mirror of
https://github.com/Sneed-Group/pd-quack
synced 2024-10-30 00:07:54 +00:00
hello world!
This commit is contained in:
commit
21b413ae2d
9 changed files with 693 additions and 0 deletions
BIN
56caed0c46c44ef9a55f94634efe290f244402-tuya.png
Normal file
BIN
56caed0c46c44ef9a55f94634efe290f244402-tuya.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 20 KiB |
BIN
ParallelsDesktop-18.0.1-53056.dmg
Normal file
BIN
ParallelsDesktop-18.0.1-53056.dmg
Normal file
Binary file not shown.
8
ParallelsService.entitlements
Normal file
8
ParallelsService.entitlements
Normal file
|
@ -0,0 +1,8 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.smartcard</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
1
a
Normal file
1
a
Normal file
|
@ -0,0 +1 @@
|
|||
|
131
install.sh
Normal file
131
install.sh
Normal file
|
@ -0,0 +1,131 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
BASE_PATH=$(
|
||||
cd $(dirname "$0");
|
||||
pwd
|
||||
)
|
||||
|
||||
COLOR_INFO='\033[0;34m'
|
||||
COLOR_ERR='\033[0;35m'
|
||||
NOCOLOR='\033[0m'
|
||||
|
||||
PDFM_DIR="/Applications/Parallels Desktop.app"
|
||||
PDFM_LOC="/Library/Preferences/Parallels/parallels-desktop.loc"
|
||||
PDFM_VER="18.0.1-53056"
|
||||
|
||||
PDFM_DISP_CRACK="${BASE_PATH}/prl_disp_service"
|
||||
PDFM_DISP_DST="${PDFM_DIR}/Contents/MacOS/Parallels Service.app/Contents/MacOS/prl_disp_service"
|
||||
PDFM_DISP_ENT="${BASE_PATH}/ParallelsService.entitlements"
|
||||
|
||||
LICENSE_FILE="${BASE_PATH}/licenses.json"
|
||||
LICENSE_DST="/Library/Preferences/Parallels/licenses.json"
|
||||
|
||||
PDFM_DISP_ORIGINAL_HASH="70b92c64c81c7992e901c2e23a2c2a08547e0d82f3b4fa28cc5f7e8bbac04cb6"
|
||||
PDFM_DISP_HASH="a0975389fb97f54c831d4db896d9b6983000b05dad4c8db88c3f2aced35a6dd9"
|
||||
LICENSE_HASH="ac735f3ee7ac815539f07e68561baceda858cf7ac5887feae863f10a60db3d79"
|
||||
|
||||
# read location from parallels-desktop.loc
|
||||
if [ -f "${PDFM_LOC}" ]; then
|
||||
PDFM_DIR=$(cat "${PDFM_LOC}")
|
||||
fi
|
||||
|
||||
# check parallels desktop install
|
||||
if [ ! -d "${PDFM_DIR}" ]; then
|
||||
echo -e "${COLOR_ERR}[-] Not found ${PDFM_DIR}, are you installed Parallels Desktop ${PDFM_VER}?${NOCOLOR}"
|
||||
echo " Download from here: https://download.parallels.com/desktop/v18/${PDFM_VER}/ParallelsDesktop-${PDFM_VER}.dmg"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check parallels desktop version
|
||||
VERSION_1=$(defaults read "${PDFM_DIR}/Contents/Info.plist" CFBundleShortVersionString)
|
||||
VERSION_2=$(defaults read "${PDFM_DIR}/Contents/Info.plist" CFBundleVersion)
|
||||
INSTALL_VER="${VERSION_1}-${VERSION_2}"
|
||||
if [ "${PDFM_VER}" != "${VERSION_1}-${VERSION_2}" ]; then
|
||||
echo -e "${COLOR_ERR}[-] This crack is for ${PDFM_VER}, but you installed is ${INSTALL_VER}.${NOCOLOR}"
|
||||
echo " Download from here: https://download.parallels.com/desktop/v18/${PDFM_VER}/ParallelsDesktop-${PDFM_VER}.dmg"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# check prl_disp_service hash
|
||||
FILE_HASH=$(shasum -a 256 -b "${PDFM_DISP_CRACK}" | awk '{print $1}')
|
||||
if [ "${FILE_HASH}" != "${PDFM_DISP_HASH}" ]; then
|
||||
echo -e "${COLOR_ERR}[-] ${FILE_HASH} != ${PDFM_DISP_HASH}${NOCOLOR}"
|
||||
echo -e "${COLOR_ERR}[-] verify crack file (prl_disp_service) hash error.${NOCOLOR}"
|
||||
echo -e "${COLOR_ERR}[-] please re-download crack files.${NOCOLOR}"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# check licenses.json hash
|
||||
FILE_HASH=$(shasum -a 256 -b "${LICENSE_FILE}" | awk '{print $1}')
|
||||
if [ "${FILE_HASH}" != "${LICENSE_HASH}" ]; then
|
||||
echo -e "${COLOR_ERR}[-] ${FILE_HASH} != ${LICENSE_HASH}${NOCOLOR}"
|
||||
echo -e "${COLOR_ERR}[-] verify crack file (licenses.json) hash error.${NOCOLOR}"
|
||||
echo -e "${COLOR_ERR}[-] please re-download crack files.${NOCOLOR}"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# check run as root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo -e "${COLOR_ERR}[-] Please run as root.${NOCOLOR}"
|
||||
echo -e "${COLOR_INFO} eg. sudo ${NOCOLOR}$0"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Exit Parallels Desktop${NOCOLOR}"
|
||||
"${PDFM_DIR}/Contents/MacOS/Parallels Service" service_stop
|
||||
killall prl_client_app 2>/dev/null
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Start Parallels Service${NOCOLOR}"
|
||||
