EasySIMBL icon indicating copy to clipboard operation
EasySIMBL copied to clipboard

Published 20 hours ago verified publisher icon norio-nomura

Issues with EasySIMBL and OS X 10.11 El Capitan

Open antons opened this issue 9 years ago • 79 comments

It appears that 10.11b1 is not affected by the issue described in #25.

However, one of my plugins which previously injected into the target app just fine, now has issues.

Plugin is injected into the app only if I do the following.

  1. Restart the system.
  2. Launch Gitbox.
  3. Launch EasySIMBL, and check “Use SIMBL” (it is disabled on every relaunch of the system).

If I initially turn on SIMBL before launching Gitbox, or quit Gitbox after the first injection and launch it again, the following message is logged into console (and the plugin is not injected).

09.06.15 18:06:32,626 Gitbox[1219]: Error loading /Users/Anton/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL:  dlopen(/Users/Anton/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL, 262): no suitable image found.  Did find:
    /Users/Anton/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL: open() failed with errno=24

Any thoughts on what might be causing this?

antons avatar Jun 09 '15 15:06 antons

I have not yet tested on OS X 10.11, but I think it will be checked by attaching debugger to Gitbox. On debugger's console, I did following:

(lldb) call (void*)dlopen("/Users/norio/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL",0)
(void *) $0 = 0x0000608000167980

and did resume the process. On OS X 10.10.4 (14E33b), I got Gitbox Tweaks 1.2 working on Gitbox 1.6.2 with above.

Maybe it will be possible for open() or other APIs.

norio-nomura avatar Jun 11 '15 00:06 norio-nomura

Tested SafariStrand on EasySIMBL with OS X 10.11 Build 15A178w. No dice.

jensfrancis avatar Jun 11 '15 05:06 jensfrancis

Runtime protections

Injecting code into a process is equivalent to modifying the binary on disk Processes are marked restricted by the kernel

  • Main executable is protected on disk
  • (other stuff went by fast, watch the video)

https://forums.developer.apple.com/message/7363#7363

catlan avatar Jun 17 '15 22:06 catlan

@catlan I’m not sure how rutime protection is related to my question, considering that the issue is only with one app, which loads plugins, but once, and only fails to do it again unless the system is restarted. Other plugins are injected into other apps without any issues.

antons avatar Jun 18 '15 04:06 antons

Can confirm it continues to not work on beta 2 (15A204h)

orbitly avatar Jun 23 '15 20:06 orbitly

@orbitly: 10.11 developer preview 2 has begun enforcing code injection restrictions. You will need to boot into recovery mode and disable System Integrity Protection for EasySIMBL to work.

d235j avatar Jun 28 '15 18:06 d235j

@d235j can you confirm that System Integrity Protection protects all apps from code injection or does it just protect system apps?

catlan avatar Jun 28 '15 20:06 catlan

Disabling SIP didn't fix things for me. (TotalFinder on the other hand did start working after disabling it)

fjolnir avatar Jun 28 '15 23:06 fjolnir

@catlan @d235j I don't have the beta installed, but the WWDC slides say System Integrity Protection will "Prevent runtime attachment and code injection into system binaries." It wouldn't surprise me if injection still works with normal apps.

rpendleton avatar Jun 28 '15 23:06 rpendleton

Maybe #25 will prevent EasySIMBL working if SIP is disabled on OS X 10.11.

norio-nomura avatar Jun 29 '15 01:06 norio-nomura

Yup even with SIP off on 10.11 (15A204h) I'm not having success with anything loading.

w0lfschild avatar Jun 29 '15 02:06 w0lfschild

@norio-nomura It looks like that's probably the problem.

I just installed a VM of OS X 10.11. To ensure that SIP was enabled, I tried to create a file in /System/ as root and I received an operation not permitted error. When I tried to inject code using my own method, it worked fine on some executables but not others.

$ ls
2015-06-28 22:34:10.827 ls[404:6219] TestInject Loaded
Desktop
Documents
Downloads
Library
Movies
Music
Pictures
Public

$ /Applications/TextEdit.app/Contents/MacOS/TextEdit
2015-06-28 22:36:14.378 TextEdit[405:6555] TestInject Loaded

I was able to inject code into Console, Terminal, TextEdit, ls, and a few others. However, I was not able to inject code into Finder, Safari, or Notes.

rpendleton avatar Jun 29 '15 04:06 rpendleton

FYI about SIP http://blog.binaryage.com/el-capitan-update/

norio-nomura avatar Jun 29 '15 04:06 norio-nomura

I confirmed that the original SIMBL-0.9.9 placed at /System/Library/ScriptingAdditions/ works on SIP enabled OS X 10.11 (15A284). (Disabling SIP is needed while installing SIMBL.)

