codecolorist
I put amfi_get_out_of_my_way=1 to nvram to run vphone-cli. Then vscode extensions stopped working, with vsce-sign command complaining "Failed to create CoreCLR". Looks like this vsce-sign is written in .NET and JIT has some issues when AMFI is off. Workaround: turn off extensions.verifySignature
Mar 10 at 11:32pmWeb
Show threadcodecoloristMar 11

No, the correct way is just don't use amfi_get_out_of_my_way, but frida

$ sudo frida amfid -l hook.ts

import ObjC from "frida-objc-bridge";

Interceptor.attach(
ObjC.classes.AMFIPathValidator_macos["- validateWithError:"].implementation,
{
onEnter(args) {
const self = new ObjC.Object(args[0]);
const url = self.codePath();
const name = url.path().lastPathComponent().toString();
console.log(`-[AMFIPathValidator_macos validateWithError:${args[2]}]`);
// console.log(self.cdhashAsData());
// console.log(self.teamIdentifier());
// console.log(self.infoPlist());
if (name === "vphone-cli.app") this.bypass = true;
},
onLeave(retval) {
if (this.bypass) retval.replace(ptr(1));
},
},
);

Show threadkarzanMar 12
🫡🫡🫡
Show threadJJTechMar 12

@codecolorist I've always found Frida to be a bit finicky, but this Python script using lldb's Python bindings to automate it and it works pretty reliably for me.

https://gist.github.com/zhaofengli/1df11ae3f0dd4e2c872a12ef849f7371

Selectively bypass entitlement validation by debugging amfid

Selectively bypass entitlement validation by debugging amfid - README.md

Gist
Show threadcodecoloristMar 12
@jjtech 🫣this Frida script is 1 to 1 copy from it