"${PDFM_DIR}/Contents/MacOS/Parallels Service" service_start
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Exit Parallels Desktop account ...${NOCOLOR}"
|
||||
"${PDFM_DIR}/Contents/MacOS/prlsrvctl" web-portal signout 2>/dev/null
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Disable CEP ...${NOCOLOR}"
|
||||
"${PDFM_DIR}/Contents/MacOS/prlsrvctl" --cep off 2>/dev/null
|
||||
"${PDFM_DIR}/Contents/MacOS/prlsrvctl" --allow-attach-screenshots off 2>/dev/null
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Stop Parallels Service${NOCOLOR}"
|
||||
"${PDFM_DIR}/Contents/MacOS/Parallels Service" service_stop
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Copy prl_disp_service${NOCOLOR}"
|
||||
|
||||
rm -f "${PDFM_DISP_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
cp -X "${PDFM_DISP_CRACK}" "${PDFM_DISP_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
chown root:wheel "${PDFM_DISP_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
chmod 755 "${PDFM_DISP_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
|
||||
# check hash
|
||||
FILE_HASH=$(shasum -a 256 -b "${PDFM_DISP_DST}" | awk '{print $1}')
|
||||
if [ "${FILE_HASH}" != "${PDFM_DISP_HASH}" ]; then
|
||||
echo -e "${COLOR_ERR}[-] ${FILE_HASH} != ${PDFM_DISP_HASH}${NOCOLOR}"
|
||||
echo -e "${COLOR_ERR}[-] verify target file (prl_disp_service) hash error.${NOCOLOR}"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Sign prl_disp_service${NOCOLOR}"
|
||||
|
||||
codesign -f -s - --timestamp=none --all-architectures --entitlements "${PDFM_DISP_ENT}" "${PDFM_DISP_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Copy fake licenses.json${NOCOLOR}"
|
||||
|
||||
if [ -f "${LICENSE_DST}" ]; then
|
||||
chflags -R 0 "${LICENSE_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
rm -f "${LICENSE_DST}" > /dev/null || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
fi
|
||||
|
||||
cp -X "${LICENSE_FILE}" "${LICENSE_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
chown root:wheel "${LICENSE_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
chmod 444 "${LICENSE_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
chflags uchg "${LICENSE_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
chflags schg "${LICENSE_DST}" || { echo -e "${COLOR_ERR}error $? at line $LINENO.${NOCOLOR}"; exit $?; }
|
||||
|
||||
# check hash
|
||||
FILE_HASH=$(shasum -a 256 -b "${LICENSE_DST}" | awk '{print $1}')
|
||||
if [ "${FILE_HASH}" != "${LICENSE_HASH}" ]; then
|
||||
echo -e "${COLOR_ERR}[-] ${FILE_HASH} != ${LICENSE_HASH}${NOCOLOR}"
|
||||
echo -e "${COLOR_ERR}[-] verify target file (${LICENSE_DST}) hash error.${NOCOLOR}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${COLOR_INFO}[*] Crack over${NOCOLOR}"
|
1
licenses.json
Normal file
1
licenses.json
Normal file
|
@ -0,0 +1 @@
|
|||
{"license":"{\"product_version\":\"18.*\",\"edition\":2,\"platform\":3,\"product\":7,\"offline\":true,\"cpu_limit\":32,\"ram_limit\":131072}"}
|
BIN
prl_disp_service
Normal file
BIN
prl_disp_service
Normal file
Binary file not shown.
446
prl_disp_service.md
Normal file
446
prl_disp_service.md
Normal file
|
@ -0,0 +1,446 @@
|
|||
# patch prl_disp_app
|
||||
|
||||
## 2. patch Signature::SignCheckerImpl
|
||||
|
||||
### 2.1 find vtable
|
||||
|
||||
#### x86_64
|
||||
|
||||
```
|
||||
__const:00000001009B2A70 ; `vtable for'Signature::SignCheckerImpl
|
||||
__const:00000001009B2A70 00 00 00 00 00 00 00 00 _ZTVN9Signature15SignCheckerImplE dq 0 ; DATA XREF: sub_100349A00+28↑o
|
||||
__const:00000001009B2A70 ; offset to this
|
||||
__const:00000001009B2A78 A8 2A 9B 00 01 00 00 00 dq offset _ZTIN9Signature15SignCheckerImplE ; `typeinfo for'Signature::SignCheckerImpl
|
||||
__const:00000001009B2A80 00 0B 5B 00 01 00 00 00 dq offset sub_1005B0B00
|
||||
__const:00000001009B2A88 10 0B 5B 00 01 00 00 00 dq offset sub_1005B0B10
|
||||
__const:00000001009B2A90 80 07 5B 00 01 00 00 00 dq offset sub_1005B0780
|
||||
```
|
||||
|
||||
#### arm64
|
||||
|
||||
```
|
||||
__const:0000000100988520 ; `vtable for'Signature::SignCheckerImpl
|
||||
__const:0000000100988520 00 00 00 00 00 00 00 00 _ZTVN9Signature15SignCheckerImplE DCQ 0 ; DATA XREF: sub_100369410+28↑o
|
||||
__const:0000000100988520 ; offset to this
|
||||
__const:0000000100988528 58 85 98 00 01 00 00 00 DCQ _ZTIN9Signature15SignCheckerImplE ; `typeinfo for'Signature::SignCheckerImpl