Steps of installing SIMBL-0.9.9:

  1. Disable SIP: enter Recovery OS, run csrutil disable and reboot.
  2. Run following on terminal for installing SIMBL-0.9.9 at /System/Library/ScriptingAdditions/ 
sudo installer -verbose -pkg Downloads/SIMBL-0.9.9/SIMBL-0.9.9.pkg -target /
sudo rm -rf /System/Library/ScriptingAdditions/SIMBL.osax
sudo mv /Library/ScriptingAdditions/SIMBL.osax /System/Library/ScriptingAdditions/
sudo cp -p /System/Library/ScriptingAdditions/SIMBL.osax/Contents/Resources/SIMBL\ Agent.app/Contents/Resources/net.culater.SIMBL.Agent.plist /System/Library/LaunchAgents/
sudo sed -e "s/Library/System\/Library/" -i "" /System/Library/LaunchAgents/net.culater.SIMBL.Agent.plist
  1. Enable SIP: enter Recovery OS, run csrutil enable and reboot.

After above steps, Plugins placed at /Library/Application Support/SIMBL/Plugins will be loaded by SIMBL.

I confirmed that SafariStand 9.0.215 is injected into Safari 9.0 (11601.1.56) with above setup. SafariStand 9.0.215 is not tested on OS X 10.11 by author yet.

Notes:

  • Original SIMBL Agent.app does not support injecting into process that launched before SIMBL Agent.app. Verify SIMBL Agent.app is running before launching target app.
  • If plugins does not work, check opened files of target app process using Activity Monitor.app. If plugin is listed in the opened files, plugin will need updating to support OS X 10.11. (Yes, SafariStand needed.)
  • SIMBL.osax does not require codesign.
  • plugins does not require codesign.
  • plugins does not require owned by root.
  • /System/Library/LaunchAgents/net.culater.SIMBL.Agent.plist requires owned by root.

Added following on 2015/07/02:

  • ~/Library/Application Support/SIMBL/Plugins also works for non-sandboxed apps.

Edited on 2015/07/05:

  • Separate enabling SIP to 3. on "Steps of installing SIMBL-0.9.9"

Edited on 2015/09/05:

  • Tested on OS X 10.11 Developer Beta 8 (15A279b). Configuring SIP has been changed to use csrutil(1).
  • Add link to original SIMBL-0.9.9
  • Confirmed SafariStand 8.0.214 works with Safari 9.0 (11601.1.56)

Edited on 2015/10/02:

  • Tested on OS X 10.11 (15A284)
  • Confirmed SafariStand 9.0.215 is injected into Safari 9.0 (11601.1.56) on OS X 10.11.
  • SafariStand 9.0.215 is not tested on OS X 10.11 by author yet.
  • Removed description about deprecated sudo nvram boot-args="rootless=…" method

norio-nomura avatar Jun 30 '15 07:06 norio-nomura

I wrote a note about injection mechanism of EasySIMBL extended from SIMBL-0.9.9 https://gist.github.com/norio-nomura/f4346e9cb9db0a411779

norio-nomura avatar Jul 01 '15 07:07 norio-nomura

@norio-nomura thanks for the instructions. I was able to compile and run stand with the setup above!

dvcrn avatar Jul 01 '15 14:07 dvcrn

norio-nomura,

how does that demonstrate "SIMBL-0.9.9 working on SIP enabled OS X 10.11" if your very first step is "disabling SIP" and rebooting?

Fofer avatar Jul 04 '15 15:07 Fofer

@Fofer

Because the last step is turning it back on... You only need to turn off SIP to install SIMBL.

w0lfschild avatar Jul 04 '15 15:07 w0lfschild

Ah, gotcha, thanks.

I really hope we'll be able to keep using SafariStand in OS X 10.11.

Fofer avatar Jul 04 '15 16:07 Fofer

I updated the comment.

norio-nomura avatar Jul 04 '15 23:07 norio-nomura

For whatever it's worth, Apple has already stated that changing SIP via boot-args will not be supported in the release version of El Capitan.

d235j avatar Jul 05 '15 01:07 d235j

@d235j That's fine, as long as it can still be toggled from the recovery partition.

rpendleton avatar Jul 06 '15 23:07 rpendleton

@norio-nomura Have you ever encountered an issue where a plugin is injected when the app is launched from Xcode, but not when when launched from Finder? Using original SIMBL with your instructions.

antons avatar Jul 12 '15 07:07 antons

@antons Enabling debug logging may help you.

defaults write net.culater.SIMBL SIMBLLogLevel -int 0

from https://code.google.com/p/simbl/wiki/Tutorial

norio-nomura avatar Jul 12 '15 08:07 norio-nomura

@norio-nomura Thank you very much for continuing to check issues, even though you don’t use SIMBL yourself.

I’ll leave this for anyone who may encounter the same issue. Unfortunately the logs weren’t helpful.

From Finder.

