LocalPolicy for any operating
|
380
|
+
system is changed, all policies are re-signed with the new lpnh value corresponding to the new LPN
|
381
|
+
found in the Secure Storage Component. This change happens when the user changes security settings
|
382
|
+
or creates new operating systems with a new LocalPolicy for each.
|
383
|
+
type: binary
|
384
|
+
subtype: sha2-384
|
385
|
+
access:
|
386
|
+
write:
|
387
|
+
- 1TR
|
388
|
+
- recoveryOS
|
389
|
+
- macOS
|
291
390
|
lpol:
|
292
391
|
description: Local Policy
|
293
392
|
ltrs:
|
@@ -359,7 +458,20 @@ img4_tags:
|
|
359
458
|
pndp:
|
360
459
|
description:
|
361
460
|
prot:
|
362
|
-
|
461
|
+
title: Paired recoveryOS Trusted Boot Policy Measurement (prot)
|
462
|
+
description: >
|
463
|
+
A paired recoveryOS Trusted Boot Policy Measurement (TBPM) is a special iterative SHA384 hash calculation
|
464
|
+
over the Image4 manifest of a LocalPolicy, excluding nonces, in order to give a consistent measurement
|
465
|
+
over time (because nonces like lpnh are frequently updated). The prot field, which is found only in each
|
466
|
+
macOS LocalPolicy, provides a pairing to indicate the recoveryOS LocalPolicy that corresponds to the
|
467
|
+
macOS LocalPolicy.
|
468
|
+
type: binary
|
469
|
+
subtype: sha2-384
|
470
|
+
access:
|
471
|
+
write:
|
472
|
+
- 1TR
|
473
|
+
- recoveryOS
|
474
|
+
- macOS
|
363
475
|
rbmt:
|
364
476
|
description:
|
365
477
|
rddg:
|
@@ -383,11 +495,42 @@ img4_tags:
|
|
383
495
|
rolp:
|
384
496
|
description: recoveryOS local policy
|
385
497
|
ronh:
|
386
|
-
|
498
|
+
title: recoveryOS Nonce Hash (ronh)
|
499
|
+
description: >
|
500
|
+
The ronh behaves the same way as the lpnh, but is found exclusively in the LocalPolicy for system
|
501
|
+
recoveryOS. It’s updated when the system recoveryOS is updated, such as on software updates. A
|
502
|
+
separate nonce from the lpnh and rpnh is used so that when a device is put into a disabled state
|
503
|
+
by Find My, existing operating systems can be disabled (by removing their LPN and RPN from the
|
504
|
+
Secure Storage Component), while still leaving the system recoveryOS bootable. In this way, the
|
505
|
+
operating systems can be reenabled when the system owner proves their control over the system by
|
506
|
+
putting in their iCloud password used for the Find My account. This change happens when a user updates
|
507
|
+
the system recoveryOS or creates new operating systems.
|
508
|
+
type: binary
|
509
|
+
subtype: sha2-384
|
510
|
+
access:
|
511
|
+
write:
|
512
|
+
- 1TR
|
513
|
+
- recoveryOS
|
514
|
+
- macOS
|
387
515
|
rosi:
|
388
516
|
description:
|
389
517
|
nish:
|
390
|
-
|
518
|
+
title: Next Stage Image4 Manifest Hash (nsih)
|
519
|
+
description: >
|
520
|
+
The nsih field represents an SHA384 hash of the Image4 manifest data structure that describes the booted
|
521
|
+
macOS. The macOS Image4 manifest contains measurements for all the boot objects—such as iBoot, the static
|
522
|
+
trust cache, device tree, Boot Kernel Collection, and signed system volume (SSV) volume root hash. When
|
523
|
+
LLB is directed to boot a given macOS, it’s designed to ensure that the hash of the macOS Image4 manifest
|
524
|
+
attached to iBoot matches what’s captured in the nsih field of the LocalPolicy. In this way, the nsih
|
525
|
+
captures the user intention of what operating system the user has created a LocalPolicy for. Users
|
526
|
+
change the nsih value implicitly when they perform a software update.
|
527
|
+
type: binary
|
528
|
+
subtype: sha2-384
|
529
|
+
access:
|
530
|
+
write:
|
531
|
+
- 1TR
|
532
|
+
- recoveryOS
|
533
|
+
- macOS
|
391
534
|
spih:
|
392
535
|
description: Cryptex1 Image4 Hash
|
393
536
|
stng:
|
@@ -395,7 +538,18 @@ img4_tags:
|
|
395
538
|
auxh:
|
396
539
|
description: User Authorized Kext List Hash
|
397
540
|
rpnh:
|
398
|
-
|
541
|
+
title: Remote Policy Nonce Hash (rpnh)
|
542
|
+
description: >
|
543
|
+
The rpnh behaves the same way as the lpnh but is updated only when the remote policy is updated, such as when
|
544
|
+
changing the state of Find My enrollment. This change happens when the user changes the state of Find My on
|
545
|
+
their Mac.