|
||||
__const:0000000100988530 28 E9 5D 00 01 00 00 00 DCQ nullsub_201
|
||||
__const:0000000100988538 2C E9 5D 00 01 00 00 00 DCQ j___ZdlPv_267
|
||||
__const:0000000100988540 84 E5 5D 00 01 00 00 00 DCQ sub_1005DE584
|
||||
```
|
||||
|
||||
### 2.2 patch function `sub_1005B0780`
|
||||
|
||||
#### x86_64
|
||||
|
||||
```
|
||||
__text:00000001005B0780 55 push rbp
|
||||
__text:00000001005B0781 48 89 E5 mov rbp, rsp
|
||||
__text:00000001005B0784 41 57 push r15
|
||||
__text:00000001005B0786 41 56 push r14
|
||||
__text:00000001005B0788 41 54 push r12
|
||||
__text:00000001005B078A 53 push rbx
|
||||
__text:00000001005B078B 48 81 EC A0 00 00 00 sub rsp, 0A0h
|
||||
__text:00000001005B0792 49 89 CE mov r14, rcx
|
||||
__text:00000001005B0795 49 89 D7 mov r15, rdx
|
||||
__text:00000001005B0798 49 89 F4 mov r12, rsi
|
||||
__text:00000001005B079B BF D0 0A 00 00 mov edi, 0AD0h ; unsigned __int64
|
||||
__text:00000001005B07A0 E8 D7 4E 23 00 call __Znwm ; operator new(ulong)
|
||||
__text:00000001005B07A5 48 89 C3 mov rbx, rax
|
||||
__text:00000001005B07A8 48 89 45 A0 mov [rbp+var_60], rax
|
||||
__text:00000001005B07AC 0F 28 05 DD 8F 38 00 movaps xmm0, cs:xmmword_100939790
|
||||
__text:00000001005B07B3 0F 29 45 90 movaps [rbp+var_70], xmm0
|
||||
__text:00000001005B07B7 48 8D 35 58 8F 31 00 lea rsi, aBeginCertifica ; "-----BEGIN CERTIFICATE-----\nMIIHzTCCBb"...
|
||||
__text:00000001005B07BE BA CC 0A 00 00 mov edx, 0ACCh ; __n
|
||||
__text:00000001005B07C3 48 89 C7 mov rdi, rax ; __dst
|
||||
__text:00000001005B07C6 E8 3D 53 23 00 call _memcpy
|
||||
__text:00000001005B07CB C6 83 CC 0A 00 00 00 mov byte ptr [rbx+0ACCh], 0
|
||||
__text:00000001005B07D2 48 8D BD 48 FF FF FF lea rdi, [rbp+var_B8]
|
||||
__text:00000001005B07D9 48 8D 75 90 lea rsi, [rbp+var_70]
|
||||
__text:00000001005B07DD E8 CE 07 00 00 call sub_1005B0FB0
|
||||
__text:00000001005B07E2 F6 45 90 01 test byte ptr [rbp+var_70], 1
|
||||
__text:00000001005B07E6 74 09 jz short loc_1005B07F1
|
||||
__text:00000001005B07E8 48 8B 7D A0 mov rdi, [rbp+var_60] ; void *
|
||||
__text:00000001005B07EC E8 61 4E 23 00 call __ZdlPv ; operator delete(void *)
|
||||
__text:00000001005B07F1
|
||||
```
|
||||
opcode
|
||||
|
||||
```
|
||||
55 48 89 E5 41 57 41 56 41 54 53 48 81 EC A0 00
|
||||
00 00 49 89 CE 49 89 D7 49 89 F4 BF D0 0A 00 00
|
||||
E8 D7 4E 23 00 48 89 C3 48 89 45 A0 0F 28 05 DD
|
||||
8F 38 00 0F 29 45 90 48 8D 35 58 8F 31 00 BA CC
|
||||
|
||||
```
|
||||
|
||||
patch
|
||||
|
||||
```
|
||||
6A 01 58 C3
|
||||
```
|
||||
|
||||
after
|
||||
|
||||
```
|
||||
__text:00000001005B0780 sub_1005B0780 proc near ; DATA XREF: __const:00000001009B2A90↓o
|
||||
__text:00000001005B0780 6A 01 push 1
|
||||
__text:00000001005B0782 58 pop rax
|
||||
__text:00000001005B0783 C3 retn
|
||||
