@ebowwa/mcp-nm 2.0.3 → 2.1.0

package/dist/index.js

@@ -13640,10 +13640,13 @@ class StdioServerTransport {
 // src/index.ts
 import { exec } from "child_process";
 import { promisify } from "util";
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
 var execAsync = promisify(exec);
 var server = new Server({
   name: "@ebowwa/mcp-nm",
-  version: "2.0.3"
+  version: "2.1.0"
 }, {
   capabilities: {
     tools: {}
@@ -15488,6 +15491,442 @@ async function handleBinVerify(args) {
     };
   }
 }
+var PATCH_DIR = path.join(os.homedir(), ".claude", "patches");
+var MANIFEST_PATH = path.join(PATCH_DIR, "manifest.json");
+var BACKUPS_DIR = path.join(PATCH_DIR, "backups");
+var MANIFEST_VERSION = "1.0.0";
+function ensurePatchDir() {
+  if (!fs.existsSync(PATCH_DIR)) {
+    fs.mkdirSync(PATCH_DIR, { recursive: true });
+  }
+  if (!fs.existsSync(BACKUPS_DIR)) {
+    fs.mkdirSync(BACKUPS_DIR, { recursive: true });
+  }
+}
+function loadManifest() {
+  ensurePatchDir();
+  if (fs.existsSync(MANIFEST_PATH)) {
+    try {
+      const data = fs.readFileSync(MANIFEST_PATH, "utf-8");
+      return JSON.parse(data);
+    } catch {}
+  }
+  return {
+    version: MANIFEST_VERSION,
+    createdAt: new Date().toISOString(),
+    updatedAt: new Date().toISOString(),
+    binaries: {}
+  };
+}
+function saveManifest(manifest) {
+  ensurePatchDir();
+  manifest.updatedAt = new Date().toISOString();
+  fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2));
+}
+async function getFileChecksum(filePath) {
+  try {
+    const { stdout } = await execAsync(`shasum -a 256 "${filePath}" | cut -d' ' -f1`);
+    return stdout.trim();
+  } catch {
+    return "unknown";
+  }
+}
+function readBytesAtOffset(filePath, offset, length) {
+  const fd = fs.openSync(filePath, "r");
+  const buffer = Buffer.alloc(length);
+  fs.readSync(fd, buffer, 0, length, offset);
+  fs.closeSync(fd);
+  return buffer.toString("hex").match(/.{2}/g)?.join(" ").toUpperCase() || "";
+}
+function writeBytesAtOffset(filePath, offset, hexData) {
+  const bytes = Buffer.from(hexData.replace(/\s+/g, ""), "hex");
+  const fd = fs.openSync(filePath, "r+");
+  fs.writeSync(fd, bytes, 0, bytes.length, offset);
+  fs.closeSync(fd);
+}
+async function handlePatchRegister(args) {
+  try {
+    const results = [];
+    results.push(`Register Patch: ${args.patchId}`);
+    results.push(`Binary: ${args.filePath}`);
+    results.push(`Offset: 0x${args.offset.toString(16)} (${args.offset})`);
+    results.push("");
+    if (!fs.existsSync(args.filePath)) {
+      return {
+        content: [{ type: "text", text: `Error: File not found: ${args.filePath}` }],
+        isError: true
+      };
+    }
+    const patchedBytes = args.patchedBytes.replace(/\s+/g, "").toUpperCase();
+    const byteLength = patchedBytes.length / 2;
+    let originalBytes = "";
+    if (args.captureOriginal !== false) {
+      try {
+        originalBytes = readBytesAtOffset(args.filePath, args.offset, byteLength);
+        results.push(`Original bytes: ${originalBytes}`);
+      } catch (e) {
+        return {
+          content: [{ type: "text", text: `Error: Could not read original bytes - ${e instanceof Error ? e.message : String(e)}` }],
+          isError: true
+        };
+      }
+    }
+    const backupFileName = `${path.basename(args.filePath)}.offset_${args.offset}.bin`;
+    const backupPath = path.join(BACKUPS_DIR, backupFileName);
+    if (originalBytes) {
+      fs.writeFileSync(backupPath, Buffer.from(originalBytes.replace(/\s+/g, ""), "hex"));
+      results.push(`Backup saved: ${backupPath}`);
+    }
+    const manifest = loadManifest();
+    const checksum = await getFileChecksum(args.filePath);
+    if (!manifest.binaries[args.filePath]) {
+      manifest.binaries[args.filePath] = {
+        binaryPath: args.filePath,
+        binaryName: path.basename(args.filePath),
+        lastPatchedChecksum: checksum,
+        lastAppliedAt: new Date().toISOString(),
+        patches: []
+      };
+    }
+    const existingIndex = manifest.binaries[args.filePath].patches.findIndex((p) => p.id === args.patchId);
+    const newPatch = {
+      id: args.patchId,
+      offset: args.offset,
+      originalBytes: originalBytes || "UNKNOWN",
+      patchedBytes: patchedBytes.match(/.{2}/g)?.join(" ") || patchedBytes,
+      description: args.description,
+      createdAt: new Date().toISOString()
+    };
+    if (existingIndex >= 0) {
+      manifest.binaries[args.filePath].patches[existingIndex] = newPatch;