|
546
|
+
type: binary
|
547
|
+
subtype: sha2-384
|
548
|
+
access:
|
549
|
+
write:
|
550
|
+
- 1TR
|
551
|
+
- recoveryOS
|
552
|
+
- macOS
|
399
553
|
RSCH:
|
400
554
|
description: Research mode
|
401
555
|
fgpt:
|
@@ -515,7 +669,17 @@ img4_tags:
|
|
515
669
|
vkdl:
|
516
670
|
description:
|
517
671
|
vuid:
|
518
|
-
|
672
|
+
title: APFS volume group UUID (vuid)
|
673
|
+
description: >
|
674
|
+
The vuid indicates the volume group the kernel should use as root. This field is primarily informational
|
675
|
+
and isn’t used for security constraints. This vuid is set by the user implicitly when creating a new
|
676
|
+
operating system install.
|
677
|
+
type: binary
|
678
|
+
subtype: sha2-384
|
679
|
+
access:
|
680
|
+
- 1TR
|
681
|
+
- recoveryOS
|
682
|
+
- macOS
|
519
683
|
ware:
|
520
684
|
description:
|
521
685
|
wchf:
|
data/share/syscfg.yaml
CHANGED
@@ -1,4 +1,103 @@
|
|
1
1
|
---
|
2
2
|
metadata:
|
3
3
|
description:
|
4
|
-
credits:
|
4
|
+
credits:
|
5
|
+
|
6
|
+
values:
|
7
|
+
RMd#:
|
8
|
+
description: Regulatory Model Number
|
9
|
+
Coor:
|
10
|
+
description: Country of Origin
|
11
|
+
values:
|
12
|
+
- C
|
13
|
+
CFG#:
|
14
|
+
description: Configuration Number
|
15
|
+
SrNm:
|
16
|
+
description: Serial Number
|
17
|
+
MLB#:
|
18
|
+
description: Main Logic Board Serial Number
|
19
|
+
Regn:
|
20
|
+
description: Region Info
|
21
|
+
Mod#:
|
22
|
+
description: Model Number
|
23
|
+
MdlC:
|
24
|
+
description: Model Configuration (key value seperated by ";" and "key=value")
|
25
|
+
CLCG:
|
26
|
+
description: Cover glass (gloss or opaque)
|
27
|
+
BMac:
|
28
|
+
description: Bluetooth MAC Address
|
29
|
+
SwBh:
|
30
|
+
description: Software Behavior
|
31
|
+
CLBG:
|
32
|
+
MkBS:
|
33
|
+
CLHS:
|
34
|
+
CGMt:
|
35
|
+
EMac:
|
36
|
+
EnMt:
|
37
|
+
BGMt:
|
38
|
+
EMc2:
|
39
|
+
rpcp:
|
40
|
+
MkBH:
|
41
|
+
WMac:
|
42
|
+
SBVr:
|
43
|
+
AROC:
|
44
|
+
LTAO:
|
45
|
+
ARSC:
|
46
|
+
ASCl:
|
47
|
+
ARXN:
|
48
|
+
AICl:
|
49
|
+
ARot:
|
50
|
+
ARNC:
|
51
|
+
ARXC:
|
52
|
+
GICl:
|
53
|
+
GRXC:
|
54
|
+
GRXN:
|
55
|
+
GRNC:
|
56
|
+
GRSC:
|
57
|
+
GSCl:
|
58
|
+
GYTT:
|
59
|
+
GRot:
|
60
|
+
MDCC:
|
61
|
+
CRot:
|
62
|
+
CVCC:
|
63
|
+
CDCC:
|
64
|
+
CMOC:
|
65
|
+
CSCM:
|
66
|
+
JRot:
|
67
|
+
CPAS:
|
68
|
+
PRTT: (Pressure Sensor / Barometer) temp-compensation-table
|
69
|
+
SPPO: (Pressure Sensor / Barometer) pressure-offset-calibration
|
70
|
+
PxCl: (Proximity Sensor) prox-calibration
|
71
|
+
PSCl:
|
72
|
+
STRB:
|
73
|
+
BCAR:
|
74
|
+
PrCL:
|
75
|
+
RACa:
|
76
|
+
RACm:
|
77
|
+
RxCL:
|
78
|
+
TCal:
|
79
|
+
WSKU:
|
80
|
+
description: WiFi Chip / Product SKU
|
81
|
+
WCAL:
|
82
|
+
description: WiFi Calibration Data
|
83
|
+
RFEM:
|
84
|
+
BCAL:
|
85
|
+
BTTx:
|
86
|
+
BTBF:
|
87
|
+
MBac:
|
88
|
+
BTRx:
|
89
|
+
RSKU:
|
90
|
+
description: Region SKU (in US "/LLA")
|
91
|
+
DClr:
|
92
|
+
DBCl:
|
93
|
+
DPCl:
|
94
|
+
DTCl:
|
95
|
+
CGSp:
|
96
|
+
CLCL:
|
97
|
+
MiGH:
|
98
|
+
SpPH:
|
99
|
+
SpGH:
|
100
|
+
MiGB:
|
101
|
+
TMac:
|
102
|
+
ksku:
|
103
|
+
TCID:
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apple-data
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.602
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rick Mark
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02-
|
11
|
+
date: 2024-02-15 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: |2
|
14
14
|
This package includes machine readable data about Apple platforms maintained by hack-different.
|