__text:00000001005B0783 sub_1005B0780 endp
|
||||
```
|
||||
|
||||
|
||||
#### arm64
|
||||
|
||||
```
|
||||
__text:00000001005DE584 FF 03 03 D1 SUB SP, SP, #0xC0
|
||||
__text:00000001005DE588 F6 57 09 A9 STP X22, X21, [SP,#0xB0+var_20]
|
||||
__text:00000001005DE58C F4 4F 0A A9 STP X20, X19, [SP,#0xB0+var_10]
|
||||
__text:00000001005DE590 FD 7B 0B A9 STP X29, X30, [SP,#0xB0+var_s0]
|
||||
__text:00000001005DE594 FD C3 02 91 ADD X29, SP, #0xB0
|
||||
__text:00000001005DE598 F3 03 03 AA MOV X19, X3
|
||||
__text:00000001005DE59C F4 03 02 AA MOV X20, X2
|
||||
__text:00000001005DE5A0 F5 03 01 AA MOV X21, X1
|
||||
__text:00000001005DE5A4 00 5A 81 52 MOV W0, #0xAD0 ; unsigned __int64
|
||||
__text:00000001005DE5A8 70 C8 07 94 BL __Znwm ; operator new(ulong)
|
||||
__text:00000001005DE5AC F6 03 00 AA MOV X22, X0
|
||||
__text:00000001005DE5B0 E0 2B 00 F9 STR X0, [SP,#0xB0+var_60]
|
||||
__text:00000001005DE5B4 E8 10 00 B0 ADRP X8, #xmmword_1007FB2D0@PAGE
|
||||
__text:00000001005DE5B8 00 B5 C0 3D LDR Q0, [X8,#xmmword_1007FB2D0@PAGEOFF]
|
||||
__text:00000001005DE5BC E0 83 85 3C STUR Q0, [SP,#0xB0+var_58]
|
||||
__text:00000001005DE5C0 C1 18 00 F0 21 84 25 91 ADRL X1, aBeginCertifica ; "-----BEGIN CERTIFICATE-----\nMIIHzTCCBb"...
|
||||
__text:00000001005DE5C8 82 59 81 52 MOV W2, #0xACC ; __n
|
||||
__text:00000001005DE5CC A7 CA 07 94 BL _memcpy
|
||||
__text:00000001005DE5D0 DF 32 2B 39 STRB WZR, [X22,#0xACC]
|
||||
__text:00000001005DE5D4 A0 23 01 D1 SUB X0, X29, #-var_48
|
||||
__text:00000001005DE5D8 E1 43 01 91 ADD X1, SP, #0xB0+var_60
|
||||
__text:00000001005DE5DC 00 02 00 94 BL j___ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_ ; std::string::basic_string(std::string const&)
|
||||
__text:00000001005DE5E0 E8 9F C1 39 LDRSB W8, [SP,#0xB0+var_58+0xF]
|
||||
__text:00000001005DE5E4 68 00 F8 36 TBZ W8, #0x1F, loc_1005DE5F0
|
||||
__text:00000001005DE5E8 E0 2B 40 F9 LDR X0, [SP,#0xB0+var_60] ; void *
|
||||
__text:00000001005DE5EC 4A C8 07 94 BL __ZdlPv ; operator delete(void *)
|
||||
__text:00000001005DE5F0
|
||||
```
|
||||
|
||||
opcode
|
||||
|
||||
```
|
||||
FF 03 03 D1 F6 57 09 A9 F4 4F 0A A9 FD 7B 0B A9
|
||||
FD C3 02 91 F3 03 03 AA F4 03 02 AA F5 03 01 AA
|
||||
00 5A 81 52 70 C8 07 94 F6 03 00 AA E0 2B 00 F9
|
||||
E8 10 00 B0 00 B5 C0 3D E0 83 85 3C C1 18 00 F0
|
||||
```
|
||||
|
||||
patch
|
||||
|
||||
```
|
||||
20 00 80 D2 C0 03 5F D6
|
||||
```
|
||||
|
||||
after
|
||||
|
||||
```
|
||||
__text:00000001005DE584 sub_1005DE584 ; DATA XREF: __const:0000000100988540↓o
|
||||
__text:00000001005DE584 20 00 80 D2 MOV X0, #1
|
||||
__text:00000001005DE588 C0 03 5F D6 RET
|
||||
__text:00000001005DE588 ; End of function sub_1005DE584
|
||||
```
|
||||
|
||||
## 2. patch /usr/bin/codesign verify
|
||||
|
||||
find string xref to "/usr/bin/codesign"