+      results.push(`Updated existing patch: ${args.patchId}`);
+    } else {
+      manifest.binaries[args.filePath].patches.push(newPatch);
+      results.push(`Registered new patch: ${args.patchId}`);
+    }
+    saveManifest(manifest);
+    results.push("");
+    results.push("Patch registered successfully!");
+    results.push(`Manifest: ${MANIFEST_PATH}`);
+    results.push("");
+    results.push("To apply this patch, use: bin_patch_apply");
+    return { content: [{ type: "text", text: results.join(`
+`) }] };
+  } catch (error2) {
+    return {
+      content: [{ type: "text", text: `Error: ${error2 instanceof Error ? error2.message : String(error2)}` }],
+      isError: true
+    };
+  }
+}
+async function handlePatchApply(args) {
+  const isMac = isMacOS();
+  const resign = args.resign !== false && isMac;
+  const removeQuarantine = args.removeQuarantine !== false && isMac;
+  try {
+    const results = [];
+    results.push(`Apply Patches: ${args.filePath}`);
+    results.push("");
+    const manifest = loadManifest();
+    const record3 = manifest.binaries[args.filePath];
+    if (!record3 || record3.patches.length === 0) {
+      results.push("No registered patches found for this binary.");
+      results.push("");
+      results.push("To register a patch, use: bin_patch_register");
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    const currentChecksum = await getFileChecksum(args.filePath);
+    results.push(`Current checksum: ${currentChecksum.substring(0, 16)}...`);
+    results.push(`Last patched checksum: ${record3.lastPatchedChecksum.substring(0, 16)}...`);
+    if (currentChecksum === record3.lastPatchedChecksum) {
+      results.push("Status: Binary appears to already have patches applied.");
+      results.push("Use force=true to re-apply anyway.");
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    results.push("Binary has been updated - applying patches...");
+    results.push("");
+    const backupPath = `${args.filePath}.prepatch`;
+    fs.copyFileSync(args.filePath, backupPath);
+    results.push(`Backup: ${backupPath}`);
+    let appliedCount = 0;
+    for (const patch of record3.patches) {
+      try {
+        results.push(`Applying: ${patch.id}`);
+        results.push(`  Offset: 0x${patch.offset.toString(16)}`);
+        results.push(`  Bytes: ${patch.patchedBytes}`);
+        writeBytesAtOffset(args.filePath, patch.offset, patch.patchedBytes);
+        appliedCount++;
+        results.push("  Status: Applied");
+      } catch (e) {
+        results.push(`  Status: FAILED - ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
+    if (isMac && appliedCount > 0) {
+      results.push("");
+      if (resign) {
+        results.push("Re-signing binary...");
+        try {
+          await execAsync(`codesign --remove-signature "${args.filePath}" 2>&1`);
+          await execAsync(`codesign --force --sign - "${args.filePath}"`);
+          results.push("  Status: Re-signed with ad-hoc signature");
+        } catch (e) {
+          results.push(`  Warning: ${e instanceof Error ? e.message : String(e)}`);
+        }
+      }
+      if (removeQuarantine) {
+        results.push("Removing quarantine...");
+        try {
+          await execAsync(`xattr -d com.apple.quarantine "${args.filePath}" 2>&1`);
+          await execAsync(`xattr -d com.apple.provenance "${args.filePath}" 2>&1`);
+          results.push("  Status: Quarantine attributes removed");
+        } catch {
+          results.push("  Status: No quarantine to remove");
+        }
+      }
+    }
+    const newChecksum = await getFileChecksum(args.filePath);
+    record3.lastPatchedChecksum = newChecksum;
+    record3.lastAppliedAt = new Date().toISOString();
+    saveManifest(manifest);
+    results.push("");
+    results.push(`=== SUMMARY ===`);
+    results.push(`Patches applied: ${appliedCount}/${record3.patches.length}`);
+    results.push(`New checksum: ${newChecksum.substring(0, 16)}...`);
+    results.push("Binary is ready to use.");
+    return { content: [{ type: "text", text: results.join(`
+`) }] };
+  } catch (error2) {
+    return {
+      content: [{ type: "text", text: `Error: ${error2 instanceof Error ? error2.message : String(error2)}` }],
+      isError: true
+    };
+  }
+}
+async function handlePatchVerify(args) {
+  try {
+    const results = [];
+    results.push(`Verify Patches: ${args.filePath}`);
+    results.push("");
+    const manifest = loadManifest();
