EasySIMBL
EasySIMBL copied to clipboard
Issues with EasySIMBL and OS X 10.11 El Capitan
It appears that 10.11b1 is not affected by the issue described in #25.
However, one of my plugins which previously injected into the target app just fine, now has issues.
Plugin is injected into the app only if I do the following.
- Restart the system.
- Launch Gitbox.
- Launch EasySIMBL, and check “Use SIMBL” (it is disabled on every relaunch of the system).
If I initially turn on SIMBL before launching Gitbox, or quit Gitbox after the first injection and launch it again, the following message is logged into console (and the plugin is not injected).
09.06.15 18:06:32,626 Gitbox[1219]: Error loading /Users/Anton/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL: dlopen(/Users/Anton/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL, 262): no suitable image found. Did find:
/Users/Anton/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL: open() failed with errno=24
Any thoughts on what might be causing this?
I have not yet tested on OS X 10.11, but I think it will be checked by attaching debugger to Gitbox. On debugger's console, I did following:
(lldb) call (void*)dlopen("/Users/norio/Library/ScriptingAdditions/EasySIMBL.osax/Contents/MacOS/EasySIMBL",0)
(void *) $0 = 0x0000608000167980
and did resume the process. On OS X 10.10.4 (14E33b), I got Gitbox Tweaks 1.2 working on Gitbox 1.6.2 with above.
Maybe it will be possible for open()
or other APIs.
Tested SafariStrand on EasySIMBL with OS X 10.11 Build 15A178w. No dice.
Runtime protections
Injecting code into a process is equivalent to modifying the binary on disk Processes are marked restricted by the kernel
- Main executable is protected on disk
- (other stuff went by fast, watch the video)
https://forums.developer.apple.com/message/7363#7363
@catlan I’m not sure how rutime protection is related to my question, considering that the issue is only with one app, which loads plugins, but once, and only fails to do it again unless the system is restarted. Other plugins are injected into other apps without any issues.
Can confirm it continues to not work on beta 2 (15A204h)
@orbitly: 10.11 developer preview 2 has begun enforcing code injection restrictions. You will need to boot into recovery mode and disable System Integrity Protection for EasySIMBL to work.
@d235j can you confirm that System Integrity Protection protects all apps from code injection or does it just protect system apps?
Disabling SIP didn't fix things for me. (TotalFinder on the other hand did start working after disabling it)
@catlan @d235j I don't have the beta installed, but the WWDC slides say System Integrity Protection will "Prevent runtime attachment and code injection into system binaries." It wouldn't surprise me if injection still works with normal apps.
Maybe #25 will prevent EasySIMBL working if SIP is disabled on OS X 10.11.
Yup even with SIP off on 10.11 (15A204h) I'm not having success with anything loading.
@norio-nomura It looks like that's probably the problem.
I just installed a VM of OS X 10.11. To ensure that SIP was enabled, I tried to create a file in /System/
as root
and I received an operation not permitted
error. When I tried to inject code using my own method, it worked fine on some executables but not others.
$ ls
2015-06-28 22:34:10.827 ls[404:6219] TestInject Loaded
Desktop
Documents
Downloads
Library
Movies
Music
Pictures
Public
$ /Applications/TextEdit.app/Contents/MacOS/TextEdit
2015-06-28 22:36:14.378 TextEdit[405:6555] TestInject Loaded
I was able to inject code into Console, Terminal, TextEdit, ls, and a few others. However, I was not able to inject code into Finder, Safari, or Notes.
FYI about SIP http://blog.binaryage.com/el-capitan-update/
I confirmed that the original SIMBL-0.9.9 placed at /System/Library/ScriptingAdditions/
works on SIP enabled OS X 10.11 (15A284). (Disabling SIP is needed while installing SIMBL.)
Steps of installing SIMBL-0.9.9:
- Disable SIP: enter Recovery OS, run
csrutil disable
and reboot. - Run following on terminal for installing SIMBL-0.9.9 at
/System/Library/ScriptingAdditions/
sudo installer -verbose -pkg Downloads/SIMBL-0.9.9/SIMBL-0.9.9.pkg -target /
sudo rm -rf /System/Library/ScriptingAdditions/SIMBL.osax
sudo mv /Library/ScriptingAdditions/SIMBL.osax /System/Library/ScriptingAdditions/
sudo cp -p /System/Library/ScriptingAdditions/SIMBL.osax/Contents/Resources/SIMBL\ Agent.app/Contents/Resources/net.culater.SIMBL.Agent.plist /System/Library/LaunchAgents/
sudo sed -e "s/Library/System\/Library/" -i "" /System/Library/LaunchAgents/net.culater.SIMBL.Agent.plist
- Enable SIP: enter Recovery OS, run
csrutil enable
and reboot.