|
||||
|
||||
### x86_64
|
||||
|
||||
```
|
||||
__text:00000001007C9280 55 push rbp
|
||||
__text:00000001007C9281 48 89 E5 mov rbp, rsp
|
||||
__text:00000001007C9284 41 57 push r15
|
||||
__text:00000001007C9286 41 56 push r14
|
||||
__text:00000001007C9288 41 55 push r13
|
||||
__text:00000001007C928A 41 54 push r12
|
||||
__text:00000001007C928C 53 push rbx
|
||||
__text:00000001007C928D 48 81 EC 38 04 00 00 sub rsp, 438h
|
||||
__text:00000001007C9294 4C 89 85 B8 FB FF FF mov [rbp+var_448], r8
|
||||
__text:00000001007C929B 48 89 8D B0 FB FF FF mov [rbp+var_450], rcx
|
||||
__text:00000001007C92A2 48 89 95 A8 FB FF FF mov [rbp+var_458], rdx
|
||||
__text:00000001007C92A9 41 89 F4 mov r12d, esi
|
||||
__text:00000001007C92AC 48 89 FB mov rbx, rdi
|
||||
__text:00000001007C92AF 48 8B 05 7A 70 1C 00 mov rax, cs:___stack_chk_guard_ptr
|
||||
__text:00000001007C92B6 48 8B 00 mov rax, [rax]
|
||||
__text:00000001007C92B9 48 89 45 D0 mov [rbp+var_30], rax
|
||||
__text:00000001007C92BD 48 8B 0D B4 83 27 00 mov rcx, cs:off_100A41678 ; "4C6364ACXT"
|
||||
__text:00000001007C92C4 48 8D 15 C4 2A 15 00 lea rdx, aAnchorAppleGen_0 ; "=anchor apple generic and certificate l"...
|
||||
__text:00000001007C92CB 45 31 F6 xor r14d, r14d
|
||||
__text:00000001007C92CE 48 8D BD D0 FB FF FF lea rdi, [rbp+__str] ; __str
|
||||
__text:00000001007C92D5 BE 00 04 00 00 mov esi, 400h ; __size
|
||||
__text:00000001007C92DA 31 C0 xor eax, eax
|
||||
__text:00000001007C92DC E8 73 CA 01 00 call _snprintf
|
||||
__text:00000001007C92E1 48 C7 85 C0 FB FF FF 00+ mov [rbp+staticCode], 0
|
||||
__text:00000001007C92E1 00 00 00
|
||||
__text:00000001007C92EC 48 8D 3D 8A 2A 15 00 lea rdi, __file ; "/usr/bin/codesign"
|
||||
__text:00000001007C92F3 BE 01 00 00 00 mov esi, 1 ; int
|
||||
__text:00000001007C92F8 E8 3F C4 01 00 call _access
|
||||
__text:00000001007C92FD 85 C0 test eax, eax
|
||||
__text:00000001007C92FF 74 29 jz short loc_1007C932A
|
||||
```
|
||||
|
||||
opcode
|
||||
|
||||
```
|
||||
55 48 89 E5 41 57 41 56 41 55 41 54 53 48 81 EC
|
||||
38 04 00 00 4C 89 85 B8 FB FF FF 48 89 8D B0 FB
|
||||
FF FF 48 89 95 A8 FB FF FF 41 89 F4 48 89 FB 48
|
||||
8B 05 7A 70 1C 00 48 8B 00 48 89 45 D0 48 8B 0D
|
||||
```
|
||||
|
||||
patch
|
||||
|
||||
```
|
||||
6A 01 58 C3
|
||||
```
|
||||
|
||||
after
|
||||
|
||||
```
|
||||
__text:00000001007C9280 sub_1007C9280 proc near ; CODE XREF: sub_100175930+28F↑p
|
||||
__text:00000001007C9280 6A 01 push 1
|
||||
__text:00000001007C9282 58 pop rax
|
||||
__text:00000001007C9283 C3 retn
|
||||
__text:00000001007C9283 sub_1007C9280 endp
|
||||
```
|
||||
|
||||
### arm64
|
||||
|
||||
```
|
||||
__text:00000001007B3A14 FA 67 BB A9 STP X26, X25, [SP,#-0x10+var_40]!
|
||||
__text:00000001007B3A18 F8 5F 01 A9 STP X24, X23, [SP,#0x40+var_30]
|
||||
__text:00000001007B3A1C F6 57 02 A9 STP X22, X21, [SP,#0x40+var_20]
|
||||
__text:00000001007B3A20 F4 4F 03 A9 STP X20, X19, [SP,#0x40+var_10]
|
||||
__text:00000001007B3A24 FD 7B 04 A9 STP X29, X30, [SP,#0x40+var_s0]
|
||||
__text:00000001007B3A28 FD 03 01 91 ADD X29, SP, #0x40
|
||||
__text:00000001007B3A2C FF 43 11 D1 SUB SP, SP, #0x450
|
||||
__text:00000001007B3A30 F6 03 04 AA MOV X22, X4
|
||||
__text:00000001007B3A34 F7 03 03 AA MOV X23, X3
|
||||
__text:00000001007B3A38 F4 03 02 AA MOV X20, X2
|
||||
__text:00000001007B3A3C F5 03 01 AA MOV X21, X1
|
||||
__text:00000001007B3A40 F3 03 00 AA MOV X19, X0
|
||||
__text:00000001007B3A44 C8 0D 00 B0 ADRP X8, #___stack_chk_guard_ptr@PAGE
|
||||
__text:00000001007B3A48 08 6D 41 F9 LDR X8, [X8,#___stack_chk_guard_ptr@PAGEOFF]
|
||||
__text:00000001007B3A4C 08 01 40 F9 LDR X8, [X8]
|
||||
__text:00000001007B3A50 A8 83 1B F8 STUR X8, [X29,#var_48]
|
||||
__text:00000001007B3A54 48 13 00 D0 ADRP X8, #off_100A1DB18@PAGE ; "4C6364ACXT"
|
||||
__text:00000001007B3A58 08 8D 45 F9 LDR X8, [X8,#off_100A1DB18@PAGEOFF] ; "4C6364ACXT"
|
||||
__text:00000001007B3A5C E8 03 00 F9 STR X8, [SP,#0x490+var_490]
|
||||
__text:00000001007B3A60 C2 0C 00 90 42 18 34 91 ADRL X2, aAnchorAppleGen_0 ; "=anchor apple generic and certificate l"...
