SwiftcordApp
[Bug]: macOS 15.0 Beta "Malware Blocked and Moved to Trash"
Describe the Bug
Bug Description macOS 15 now seems to block anything it considers malware despite having disabled gatekeeper. This has resulted in Swiftcord now being completely unusable on 15 for me.
JUST TO BE CLEAR I HAVE DISABLED GATEKEEPER AND RIGHT CLICKED TO OPEN THE PROGRAM.
Actual Behaviour Unable to open program and macOS deems it to contain malware Expected Behavior program should have opened.
Reproducing the Bug
1... Download the program from releases 2... Run 3... Get error. ...
Version
0.7.1
Category
Message history
Relevant Log Output
No response
Screenshots
Additional Info
No response
I think you just have to wait a bit before it's fully supported on MacOS 15.0 ⬇️
😉
That's just for homebrew not the app itself I installed from github releases.
Also broken on 14.5 release, not only beta.
Already ripped com.apple.quarantine from the bundle and doesn't work, still getting SIGKILL.
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: Swiftcord [66420]
Path: /Applications/Swiftcord.app/Contents/MacOS/Swiftcord
Identifier: io.cryptoalgo.swiftcord
Version: 0.7.1 (18)
Code Type: ARM-64 (Native)
Parent Process: launchd [1]
User ID: 501
Date/Time: 2024-07-01 18:22:37.8659 -0300
OS Version: macOS 14.5 (23F79)
Report Version: 12
Anonymous UUID: F491DD77-5492-902F-A6D5-C93BB0C436A9
Sleep/Wake UUID: DA4F983E-D876-4EBC-9B87-639BA899BE67
Time Awake Since Boot: 150000 seconds
Time Since Wake: 8632 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Termination Reason: Namespace DYLD, Code 1 Library missing
Library not loaded: @rpath/Lottie.framework/Versions/A/Lottie
Referenced from: <611733EE-B23B-3D64-81EE-BE754964901D> /Applications/Swiftcord.app/Contents/MacOS/Swiftcord
Reason: tried: '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0), '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0)
(terminated at launch; ignore backtrace)
Thread 0 Crashed:
0 dyld 0x19fdc1a50 __abort_with_payload + 8
1 dyld 0x19fdcc628 abort_with_payload_wrapper_internal + 104
2 dyld 0x19fdcc65c abort_with_payload + 16
3 dyld 0x19fd5e6b0 dyld4::halt(char const*, dyld4::StructuredError const*) + 304
4 dyld 0x19fd5b258 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3888
5 dyld 0x19fd59edc start + 1844
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x0000000000000006 x1: 0x0000000000000001 x2: 0x000000016d4fe2a0 x3: 0x0000000000000073
x4: 0x000000016d4fdea0 x5: 0x0000000000000000 x6: 0x0000000000000000 x7: 0x0000000000000000
x8: 0x0000000000000020 x9: 0x000000016d4fde0b x10: 0x000000000000000a x11: 0x0000000000000000
x12: 0x0000000000000036 x13: 0x1000000000000000 x14: 0x0000000000000004 x15: 0x0000000000008000
x16: 0x0000000000000209 x17: 0x000000019fd5737c x18: 0x0000000000000000 x19: 0x0000000000000000
x20: 0x000000016d4fdea0 x21: 0x0000000000000073 x22: 0x000000016d4fe2a0 x23: 0x0000000000000001
x24: 0x0000000000000006 x25: 0x0000000000000001 x26: 0x000000016d4fec18 x27: 0x0000000000000101
x28: 0x000000016d4fecd8 fp: 0x000000016d4fde70 lr: 0x000000019fdcc628
sp: 0x000000016d4fde30 pc: 0x000000019fdc1a50 cpsr: 0x80001000
far: 0x0000000000000000 esr: 0x56000080 Address size fault
Binary Images:
0x102900000 - 0x102ebbfff io.cryptoalgo.swiftcord (0.7.1) <611733ee-b23b-3d64-81ee-be754964901d> /Applications/Swiftcord.app/Contents/MacOS/Swiftcord
0x19fd54000 - 0x19fddca17 dyld (*) <37bbc384-0755-31c7-a808-0ed49e44dd8e> /usr/lib/dyld
0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=548.8M resident=0K(0%) swapped_out_or_unallocated=548.8M(100%)
Writable regions: Total=12.5M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=12.5M(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