+    const record3 = manifest.binaries[args.filePath];
+    if (!record3 || record3.patches.length === 0) {
+      results.push("No registered patches found for this binary.");
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    const currentChecksum = await getFileChecksum(args.filePath);
+    results.push(`Current checksum: ${currentChecksum.substring(0, 16)}...`);
+    results.push(`Expected checksum: ${record3.lastPatchedChecksum.substring(0, 16)}...`);
+    results.push("");
+    if (currentChecksum !== record3.lastPatchedChecksum) {
+      results.push("⚠️  Binary has been UPDATED since last patch.");
+      results.push("   Run bin_patch_apply to re-apply patches.");
+      results.push("");
+    } else {
+      results.push("✓ Binary checksum matches patched version.");
+      results.push("");
+    }
+    results.push("Patch Status:");
+    let allApplied = true;
+    for (const patch of record3.patches) {
+      try {
+        const byteLength = patch.patchedBytes.replace(/\s+/g, "").length / 2;
+        const currentBytes = readBytesAtOffset(args.filePath, patch.offset, byteLength);
+        const normalizedCurrent = currentBytes.replace(/\s+/g, "").toUpperCase();
+        const normalizedPatched = patch.patchedBytes.replace(/\s+/g, "").toUpperCase();
+        if (normalizedCurrent === normalizedPatched) {
+          results.push(`  ✓ ${patch.id}: APPLIED`);
+        } else if (normalizedCurrent === patch.originalBytes.replace(/\s+/g, "").toUpperCase()) {
+          results.push(`  ✗ ${patch.id}: NOT APPLIED (original bytes present)`);
+          allApplied = false;
+        } else {
+          results.push(`  ? ${patch.id}: UNKNOWN (bytes don't match expected)`);
+          results.push(`      Current: ${currentBytes}`);
+          results.push(`      Expected: ${patch.patchedBytes}`);
+          allApplied = false;
+        }
+      } catch (e) {
+        results.push(`  ✗ ${patch.id}: ERROR - ${e instanceof Error ? e.message : String(e)}`);
+        allApplied = false;
+      }
+    }
+    results.push("");
+    if (allApplied && currentChecksum === record3.lastPatchedChecksum) {
+      results.push("Status: All patches verified and applied.");
+    } else if (!allApplied) {
+      results.push("Status: Some patches need to be applied.");
+      results.push("Action: Run bin_patch_apply");
+    } else {
+      results.push("Status: Binary may have been updated. Re-apply patches.");
+      results.push("Action: Run bin_patch_apply");
+    }
+    return { content: [{ type: "text", text: results.join(`
+`) }] };
+  } catch (error2) {
+    return {
+      content: [{ type: "text", text: `Error: ${error2 instanceof Error ? error2.message : String(error2)}` }],
+      isError: true
+    };
+  }
+}
+async function handlePatchRestore(args) {
+  const isMac = isMacOS();
+  const resign = args.resign !== false && isMac;
+  try {
+    const results = [];
+    results.push(`Restore Patches: ${args.filePath}`);
+    results.push("");
+    const manifest = loadManifest();
+    const record3 = manifest.binaries[args.filePath];
+    if (!record3 || record3.patches.length === 0) {
+      results.push("No registered patches found for this binary.");
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    const patchesToRestore = args.patchId ? record3.patches.filter((p) => p.id === args.patchId) : record3.patches;
+    if (patchesToRestore.length === 0) {
+      results.push(`No patch found with ID: ${args.patchId}`);
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    const backupPath = `${args.filePath}.prerestore`;
+    fs.copyFileSync(args.filePath, backupPath);
+    results.push(`Backup: ${backupPath}`);
+    results.push("");
+    let restoredCount = 0;
+    for (const patch of patchesToRestore) {
+      if (patch.originalBytes === "UNKNOWN") {
+        results.push(`${patch.id}: SKIPPED (no original bytes captured)`);
+        continue;
+      }
+      try {
+        results.push(`Restoring: ${patch.id}`);
+        writeBytesAtOffset(args.filePath, patch.offset, patch.originalBytes);
+        results.push(`  Offset: 0x${patch.offset.toString(16)}`);
+        results.push(`  Bytes: ${patch.originalBytes}`);
+        results.push("  Status: Restored");
+        restoredCount++;
+      } catch (e) {
+        results.push(`  Status: FAILED - ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
+    if (isMac && restoredCount > 0 && resign) {
+      results.push("");