|
||||
__text:00000001007B3A68 E0 23 01 91 ADD X0, SP, #0x490+__str ; __str
|
||||
__text:00000001007B3A6C 01 80 80 52 MOV W1, #0x400 ; __size
|
||||
__text:00000001007B3A70 AA 76 00 94 BL _snprintf
|
||||
__text:00000001007B3A74 FF 1F 00 F9 STR XZR, [SP,#0x490+staticCode]
|
||||
__text:00000001007B3A78 C0 0C 00 90 00 D0 33 91 ADRL X0, aUsrBinCodesign ; "/usr/bin/codesign"
|
||||
__text:00000001007B3A80 21 00 80 52 MOV W1, #1 ; int
|
||||
__text:00000001007B3A84 93 73 00 94 BL _access
|
||||
__text:00000001007B3A88 E0 01 00 34 CBZ W0, loc_1007B3AC4
|
||||
__text:00000001007B3A8C
|
||||
```
|
||||
|
||||
opcode
|
||||
|
||||
```
|
||||
FA 67 BB A9 F8 5F 01 A9 F6 57 02 A9 F4 4F 03 A9
|
||||
FD 7B 04 A9 FD 03 01 91 FF 43 11 D1 F6 03 04 AA
|
||||
F7 03 03 AA F4 03 02 AA F5 03 01 AA F3 03 00 AA
|
||||
C8 0D 00 B0 08 6D 41 F9 08 01 40 F9 A8 83 1B F8
|
||||
```
|
||||
|
||||
patch
|
||||
|
||||
```
|
||||
20 00 80 D2 C0 03 5F D6
|
||||
```
|
||||
|
||||
after
|
||||
|
||||
```
|
||||
__text:00000001007B3A14 sub_1007B3A14 ; CODE XREF: sub_10018297C+2D4↑p
|
||||
__text:00000001007B3A14 20 00 80 D2 MOV X0, #1
|
||||
__text:00000001007B3A18 C0 03 5F D6 RET
|
||||
__text:00000001007B3A18 ; End of function sub_1007B3A14
|
||||
```
|
||||
|
||||
## 3. add write licenses.json
|
||||
|
||||
1. use step 2 code space (0x1007C9284) add shellcode write license data
|
||||
|
||||
### x86_64
|
||||
|
||||
opcode
|
||||
|
||||
```
|
||||
41 57 41 56 41 55 41 54 53 48 81 EC 38 04 00 00
|
||||
4C 89 85 B8 FB FF FF 48 89 8D B0 FB FF FF 48 89
|
||||
95 A8 FB FF FF 41 89 F4 48 89 FB 48 8B 05 7A 70
|
||||
1C 00 48 8B 00 48 89 45 D0 48 8B 0D B4 83 27 00
|
||||
48 8D 15 C4 2A 15 00 45 31 F6 48 8D BD D0 FB FF
|
||||
FF BE 00 04 00 00 31 C0 E8 73 CA 01 00 48 C7 85
|
||||
C0 FB FF FF 00 00 00 00 48 8D 3D 8A 2A 15 00 BE
|
||||
01 00 00 00 E8 3F C4 01 00 85 C0 74 29 48 8B 05
|
||||
28 70 1C 00 48 8B 00 48 3B 45 D0 0F 85 58 02 00
|
||||
00 44 89 F0 48 81 C4 38 04 00 00 5B 41 5C 41 5D
|
||||
41 5E 41 5F 5D C3 48 8B 05 4F 70 1C 00 48 8B 38
|
||||
48 8D 35 42 2A 15 00 BA 11 00 00 00 31 C9 E8 FD
|
||||
82 01 00 48 85 C0 74 B5 49 89 C7 48 89 C7 E8 BD
|
||||
82 01 00 49 89 C5 4C 89 FF E8 BC 81 01 00 4D 85
|
||||
ED 74 9A 48 8D 95 C0 FB FF FF 4C 89 EF 31 F6 E8
|
||||
A4 86 01 00 49 89 DF 89 C3 4C 89 EF E8 99 81 01
|
||||
00 85 DB 0F 85 74 FF FF FF 4C 8B
|
||||
```
|
||||
|
||||
patch
|
||||
|
||||
```
|
||||
55 48 89 E5 53 56 52 48 8D 3D 3F 00 00 00 48 8D
|
||||
35 65 00 00 00 E8 24 C6 01 00 49 89 C6 48 8D 3D
|
||||
58 00 00 00 BE 8E 00 00 00 BA 01 00 00 00 4C 89
|
||||
F1 E8 62 C6 01 00 4C 89 F7 E8 E8 C5 01 00 4C 89
|
||||
F7 E8 C2 C5 01 00 5A 5E E9 84 68 F9 FF 2F 4C 69
|
||||
62 72 61 72 79 2F 50 72 65 66 65 72 65 6E 63 65
|
||||
73 2F 50 61 72 61 6C 6C 65 6C 73 2F 6C 69 63 65
|
||||
6E 73 65 73 2E 6A 73 6F 6E 00 77 00 7B 22 6C 69
|
||||
63 65 6E 73 65 22 3A 22 7B 5C 22 70 72 6F 64 75
|
||||
63 74 5F 76 65 72 73 69 6F 6E 5C 22 3A 5C 22 31
|
||||
38 2E 2A 5C 22 2C 5C 22 65 64 69 74 69 6F 6E 5C
|
||||
22 3A 32 2C 5C 22 70 6C 61 74 66 6F 72 6D 5C 22
|
||||
3A 33 2C 5C 22 70 72 6F 64 75 63 74 5C 22 3A 37
|
||||
2C 5C 22 6F 66 66 6C 69 6E 65 5C 22 3A 74 72 75
|
||||
65 2C 5C 22 63 70 75 5F 6C 69 6D 69 74 5C 22 3A
|
||||
33 32 2C 5C 22 72 61 6D 5F 6C 69 6D 69 74 5C 22
|
||||
3A 31 33 31 30 37 32 7D 22 7D 00
|
||||
```
|
||||
|
||||
after
|
||||
|
||||
```
|
||||
__text:00000001007C9284 write_fake_lic proc near ; CODE XREF: __text:InitFunc_0↑j
|
||||
__text:00000001007C9284 ; __text:loc_10075FB50↑j
|
||||
__text:00000001007C9284 55 push rbp
|
||||
__text:00000001007C9285 48 89 E5 mov rbp, rsp
|
||||
__text:00000001007C9288 53 push rbx
|
||||
__text:00000001007C9289 56 push rsi
|
||||
__text:00000001007C928A 52 push rdx
|
||||
__text:00000001007C928B 48 8D 3D 3F 00 00 00 lea rdi, aLibraryPrefere_2 ; "/Library/Preferences/Parallels/licenses"...
|