STACK GUARD 56.0M 1
Stack 8176K 1
VM_ALLOCATE 16K 1
__DATA 571K 3
__DATA_CONST 247K 2
__DATA_DIRTY 7K 1
__LINKEDIT 542.5M 2
__TEXT 6420K 2
dyld private memory 4384K 4
=========== ======= =======
TOTAL 617.9M 17
-----------
Full Report
-----------
{"app_name":"Swiftcord","timestamp":"2024-07-01 18:22:38.00 -0300","app_version":"0.7.1","slice_uuid":"611733ee-b23b-3d64-81ee-be754964901d","build_version":"18","platform":1,"bundleID":"io.cryptoalgo.swiftcord","share_with_app_devs":1,"is_first_party":0,"bug_type":"309","os_version":"macOS 14.5 (23F79)","roots_installed":0,"name":"Swiftcord","incident_id":"BAA9F5A6-19BC-4E9D-9561-81AD153E25F9"}
{
"uptime" : 150000,
"procRole" : "Background",
"version" : 2,
"userID" : 501,
"deployVersion" : 210,
"modelCode" : "Mac14,2",
"coalitionID" : 29061,
"osVersion" : {
"train" : "macOS 14.5",
"build" : "23F79",
"releaseType" : "User"
},
"captureTime" : "2024-07-01 18:22:37.8659 -0300",
"codeSigningMonitor" : 1,
"incident" : "BAA9F5A6-19BC-4E9D-9561-81AD153E25F9",
"pid" : 66420,
"translated" : false,
"cpuType" : "ARM-64",
"roots_installed" : 0,
"bug_type" : "309",
"procLaunch" : "2024-07-01 18:22:37.4287 -0300",
"procStartAbsTime" : 3647215326262,
"procExitAbsTime" : 3647225125556,
"procName" : "Swiftcord",
"procPath" : "\/Applications\/Swiftcord.app\/Contents\/MacOS\/Swiftcord",
"bundleInfo" : {"CFBundleShortVersionString":"0.7.1","CFBundleVersion":"18","CFBundleIdentifier":"io.cryptoalgo.swiftcord"},
"storeInfo" : {"deviceIdentifierForVendor":"A103D220-BEBD-52FB-A10C-3030903EFD30","thirdParty":true},
"parentProc" : "launchd",
"parentPid" : 1,
"coalitionName" : "io.cryptoalgo.swiftcord",
"crashReporterKey" : "F491DD77-5492-902F-A6D5-C93BB0C436A9",
"codeSigningID" : "io.cryptoalgo.swiftcord",
"codeSigningTeamID" : "Q382QLKDG3",
"codeSigningFlags" : 1644245781,
"codeSigningValidationCategory" : 3,
"codeSigningTrustLevel" : 4294967295,
"instructionByteStream" : {"beforePC":"1AAAABABAAAYAQAAIAEAACgBAAAwAQAAOAEAAFQBAAAwQYDSARAA1A==","atPC":"AwEAVH8jA9X9e7+p\/QMAkQpV\/pe\/AwCR\/XvBqP8PX9bAA1\/WEC2A0g=="},
"wakeTime" : 8632,
"sleepWakeUUID" : "DA4F983E-D876-4EBC-9B87-639BA899BE67",
"sip" : "enabled",
"exception" : {"codes":"0x0000000000000000, 0x0000000000000000","rawCodes":[0,0],"type":"EXC_CRASH","signal":"SIGABRT"},
"termination" : {"code":1,"flags":518,"namespace":"DYLD","indicator":"Library missing","details":["(terminated at launch; ignore backtrace)"],"reasons":["Library not loaded: @rpath\/Lottie.framework\/Versions\/A\/Lottie","Referenced from: <611733EE-B23B-3D64-81EE-BE754964901D> \/Applications\/Swiftcord.app\/Contents\/MacOS\/Swiftcord","Reason: tried: '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0), '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0)"]},
"extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
"faultingThread" : 0,
"threads" : [{"triggered":true,"id":4252641,"threadState":{"x":[{"value":6},{"value":1},{"value":6128919200},{"value":115},{"value":6128918176},{"value":0},{"value":0},{"value":0},{"value":32},{"value":6128918027},{"value":10},{"value":0},{"value":54},{"value":1152921504606846976},{"value":4},{"value":32768},{"value":521},{"value":6976533372,"symbolLocation":416,"symbol":"__simple_bprintf"},{"value":0},{"value":0},{"value":6128918176},{"value":115},{"value":6128919200},{"value":1},{"value":6},{"value":1},{"value":6128921624},{"value":257},{"value":6128921816}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6977013288},"cpsr":{"value":2147487744},"fp":{"value":6128918128},"sp":{"value":6128918064},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6976969296,"matchesCrashFrame":1},"far":{"value":0}},"frames":[{"imageOffset":449104,"symbol":"__abort_with_payload","symbolLocation":8,"imageIndex":1},{"imageOffset":493096,"symbol":"abort_with_payload_wrapper_internal","symbolLocation":104,"imageIndex":1},{"imageOffset":493148,"symbol":"abort_with_payload","symbolLocation":16,"imageIndex":1},{"imageOffset":42672,"symbol":"dyld4::halt(char