+      results.push("Re-signing binary...");
+      try {
+        await execAsync(`codesign --remove-signature "${args.filePath}" 2>&1`);
+        await execAsync(`codesign --force --sign - "${args.filePath}"`);
+        results.push("  Status: Re-signed with ad-hoc signature");
+      } catch (e) {
+        results.push(`  Warning: ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
+    const newChecksum = await getFileChecksum(args.filePath);
+    record3.lastPatchedChecksum = newChecksum;
+    saveManifest(manifest);
+    results.push("");
+    results.push(`Restored: ${restoredCount}/${patchesToRestore.length} patches`);
+    return { content: [{ type: "text", text: results.join(`
+`) }] };
+  } catch (error2) {
+    return {
+      content: [{ type: "text", text: `Error: ${error2 instanceof Error ? error2.message : String(error2)}` }],
+      isError: true
+    };
+  }
+}
+async function handlePatchList(args) {
+  try {
+    const results = [];
+    results.push("Patch Registry");
+    results.push(`Manifest: ${MANIFEST_PATH}`);
+    results.push("");
+    const manifest = loadManifest();
+    if (Object.keys(manifest.binaries).length === 0) {
+      results.push("No patches registered.");
+      results.push("");
+      results.push("To register a patch, use: bin_patch_register");
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    const binariesToShow = args.filePath ? { [args.filePath]: manifest.binaries[args.filePath] } : manifest.binaries;
+    for (const [binaryPath, record3] of Object.entries(binariesToShow)) {
+      if (!record3)
+        continue;
+      results.push(`═══════════════════════════════════════════════════════════`);
+      results.push(`Binary: ${binaryPath}`);
+      results.push(`Name: ${record3.binaryName}`);
+      results.push(`Patches: ${record3.patches.length}`);
+      results.push(`Last Applied: ${record3.lastAppliedAt}`);
+      results.push(`Checksum: ${record3.lastPatchedChecksum.substring(0, 16)}...`);
+      results.push("");
+      if (record3.patches.length > 0) {
+        results.push("Registered Patches:");
+        for (const patch of record3.patches) {
+          results.push(`  ┌─ ${patch.id} ─────────────────────────────────`);
+          results.push(`  │ Offset: 0x${patch.offset.toString(16)} (${patch.offset})`);
+          results.push(`  │ Original: ${patch.originalBytes}`);
+          results.push(`  │ Patched:  ${patch.patchedBytes}`);
+          results.push(`  │ Description: ${patch.description}`);
+          results.push(`  │ Created: ${patch.createdAt}`);
+          results.push(`  └────────────────────────────────────────────`);
+        }
+      }
+      results.push("");
+    }
+    return { content: [{ type: "text", text: results.join(`
+`) }] };
+  } catch (error2) {
+    return {
+      content: [{ type: "text", text: `Error: ${error2 instanceof Error ? error2.message : String(error2)}` }],
+      isError: true
+    };
+  }
+}
+async function handlePatchRemove(args) {
+  try {
+    const results = [];
+    results.push(`Remove Patch: ${args.patchId}`);
+    results.push("");
+    const manifest = loadManifest();
+    const record3 = manifest.binaries[args.filePath];
+    if (!record3) {
+      results.push("No patches registered for this binary.");
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    const index = record3.patches.findIndex((p) => p.id === args.patchId);
+    if (index < 0) {
+      results.push(`Patch not found: ${args.patchId}`);
+      return { content: [{ type: "text", text: results.join(`
+`) }] };
+    }
+    const removed = record3.patches.splice(index, 1)[0];
+    results.push("Removed patch:");
+    results.push(`  ID: ${removed.id}`);
+    results.push(`  Offset: 0x${removed.offset.toString(16)}`);
+    results.push(`  Description: ${removed.description}`);
+    if (record3.patches.length === 0) {
+      delete manifest.binaries[args.filePath];
+      results.push("");
+      results.push("No more patches for this binary - removed from registry.");
+    }
+    saveManifest(manifest);
+    results.push("");
+    results.push("Patch removed from registry.");
+    results.push("Note: This does NOT undo the patch in the binary.");
+    results.push("Use bin_patch_restore to restore original bytes.");
+    return { content: [{ type: "text", text: results.join(`
+`) }] };
+  } catch (error2) {
+    return {
+      content: [{ type: "text", text: `Error: ${error2 instanceof Error ? error2.message : String(error2)}` }],
