Categories: Kali Linux

MacSubstrate – Tool For Interprocess Code Injection On macOS

MacSubstrate is a platform tool for interprocess code injection on macOS, with the similar function to Cydia Substrate on iOS. Using macSubstrate, you can inject your plugins (.bundle or .framework) into a mac app (including sandboxed apps) to tweak it in the runtime.

  • All you need is to get or create plugins for your target app.
  • No trouble with modification and codesign for the original target app.
  • No more work after the target app is updated.
  • Super easy to install or uninstall a plugin.
  • Loading plugins automatically whenever the target app is relaunched.
  • Providing a GUI app to make injection much easier.

Also Read IDB – Tool To Simplify Some Common Tasks For iOS Pentesting & Research

MacSubstrate Usage

  • Download macSubstrate.app, put into /Applications and launch it.
  • Grant authorization if needed.
  • Install a plugin by importing or dragging into macSubstrate.
  • Launch the target app.

step 3 and step 4 can be switched

Once a plugin is installed by macSubstrate, it will take effect immediately. But if you want it to work whenever the target app is relaunched or macOS is restarted, you need to keep it running and allow it to automatically launch at login.

  • Uninstall a plugin when you do not need it anymore.

Plugin

It supports plugins of .bundle or .framework, so you just need to create a valid .bundle or .framework file. The most important thing is to add a key macSubstratePlugin into the info.plist, with the dictionary value:

Key Value
TargetAppBundleID the target app’s CFBundleIdentifier, this tells it which app to inject.
Description brief description of the plugin
AuthorName author name of the plugin
AuthorEmail author email of the plugin

Please check the demo plugins demo.bundle and demo.framework for details.

Xcode Templates

macSubstrate also provides Xcode Templates to help you create plugins conveniently:

  • ln -fhs ./macSubstratePluginTemplate ~/Library/Developer/Xcode/Templates/macSubstrate\ Plugin
  • Launch Xcode, and there will be 2 new plugin templates for you.
My Plugins
  • Send you a notification when you receive a HongBao message.
  • Send you a notification when you receive a message containing customized keywords.
  • Anti-recall message and send you a notification.

Welcome pull requests of your own plugins to Plugins.

Security

  1. SIP is a new security policy on macOS, which will help to keep you away from potential security risk. Disable it means you will lose the protection from SIP.
  2. If you install a plugin from a developer, you should be responsible for the security of the plugin. If you do not trust it, please do not install it. macSubstrate will help to verify the code signature of a plugin, and I suggest you to scan it using VirusTotal. Anyway, macSubstrate is just a tool, and it is your choice to decide what plugin to install.

R K

Recent Posts

Install Opera Web Browser on Ubuntu 18.04: Complete Setup Guide

Opera is one of the most popular cross-platform web browsers in the world, available on Windows,…

13 hours ago

Install Gogs on Ubuntu 18.04: Self-Hosted Git Server Setup Guide

Gogs is a free, self-hosted Git service written in Go. It gives you a private GitHub-like…

13 hours ago

Install Elasticsearch on Ubuntu 18.04: Setup and Config Guide

Elasticsearch is an open-source distributed search and analytics engine built on Apache Lucene. It supports RESTful…

13 hours ago

Install Flask on Ubuntu 18.04: venv Setup and Hello World App

Flask is a free, open-source micro web framework for Python. It is built on Werkzeug and…

14 hours ago

Install Memcached on Ubuntu 18.04: Setup, Config, and Client Guide

Memcached is a free, open-source, high-performance in-memory caching system. It stores data as key-value pairs in…

14 hours ago

Install TensorFlow on Ubuntu 18.04: Python venv Setup and Usage

TensorFlow is a free, open-source machine learning platform developed by Google. It is used by major…

1 day ago