const*, dyld4::StructuredError const*)","symbolLocation":304,"imageIndex":1},{"imageOffset":29272,"symbol":"dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*)","symbolLocation":3888,"imageIndex":1},{"imageOffset":24284,"symbol":"start","symbolLocation":1844,"imageIndex":1}]}],
"usedImages" : [
{
"source" : "P",
"arch" : "arm64",
"base" : 4337958912,
"CFBundleShortVersionString" : "0.7.1",
"CFBundleIdentifier" : "io.cryptoalgo.swiftcord",
"size" : 6012928,
"uuid" : "611733ee-b23b-3d64-81ee-be754964901d",
"path" : "\/Applications\/Swiftcord.app\/Contents\/MacOS\/Swiftcord",
"name" : "Swiftcord",
"CFBundleVersion" : "18"
},
{
"source" : "P",
"arch" : "arm64e",
"base" : 6976520192,
"size" : 559640,
"uuid" : "37bbc384-0755-31c7-a808-0ed49e44dd8e",
"path" : "\/usr\/lib\/dyld",
"name" : "dyld"
},
{
"size" : 0,
"source" : "A",
"base" : 0,
"uuid" : "00000000-0000-0000-0000-000000000000"
}
],
"sharedCache" : {
"base" : 6975766528,
"size" : 4220698624,
"uuid" : "3406ad1b-2469-30eb-9863-5dce861e6dea"
},
"vmSummary" : "ReadOnly portion of Libraries: Total=548.8M resident=0K(0%) swapped_out_or_unallocated=548.8M(100%)\nWritable regions: Total=12.5M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=12.5M(100%)\n\n VIRTUAL REGION \nREGION TYPE SIZE COUNT (non-coalesced) \n=========== ======= ======= \nSTACK GUARD 56.0M 1 \nStack 8176K 1 \nVM_ALLOCATE 16K 1 \n__DATA 571K 3 \n__DATA_CONST 247K 2 \n__DATA_DIRTY 7K 1 \n__LINKEDIT 542.5M 2 \n__TEXT 6420K 2 \ndyld private memory 4384K 4 \n=========== ======= ======= \nTOTAL 617.9M 17 \n",
"legacyInfo" : {
"threadTriggered" : {
}
},
"logWritingSignature" : "7e6adc62a84a57aef25378375f5d0bfd220978ce",
"trialInfo" : {
"rollouts" : [
{
"rolloutId" : "645197bf528fbf3c3af54105",
"factorPackIds" : {
"SIRI_VALUE_INFERENCE_PERVASIVE_ENTITY_RESOLUTION" : "663e65b4a1526e1ca0e288a1"
},
"deploymentId" : 240000002
},
{
"rolloutId" : "60da5e84ab0ca017dace9abf",
"factorPackIds" : {
},
"deploymentId" : 240000008
}
],
"experiments" : [
{
"treatmentId" : "3dff9c91-a8fb-424e-a656-c8d6e6037574",
"experimentId" : "662152ede2d11d1408c4db33",
"deploymentId" : 400000014
},
{
"treatmentId" : "c47ab4cc-c9c3-4b5d-a87c-e2433ce02597",
"experimentId" : "6639bc6ba73d460582162323",
"deploymentId" : 400000006
}
]
}
}
Model: Mac14,2, BootROM 10151.121.1, proc 8:4:4 processors, 16 GB, SMC
Graphics: Apple M2, Apple M2, Built-In
Display: G27Q, 5120 x 2880 (5K/UHD+ - Ultra High Definition Plus), Main, MirrorOff, Online
Memory Module: LPDDR5, Hynix
AirPort: spairport_wireless_card_type_wifi (0x14E4, 0x4387), wl0: Apr 4 2024 20:37:43 version 20.103.14.0.8.7.174 FWID 01-95f1e684
AirPort:
Bluetooth: Version (null), 0 services, 0 devices, 0 incoming serial ports
Network Service: USB 10/100/1000 LAN, Ethernet, en5
Network Service: Wi-Fi, AirPort, en0
USB Device: USB31Bus
USB Device: SOHO USB 3.2 Hub
USB Device: Baseus-C01 USB3.1(GEN2)
USB Device: SOHO USB 2.0 Hub
USB Device: USB2.1 Hub
USB Device: USB2.0 Hub
USB Device: HyperX Alloy FPS Pro Mechanical Gaming Keyboard
USB Device: KT USB Audio
USB Device: USB Billboard Device
USB Device: FIFINE K670 Microphone
USB Device: FiiO KA1
USB Device: USB Receiver
USB Device: USB-C SOHO Dock
USB Device: USB31Bus
Thunderbolt Bus: MacBook Air, Apple Inc.
