Comment by Retr0id
19 hours ago
> Just recompile the kernel and change the functions it uses to hide the possible cheat and bypass all checks.
You can do this on macOS too, by the way. XNU is open-source.
19 hours ago
> Just recompile the kernel and change the functions it uses to hide the possible cheat and bypass all checks.
You can do this on macOS too, by the way. XNU is open-source.
Is that really true?
How would one get the modified XNU past the verified-boot process? Turn off verified boot?
The overall process is documented here: https://kernelshaman.blogspot.com/2021/02/building-xnu-for-m...
… well, technically speaking, most of it is open source. However, some parts regarding Apple Pay, FileVault, FairPlay DRM, any iOS compatibility, it’s excised.
Right, but you can splice your recompiled version back into the original binary, complete with proprietary components. I've done this before, maybe I should write up the process.
With SIP enabled?
1 reply →
Please do!
Good luck booting a custom kernel with SIP enabled, and I'm pretty sure any anti-cheat will nope out immediately if SIP is disabled.
So intercept whatever mechanism it's using to detect SIP enabled status...?
You would have to somehow compromise the security coprocessors, even on Android where more of the system is open source, Play Integrity relying on this has killed pretty much all methods of tricking application code that the system is stock outside of downgrade attacks (by convincing the application the phone doesn't support newer verification methods).
We can run tasks on them that only produces valid output if the boot chains is verified.
You do have to disable it, but you can patch the kernel to lie to userland about SIP status.