After above steps,
Plugins placed at /Library/Application Support/SIMBL/Plugins
will be loaded by SIMBL.
I confirmed that SafariStand 9.0.215 is injected into Safari 9.0 (11601.1.56) with above setup. SafariStand 9.0.215 is not tested on OS X 10.11 by author yet.
Notes:
- Original
SIMBL Agent.app
does not support injecting into process that launched beforeSIMBL Agent.app
. VerifySIMBL Agent.app
is running before launching target app. - If plugins does not work, check opened files of target app process using
Activity Monitor.app
. If plugin is listed in the opened files, plugin will need updating to support OS X 10.11. (Yes, SafariStand needed.) -
SIMBL.osax
does not require codesign. - plugins does not require codesign.
- plugins does not require owned by root.
-
/System/Library/LaunchAgents/net.culater.SIMBL.Agent.plist
requires owned by root.
Added following on 2015/07/02:
-
~/Library/Application Support/SIMBL/Plugins
also works for non-sandboxed apps.
Edited on 2015/07/05:
- Separate enabling SIP to 3. on "Steps of installing SIMBL-0.9.9"
Edited on 2015/09/05:
- Tested on OS X 10.11 Developer Beta 8 (15A279b). Configuring SIP has been changed to use csrutil(1).
- Add link to original SIMBL-0.9.9
- Confirmed SafariStand 8.0.214 works with Safari 9.0 (11601.1.56)
Edited on 2015/10/02:
- Tested on OS X 10.11 (15A284)
- Confirmed SafariStand 9.0.215 is injected into Safari 9.0 (11601.1.56) on OS X 10.11.
- SafariStand 9.0.215 is not tested on OS X 10.11 by author yet.
- Removed description about deprecated
sudo nvram boot-args="rootless=…"
method
I wrote a note about injection mechanism of EasySIMBL extended from SIMBL-0.9.9 https://gist.github.com/norio-nomura/f4346e9cb9db0a411779
@norio-nomura thanks for the instructions. I was able to compile and run stand with the setup above!
norio-nomura,
how does that demonstrate "SIMBL-0.9.9 working on SIP enabled OS X 10.11" if your very first step is "disabling SIP" and rebooting?
@Fofer
Because the last step is turning it back on... You only need to turn off SIP to install SIMBL.
Ah, gotcha, thanks.
I really hope we'll be able to keep using SafariStand in OS X 10.11.
I updated the comment.
For whatever it's worth, Apple has already stated that changing SIP via boot-args will not be supported in the release version of El Capitan.
@d235j That's fine, as long as it can still be toggled from the recovery partition.
@norio-nomura Have you ever encountered an issue where a plugin is injected when the app is launched from Xcode, but not when when launched from Finder? Using original SIMBL with your instructions.
@antons Enabling debug logging may help you.
defaults write net.culater.SIMBL SIMBLLogLevel -int 0
from https://code.google.com/p/simbl/wiki/Tutorial
@norio-nomura Thank you very much for continuing to check issues, even though you don’t use SIMBL yourself.
I’ll leave this for anyone who may encounter the same issue. Unfortunately the logs weren’t helpful.
From Finder.
13.07.15 14:41:59,445 SIMBL Agent[506]: Gitbox started
13.07.15 14:41:59,446 SIMBL Agent[506]: app start notification: {
NSApplicationBundleIdentifier = "com.oleganza.gitbox";
NSApplicationName = Gitbox;
NSApplicationPath = "/Applications/Gitbox.app";
NSApplicationProcessIdentifier = 72631;
NSApplicationProcessSerialNumberHigh = 0;
NSApplicationProcessSerialNumberLow = 6231537;
NSWorkspaceApplicationKey = <NSRunningApplication: 0x40013a820 (com.oleganza.gitbox - 72631)>;
}
13.07.15 14:41:59,446 SIMBL Agent[506]: checking bundle /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle
13.07.15 14:41:59,447 SIMBL Agent[506]: checking target identifier com.oleganza.gitbox
13.07.15 14:41:59,447 SIMBL Agent[506]: send inject event
13.07.15 14:41:59,448 SIMBL Agent[506]: warning: failed to get scripting definition from /Applications/Gitbox.app; it may not be scriptable.