Thunderbolt Bus: MacBook Air, Apple Inc.
my workaround:
codesign --force --deep --sign - /Applications/Swiftcord.app
Worked for me to get the App open but after signing using QR code and username + password it’s stuck on signing on and crashes or stalls after 10-12 seconds.
As of macOS 14.5 there is absolutely no method to let the following precompiled executable run on other computers without being signed:
https://github.com/SwiftcordApp/Swiftcord/releases/tag/v0.7.1
My conclusion is that this binary is hard-blacklisted by Apple.
I suggest those who want to use this app to compile from the source code. I have tried Xcode 15.3 and it works well.
I have tried Xcode 15.3 and it works well.
for me it just fails to login, even when compiling source code.
@justkorudev Same issue.
What I addressed above only deals with the GateKeeper issue.
my workaround:
codesign --force --deep --sign - /Applications/Swiftcord.app
Note: as of macOS 15.1 Beta (24B5046f), the error will then change to:
Apple could not verify “Swiftcord.app” is free of malware that may harm your Mac or compromise your privacy.
To workaround that, you need to open System Settings, head to Privacy & Security, scroll down, and confirm there (Swiftcord should be mentioned somewhere).
For me, logging in worked (I used the QR code from the iOS app).
Yeah so this appears to be an actual XProtect detection and not a code signing or blacklist issue. I suspect the currently available build and or repo may have been compromised.
Dev, you should probably scan your Mac. At some point you may have pulled in an infected repo, and the behavior with those infections is generally an attempt to infect other projects on the machine.
@darkhelmet1597 Hmm, I am quite certain that is not the case. I suspect that the app was flagged and added to the XProtect rules due to a high number of users bypassing the non-developer account signed warning when the ad-hoc cert used to sign that version expired. I've heard of others having this happen to their ad-hoc signed apps too.
I can confirm this because rebuilding the same copy of the codebase on the Mac used to build the bundle attached with the release yields a bundle that is not flagged by XProtect but is otherwise identical. This shouldn't be the case if my copy of the source is contaminated.
Additionally, due to Discord's breaking Gateway API changes, the majority of accounts will fail to log in/cause a crash on this version (even after bypassing the XProtect action which I do not recommend), as some of you might have already experienced. In view of my limited (open source) development time, I apologize that I cannot offer further support, for significant breaking changes like these, for older versions of Swiftcord.
However I am focusing my efforts on the next version of Swiftcord rewritten from the ground up to not only be more robust against API changes like these, and also be even more performant - take a look at #189 for more!
downloading the latest release, then before you try to open it
codesign --force --deep --sign - /Applications/Swiftcord.app
then
sudo xattr -d com.apple.quarantine /Applications/Swiftcord.app
and finally
i added Swiftcord to the Development Apps in Security Setting
this made the app work and login but it hung on login for me
[looks like an awesome project tho and 1/10th the size of the official app]
downloading the latest release, then before you try to open it
codesign --force --deep --sign - /Applications/Swiftcord.appsudo xattr -d com.apple.quarantine /Applications/Swiftcord.app
I did receive the following message running the first command /Applications/Swiftcord.app: replacing existing signature which makes sense since the app is not signed. Essentially Apple removes unsigned apps. Until the developer enrolls in the developer program, this will remain an issue.