||||
__text:00000001007C9292 48 8D 35 65 00 00 00 lea rsi, aW_1 ; "w"
|
||||
__text:00000001007C9299 E8 24 C6 01 00 call _fopen
|
||||
__text:00000001007C929E 49 89 C6 mov r14, rax
|
||||
__text:00000001007C92A1 48 8D 3D 58 00 00 00 lea rdi, aLicenseProduct_0 ; "{\"license\":\"{\\\"product_version\\\""...
|
||||
__text:00000001007C92A8 BE 8E 00 00 00 mov esi, 8Eh ; size_t
|
||||
__text:00000001007C92AD BA 01 00 00 00 mov edx, 1 ; size_t
|
||||
__text:00000001007C92B2 4C 89 F1 mov rcx, r14 ; FILE *
|
||||
__text:00000001007C92B5 E8 62 C6 01 00 call _fwrite
|
||||
__text:00000001007C92BA 4C 89 F7 mov rdi, r14 ; FILE *
|
||||
__text:00000001007C92BD E8 E8 C5 01 00 call _fflush
|
||||
__text:00000001007C92C2 4C 89 F7 mov rdi, r14 ; FILE *
|
||||
__text:00000001007C92C5 E8 C2 C5 01 00 call _fclose
|
||||
__text:00000001007C92CA 5A pop rdx
|
||||
__text:00000001007C92CB 5E pop rsi
|
||||
__text:00000001007C92CC E9 84 68 F9 FF jmp sub_10075FB55
|
||||
__text:00000001007C92CC write_fake_lic endp
|
||||
__text:00000001007C92CC
|
||||
__text:00000001007C92CC ; ---------------------------------------------------------------------------
|
||||
__text:00000001007C92D1 ; const char aLibraryPrefere_2[]
|
||||
__text:00000001007C92D1 2F 4C 69 62 72 61 72 79+aLibraryPrefere_2 db '/Library/Preferences/Parallels/licenses.json',0
|
||||
__text:00000001007C92D1 2F 50 72 65 66 65 72 65+ ; DATA XREF: write_fake_lic+7↑o
|
||||
__text:00000001007C92FE ; const char aW_1[]
|
||||
__text:00000001007C92FE 77 00 aW_1 db 'w',0 ; DATA XREF: write_fake_lic+E↑o
|
||||
__text:00000001007C9300 7B 22 6C 69 63 65 6E 73+aLicenseProduct_0 db '{"license":"{\"product_version\":\"18.*\",\"edition\":2,\"platfor'
|
||||
__text:00000001007C9300 65 22 3A 22 7B 5C 22 70+ ; CODE XREF: __text:00000001007C9487↓j
|
||||
__text:00000001007C9300 72 6F 64 75 63 74 5F 76+ ; __text:00000001007C9568↓j
|
||||
__text:00000001007C9300 65 72 73 69 6F 6E 5C 22+ ; DATA XREF: ...
|
||||
__text:00000001007C9300 3A 5C 22 31 38 2E 2A 5C+ db 'm\":3,\"product\":7,\"offline\":true,\"cpu_limit\":32,\"ram_limit'
|
||||
__text:00000001007C9300 22 2C 5C 22 65 64 69 74+ db '\":131072}"}',0
|
||||
```
|
||||
|
||||
### arm64
|
||||
|
||||
opcode
|
||||
|
||||
```
|
||||
```
|
||||
|
||||
patch
|
||||
|
||||
```
|
||||
```
|
||||
|
||||
after
|
||||
|
||||
```
|
||||
```
|
||||
|
||||
2. find string xref "licenses.json"
|
||||
|
||||
### x86_64
|
||||
|
||||
```
|
||||
__text:000000010075FB50 55 push rbp
|
||||
__text:000000010075FB51 48 89 E5 mov rbp, rsp
|
||||
__text:000000010075FB54 53 push rbx
|
||||
__text:000000010075FB55 48 83 EC 28 sub rsp, 28h
|
||||
__text:000000010075FB59 48 89 FB mov rbx, rdi
|
||||
__text:000000010075FB5C 48 8D 3D CD F9 10 00 lea rdi, a12 ; "%1/%2"
|
||||
__text:000000010075FB63 BE 05 00 00 00 mov esi, 5 ; char *
|
||||
__text:000000010075FB68 E8 09 3D 08 00 call __ZN7QString16fromAscii_helperEPKci ; QString::fromAscii_helper(char const*,int)
|
||||
__text:000000010075FB6D 48 89 45 E0 mov [rbp+var_20], rax
|
||||
__text:000000010075FB71 48 8D 7D E8 lea rdi, [rbp+var_18]
|
||||
__text:000000010075FB75 E8 26 F4 FF FF call sub_10075EFA0
|
||||
__text:000000010075FB7A 48 8D 7D D8 lea rdi, [rbp+var_28]
|
||||
__text:000000010075FB7E 48 8D 75 E0 lea rsi, [rbp+var_20]
|
||||
__text:000000010075FB82 48 8D 55 E8 lea rdx, [rbp+var_18]
|
||||
__text:000000010075FB86 31 C9 xor ecx, ecx
|
||||
__text:000000010075FB88 41 B8 20 00 00 00 mov r8d, 20h ; ' '
|
||||
__text:000000010075FB8E E8 5B 55 08 00 call __ZNK7QString3argERKS_i5QChar ; QString::arg(QString const&,int,QChar)
|
||||
__text:000000010075FB93 48 8D 3D 89 83 19 00 lea rdi, aLicensesJson ; "licenses.json"
|
||||
__text:000000010075FB9A BE 0D 00 00 00 mov esi, 0Dh ; char *
|
||||
__text:000000010075FB9F E8 D2 3C 08 00 call __ZN7QString16fromAscii_helperEPKci ; QString::fromAscii_helper(char const*,int)