13.07.15 14:41:59,445 SIMBL Agent[506]: Gitbox started
13.07.15 14:41:59,446 SIMBL Agent[506]: app start notification: {
    NSApplicationBundleIdentifier = "com.oleganza.gitbox";
    NSApplicationName = Gitbox;
    NSApplicationPath = "/Applications/Gitbox.app";
    NSApplicationProcessIdentifier = 72631;
    NSApplicationProcessSerialNumberHigh = 0;
    NSApplicationProcessSerialNumberLow = 6231537;
    NSWorkspaceApplicationKey = <NSRunningApplication: 0x40013a820 (com.oleganza.gitbox - 72631)>;
}
13.07.15 14:41:59,446 SIMBL Agent[506]: checking bundle /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle
13.07.15 14:41:59,447 SIMBL Agent[506]: checking target identifier com.oleganza.gitbox
13.07.15 14:41:59,447 SIMBL Agent[506]: send inject event
13.07.15 14:41:59,448 SIMBL Agent[506]: warning: failed to get scripting definition from /Applications/Gitbox.app; it may not be scriptable.
13.07.15 14:41:59,702 SIMBL Agent[506]: eventDidFail:'tvea' error:Error Domain=NSOSStatusErrorDomain Code=-1708 "The operation couldn’t be completed. (OSStatus error -1708.)" (errAEEventNotHandled: the AppleEvent was not handled by any handler ) UserInfo=0x400182700 {ErrorNumber=-1708} userInfo:{
    ErrorNumber = -1708;
}

From Xcode.

13.07.15 14:43:55,518 SIMBL Agent[506]: Gitbox started
13.07.15 14:43:55,519 SIMBL Agent[506]: app start notification: {
    NSApplicationBundleIdentifier = "com.oleganza.gitbox";
    NSApplicationName = Gitbox;
    NSApplicationPath = "/Applications/Gitbox.app";
    NSApplicationProcessIdentifier = 73651;
    NSApplicationProcessSerialNumberHigh = 0;
    NSApplicationProcessSerialNumberLow = 6247925;
    NSWorkspaceApplicationKey = <NSRunningApplication: 0x4001cd400 (com.oleganza.gitbox - 73651)>;
}
13.07.15 14:43:55,519 SIMBL Agent[506]: checking bundle /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle
13.07.15 14:43:55,520 SIMBL Agent[506]: checking target identifier com.oleganza.gitbox
13.07.15 14:43:55,520 SIMBL Agent[506]: send inject event
13.07.15 14:43:55,521 SIMBL Agent[506]: warning: failed to get scripting definition from /Applications/Gitbox.app; it may not be scriptable.
13.07.15 14:43:55,974 Gitbox[73651]: Performance: Please update this scripting addition to supply a value for ThreadSafe for each event handler: "/System/Library/ScriptingAdditions/SIMBL.osax"
13.07.15 14:43:55,976 SIMBL Agent[506]: eventDidFail:'tvea' error:Error Domain=NSOSStatusErrorDomain Code=-1708 "The operation couldn’t be completed. (OSStatus error -1708.)" (errAEEventNotHandled: the AppleEvent was not handled by any handler ) UserInfo=0x400123900 {ErrorNumber=-1708} userInfo:{
    ErrorNumber = -1708;
}
13.07.15 14:43:56,084 Gitbox[73651]: load SIMBL plugins
13.07.15 14:43:56,084 Gitbox[73651]: SIMBL loaded by path /Applications/Gitbox.app <com.oleganza.gitbox>
13.07.15 14:43:56,084 Gitbox[73651]: checking bundle /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle
13.07.15 14:43:56,193 Gitbox[73651]: loaded /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle

antons avatar Jul 13 '15 11:07 antons

@antons I got this error once when I tried to run SIMBL Agent app without running through the pkg installer; the simbl.pkg register the ScritptingAdditions under /Library, which is essential to make the injection work.

In my case, I had to run the installer once, then re-run the SIMBL Agent app.

alisookasa avatar Jul 13 '15 18:07 alisookasa

@antons It seems SIMBL Agent.app recognized launching of target application, but failed injecting SIMBL.osax into target application. If you could inject by sending Apple Event manually, The issue may be caused by SIMBL Agent.app. EasySIMBL's timing of sending Apple Event is slightly different from original SIMBL. It caused from change of observing launching applications method for fixing injection issues while I found on creating my plugins. I don't remember the detail of those issues, but it might had contained one of debugging issue.

norio-nomura avatar Jul 14 '15 00:07 norio-nomura

~~My issue (Gitbox Tweaks not loading into Gitbox, while other plugins work) is gone after installing 10.11.0 beta 4.~~ Issue is still there, same as described in the original post. Plugins loads once, fails to load after that. Always loads when running from Xcode. So I just run it from Xcode, then detach it (process detach) from Gitbox.

antons avatar Jul 22 '15 04:07 antons

@norio-nomura Your steps helped me get SIMBL working again.

Thanks!

codebykenny avatar Aug 10 '15 20:08 codebykenny

Disabling SIP to install SIMBL worked, but re-enabling SIP breaks it again… :\ (PB4 here)

levifig avatar Aug 11 '15 00:08 levifig