13.07.15 14:41:59,702 SIMBL Agent[506]: eventDidFail:'tvea' error:Error Domain=NSOSStatusErrorDomain Code=-1708 "The operation couldn’t be completed. (OSStatus error -1708.)" (errAEEventNotHandled: the AppleEvent was not handled by any handler ) UserInfo=0x400182700 {ErrorNumber=-1708} userInfo:{
ErrorNumber = -1708;
}
From Xcode.
13.07.15 14:43:55,518 SIMBL Agent[506]: Gitbox started
13.07.15 14:43:55,519 SIMBL Agent[506]: app start notification: {
NSApplicationBundleIdentifier = "com.oleganza.gitbox";
NSApplicationName = Gitbox;
NSApplicationPath = "/Applications/Gitbox.app";
NSApplicationProcessIdentifier = 73651;
NSApplicationProcessSerialNumberHigh = 0;
NSApplicationProcessSerialNumberLow = 6247925;
NSWorkspaceApplicationKey = <NSRunningApplication: 0x4001cd400 (com.oleganza.gitbox - 73651)>;
}
13.07.15 14:43:55,519 SIMBL Agent[506]: checking bundle /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle
13.07.15 14:43:55,520 SIMBL Agent[506]: checking target identifier com.oleganza.gitbox
13.07.15 14:43:55,520 SIMBL Agent[506]: send inject event
13.07.15 14:43:55,521 SIMBL Agent[506]: warning: failed to get scripting definition from /Applications/Gitbox.app; it may not be scriptable.
13.07.15 14:43:55,974 Gitbox[73651]: Performance: Please update this scripting addition to supply a value for ThreadSafe for each event handler: "/System/Library/ScriptingAdditions/SIMBL.osax"
13.07.15 14:43:55,976 SIMBL Agent[506]: eventDidFail:'tvea' error:Error Domain=NSOSStatusErrorDomain Code=-1708 "The operation couldn’t be completed. (OSStatus error -1708.)" (errAEEventNotHandled: the AppleEvent was not handled by any handler ) UserInfo=0x400123900 {ErrorNumber=-1708} userInfo:{
ErrorNumber = -1708;
}
13.07.15 14:43:56,084 Gitbox[73651]: load SIMBL plugins
13.07.15 14:43:56,084 Gitbox[73651]: SIMBL loaded by path /Applications/Gitbox.app <com.oleganza.gitbox>
13.07.15 14:43:56,084 Gitbox[73651]: checking bundle /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle
13.07.15 14:43:56,193 Gitbox[73651]: loaded /Users/Anton/Library/Application Support/SIMBL/Plugins/Gitbox Tweaks SIMBL Plugin.bundle
@antons I got this error once when I tried to run SIMBL Agent app without running through the pkg installer; the simbl.pkg register the ScritptingAdditions under /Library, which is essential to make the injection work.
In my case, I had to run the installer once, then re-run the SIMBL Agent app.
@antons It seems SIMBL Agent.app
recognized launching of target application, but failed injecting SIMBL.osax
into target application. If you could inject by sending Apple Event manually, The issue may be caused by SIMBL Agent.app
.
EasySIMBL's timing of sending Apple Event is slightly different from original SIMBL. It caused from change of observing launching applications method for fixing injection issues while I found on creating my plugins.
I don't remember the detail of those issues, but it might had contained one of debugging issue.
~~My issue (Gitbox Tweaks not loading into Gitbox, while other plugins work) is gone after installing 10.11.0 beta 4.~~ Issue is still there, same as described in the original post. Plugins loads once, fails to load after that. Always loads when running from Xcode. So I just run it from Xcode, then detach it (process detach
) from Gitbox.
@norio-nomura Your steps helped me get SIMBL working again.
Thanks!
Disabling SIP to install SIMBL worked, but re-enabling SIP breaks it again… :\ (PB4 here)