|
||||
__text:000000010075FBA4 48 89 45 F0 mov [rbp+var_10], rax
|
||||
__text:000000010075FBA8 48 8D 75 D8 lea rsi, [rbp+var_28]
|
||||
__text:000000010075FBAC 48 8D 55 F0 lea rdx, [rbp+var_10]
|
||||
__text:000000010075FBB0 48 89 DF mov rdi, rbx
|
||||
__text:000000010075FBB3 31 C9 xor ecx, ecx
|
||||
__text:000000010075FBB5 41 B8 20 00 00 00 mov r8d, 20h ; ' '
|
||||
__text:000000010075FBBB E8 2E 55 08 00 call __ZNK7QString3argERKS_i5QChar ; QString::arg(QString const&,int,QChar)
|
||||
__text:000000010075FBC0 48 8B 7D F0 mov rdi, [rbp+var_10]
|
||||
__text:000000010075FBC4 8B 07 mov eax, [rdi]
|
||||
__text:000000010075FBC6 83 F8 FF cmp eax, 0FFFFFFFFh
|
||||
__text:000000010075FBC9 74 1D jz short loc_10075FBE8
|
||||
__text:000000010075FBCB 85 C0 test eax, eax
|
||||
__text:000000010075FBCD 74 0A jz short loc_10075FBD9
|
||||
__text:000000010075FBCF F0 83 2F 01 lock sub dword ptr [rdi], 1
|
||||
__text:000000010075FBD3 75 13 jnz short loc_10075FBE8
|
||||
__text:000000010075FBD5 48 8B 7D F0 mov rdi, [rbp+var_10]
|
||||
```
|
||||
|
||||
opcode
|
||||
|
||||
```
|
||||
55 48 89 E5 53 48 83 EC 28 48 89 FB 48 8D 3D CD
|
||||
F9 10 00 BE 05 00 00 00 E8 09 3D 08 00 48 89 45
|
||||
E0 48 8D 7D E8 E8 26 F4 FF FF 48 8D 7D D8 48 8D
|
||||
75 E0 48 8D 55 E8 31 C9 41 B8 20 00 00 00 E8 5B
|
||||
```
|
||||
|
||||
patch
|
||||
|
||||
```
|
||||
E9 2F 97 06 00
|
||||
```
|
||||
|
||||
after
|
||||
|
||||
```
|
||||
__text:000000010075FB50 E9 2F 97 06 00 jmp write_fake_lic
|
||||
```
|
||||
|
||||
### arm64
|
||||
|
||||
|
106
readme.md
Normal file
106
readme.md
Normal file
|
@ -0,0 +1,106 @@
|
|||
# Parallels Desktop *QUACK*
|
||||
|
||||
Crack for Parallels Desktop 18.0.1 破解版
|
||||
|
||||
##### ✅ - Support Intel
|
||||
|
||||
##### ✅ - Support Apple Silicon (M1 & M2)
|
||||
|
||||
##### ✅ - Network
|
||||
|
||||
##### ✅ - USB
|
||||
|
||||
###### 🎉EPIC🎉
|
||||
|
||||
# Usage
|
||||
|
||||
1. Install Parallels Desktop 18.0.1-53056.
|
||||
|
||||
[https://download.parallels.com/desktop/v18/18.0.2-53056/ParallelsDesktop-18.0.2-53056.dmg](https://download.parallels.com/desktop/v18/18.0.1-53056/ParallelsDesktop-18.0.1-53056.dmg)
|
||||
2. Exit parallels.
|
||||
|
||||
3. Download this repo file.
|
||||
|
||||
4. Extract and run Terminal in this directory.
|
||||
|
||||
5. `chmod +x ./install.sh && sudo ./install.sh`
|
||||
|
||||
|
||||
# Manual
|
||||
|
||||
1. Exit Parallels Desktop
|
||||
|
||||
```
|
||||
killall -9 prl_client_app
|
||||
killall -9 prl_disp_service
|
||||
```
|
||||
|
||||
2. Copy crack file
|
||||
|
||||
```
|
||||
sudo cp -f prl_disp_service "/Applications/Parallels Desktop.app/Contents/MacOS/Parallels Service.app/Contents/MacOS/prl_disp_service"
|
||||
sudo chown root:wheel "/Applications/Parallels Desktop.app/Contents/MacOS/Parallels Service.app/Contents/MacOS/prl_disp_service"
|
||||
sudo chmod 755 "/Applications/Parallels Desktop.app/Contents/MacOS/Parallels Service.app/Contents/MacOS/prl_disp_service"
|
||||
```
|
||||
|
||||
3. Copy licenses.json
|
||||
|
||||
```
|
||||
sudo rm -f "/Library/Preferences/Parallels/licenses.json"
|
||||
sudo cp licenses.json "/Library/Preferences/Parallels/licenses.json"
|
||||
sudo chown root:wheel "/Library/Preferences/Parallels/licenses.json"
|
||||
sudo chmod 444 "/Library/Preferences/Parallels/licenses.json"
|
||||
```
|
||||
|
||||
4. Sign
|
||||
|
||||
```
|
||||
sudo codesign -f -s - --timestamp=none --all-architectures --deep --entitlements ParallelsService.entitlements "/Applications/Parallels Desktop.app/Contents/MacOS/Parallels Service.app/Contents/MacOS/prl_disp_service"
|
||||
```
|
||||
|
||||
# Notice
|
||||
|
||||
Parallels Desktop may upload client info or logs to server.
|
||||
|
||||
You can use a firewall block there domains.
|
||||
|
||||
Or use Hosts, AdGuardHome filter DNS resolve.
|
||||
|
||||
## BLOCK:
|
||||
|
||||
```
|
||||
download.parallels.com
|
||||
update.parallels.com
|
||||
desktop.parallels.com
|
||||
download.parallels.com.cdn.cloudflare.net
|
||||
update.parallels.com.cdn.cloudflare.net
|
||||
desktop.parallels.com.cdn.cloudflare.net
|
||||
www.parallels.cn
|
||||
www.parallels.com
|
||||
reportus.parallels.com
|
||||
parallels.com
|
||||
parallels.cn
|
||||
pax-manager.myparallels.com
|
||||
myparallels.com
|
||||
my.parallels.com
|
||||
```
|
||||
|
||||
|
||||
## HOSTS
|
||||
|
||||
```
|
||||
0.0.0.0 download.parallels.com
|
||||
0.0.0.0 update.parallels.com
|
||||
0.0.0.0 desktop.parallels.com
|
||||
0.0.0.0 download.parallels.com.cdn.cloudflare.net
|
||||
0.0.0.0 update.parallels.com.cdn.cloudflare.net
|
||||
0.0.0.0 desktop.parallels.com.cdn.cloudflare.net
|
||||
0.0.0.0 www.parallels.cn
|
||||
0.0.0.0 www.parallels.com
|
||||
0.0.0.0 reportus.parallels.com
|
||||
0.0.0.0 parallels.com
|
||||
0.0.0.0 parallels.cn
|
||||
0.0.0.0 pax-manager.myparallels.com
|
||||
0.0.0.0 myparallels.com
|
||||
0.0.0.0 my.parallels.com
|
||||
```
|
Loading…
Reference in a new issue