+      isError: true
+    };
+  }
+}
 var TOOLS = [
   {
     name: "nm_list_symbols",
@@ -16036,6 +16475,82 @@ var TOOLS = [
       },
       required: ["filePath"]
     }
+  },
+  {
+    name: "bin_patch_register",
+    description: "Register a binary patch for persistence across updates. Captures original bytes and stores in manifest.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        patchId: { type: "string", description: "Unique identifier for this patch (e.g., 'skip-permissions')" },
+        offset: { type: "number", description: "Byte offset to patch" },
+        patchedBytes: { type: "string", description: "Hex bytes to write (e.g., '90 90 90')" },
+        description: { type: "string", description: "Description of what this patch does" },
+        captureOriginal: { type: "boolean", description: "Capture original bytes (default: true)" }
+      },
+      required: ["filePath", "patchId", "offset", "patchedBytes", "description"]
+    }
+  },
+  {
+    name: "bin_patch_apply",
+    description: "Apply all registered patches to a binary. Handles macOS re-signing and quarantine. Detects binary updates.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        resign: { type: "boolean", description: "Re-sign binary after patching (macOS, default: true)" },
+        removeQuarantine: { type: "boolean", description: "Remove quarantine after patching (macOS, default: true)" }
+      },
+      required: ["filePath"]
+    }
+  },
+  {
+    name: "bin_patch_verify",
+    description: "Verify if registered patches are currently applied to a binary. Detects if binary was updated.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" }
+      },
+      required: ["filePath"]
+    }
+  },
+  {
+    name: "bin_patch_restore",
+    description: "Restore original bytes for registered patches. Undoes patches in the binary.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        patchId: { type: "string", description: "Specific patch to restore (optional - restores all if omitted)" },
+        resign: { type: "boolean", description: "Re-sign binary after restoring (macOS, default: true)" }
+      },
+      required: ["filePath"]
+    }
+  },
+  {
+    name: "bin_patch_list",
+    description: "List all registered patches in the manifest, optionally filtered by binary.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        filePath: { type: "string", description: "Filter by binary path (optional)" }
+      },
+      required: []
+    }
+  },
+  {
+    name: "bin_patch_remove",
+    description: "Remove a patch from the registry. Does NOT undo the patch in the binary.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        patchId: { type: "string", description: "ID of the patch to remove from registry" }
+      },
+      required: ["filePath", "patchId"]
+    }
   }
 ];
 server.setRequestHandler(ListToolsRequestSchema, async () => {
@@ -16127,6 +16642,18 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         return await handleSafePatch(args);
       case "bin_verify":
         return await handleBinVerify(args);
+      case "bin_patch_register":
+        return await handlePatchRegister(args);
+      case "bin_patch_apply":
+        return await handlePatchApply(args);
+      case "bin_patch_verify":
+        return await handlePatchVerify(args);
+      case "bin_patch_restore":
+        return await handlePatchRestore(args);
+      case "bin_patch_list":
+        return await handlePatchList(args);
+      case "bin_patch_remove":
+        return await handlePatchRemove(args);
       default:
         throw new Error(`Unknown tool: ${name}`);
     }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@ebowwa/mcp-nm",
-  "version": "2.0.3",
-  "description": "Comprehensive binary analysis MCP server - symbols (nm), hex dumps (xxd), strings, disassembly, security audit, entropy analysis, ELF/Mach-O inspection, binary patching, and macOS code signing tools",
+  "version": "2.1.0",
+  "description": "Comprehensive binary analysis MCP server - symbols (nm), hex dumps (xxd), strings, disassembly, security audit, entropy analysis, ELF/Mach-O inspection, binary patching, macOS code signing, and persistent patch management",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -36,7 +36,9 @@
     "otool",
     "codesign",
     "quarantine",
-    "macos"
+    "macos",
+    "patch-management",
+    "binary-persistence"
   ],
   "author": "ebowwa",
   "license": "MIT",