Month: March 2016

by

New version of AppleIntelInfo.kext with Skylake support

Two days ago I blogged about OS X 10.11.4 Build 15E65 and Skylake graphics support and the problem I was having with the output of the Intel® Power Gadget (see below)
IGPUFreqError
Note: The 3.3GHz should have been 1.1GHz.

A day later Patrick Konsor (Intel® rep) added a comment about a new version of the Intel® Power Gadget:

Just a note about Intel® Power Gadget, that version had an issue that reported GPU frequency 3x of the actual value (which was due to a change in the frequency multiplier). So 3.3 GHz really means 1.1 GHz. You can get the updated version with proper support for Skylake here

Thank you Patrick. And I have good news, because I can confirm that the latest version of the Intel® Power Gadget works with my Skylake processor (Intel® i7-6700) and his comment also made me aware of a problem in AppleIntelInfo.kext. Thanks for that. Already fixed and thus the new source code is now available for download.

Oh and previously I had this as output (example):

iGPU P-States [ 2 5 (6) 21 24 27 30 ]

And now this:

iGPU P-States [ 2 7 8 9 10 12 13 14 16 17 20 22 (23) ]

The output is backwards compatible with previous Intel® processors. Meaning that you should read the output as: 23 * 50 MHz = 1150MHz (for example). Which happens to represent the maximum frequency of the IGPU in my Intel i7-6700, so this output is now correct. I still wonder, though, why I see values below 350MHz (7 * 50).

Update: The source code of AppleIntelInfo.kext (version 1.5) is now available for download. This update will properly select Skylake processors, but we appear to have some issue with regards to the graphics configuration register output (they are all 0xffffffff) and that is not good. This may be due to SIP settings/changes, or we may have some error in the MMIO read function. Please test this for me, and if you can help me to fix this, then that would be great (swamped with other work already). Thanks!

Edit: It appears that the output is fine on Haswell based setups with El Capitan so this is something that came with the introduction of Skylake processors. The IOBAR is also enabled so that is not the problem.

Advertisement
by

OS X 10.11.4 Build 15E65 and Skylake graphics support

OS X 10.11.4 (El Capitan) comes with new graphics drivers (kexts) for Skylake based hardware, and AppleIntelSKLGraphicsFramebuffer.kext includes the following hardware device-ids for supported Intel® processors. Have a look at the output of my yet to be released script – still a work in process – that most of you will know as AppleIntelFramebufferAzul.sh

AppleIntelGraphicsFramebuffer.sh v3.2 Copyright (c) 2012-2016 by Pike R. Alpha
------------------------------------------------------------------------
The supported platformIDs are:

[ 1] 0x191e0000 - Intel® HD Graphics 515..........(ULX GT2)
[ 2] 0x19160000 - Intel® HD Graphics 520..........(ULT GT2)
[ 3] 0x19260000 - Intel® Iris™ Graphics 550.......(ULT GT3)
[ 4] 0x191b0000 - Intel® HD Graphics 530..........(Halo GT2)
[ 5] 0x193b0000 - Intel® Iris™ Pro Graphics 580...(Halo GT4)
[ 6] 0x19120000 - Intel® HD Graphics 530..........(Desktop GT2)
[ 7] 0x19020001 - Intel® HD Graphics 510..........(Desktop GT1)
[ 8] 0x19170001 - Skylake Desktop.................(GT1.5)
[ 9] 0x19120001 - Intel® HD Graphics 530..........(Desktop GT2)
[10] 0x19320001 - Skylake Desktop.................(GT4)
[11] 0x19160002 - Intel® HD Graphics 520..........(ULT GT2)
[12] 0x19260002 - Intel® Iris™ Graphics 540.......(ULT GT3)
[13] 0x191e0003 - Intel® HD Graphics 515..........(ULX GT2)
[14] 0x19260004 - Intel® Iris™ Graphics 540.......(ULT GT3)
[15] 0x193b0005 - Intel® Iris™ Pro Graphics 580...(Halo GT4)
[16] 0x193b0006 - Intel® Iris™ Pro Graphics 580...(Halo GT4)

Note that the device-ids with a strikethrough are still inactive and thus cannot be used without first modifying them. Now let’s look at the data:

    0x191e0000) FACTORY_PLATFORM_INFO="0:
                0000 1e19 0000 0000 6649 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 5001
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 8701 0000
                0204 0a00 0004 0000 8701 0000 ff00 0000
                0100 0000 2000 0000 0f05 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 f0f8 0500 0000 0000
                50f9 0500 0000 0000 a0f9 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19160000) FACTORY_PLATFORM_INFO="0:
                0000 1619 0000 0000 6649 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 5001
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 8701 0000
                0204 0a00 0004 0000 8701 0000 ff00 0000
                0100 0000 2000 0000 0f09 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 f0f9 0500 0000 0000
                50fa 0500 0000 0000 a0fa 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19260000) FACTORY_PLATFORM_INFO="0:
                0000 2619 0000 0000 6649 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 5001
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 8701 0000
                0204 0a00 0004 0000 8701 0000 ff00 0000
                0100 0000 2000 0000 0f09 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 f0f9 0500 0000 0000
                50fa 0500 0000 0000 a0fa 0500 0000 0000
                0200 0000 0800 0000    
                ;;

    0x191b0000) FACTORY_PLATFORM_INFO="0:
                0000 1b19 0000 0000 6649 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 5001
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 8701 0000
                0204 0a00 0004 0000 8701 0000 ff00 0000
                0100 0000 2000 0000 0f11 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 f0f9 0500 0000 0000
                f0fa 0500 0000 0000 40fb 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x193b0000) FACTORY_PLATFORM_INFO="0:
                0000 3b19 0000 0000 6649 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 5001
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0204 0a00 0008 0000 8701 0000
                0306 0a00 0004 0000 8701 0000 ff00 0000
                0100 0000 2000 0000 8711 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 f0f9 0500 0000 0000
                f0fa 0500 0000 0000 40fb 0500 0000 0000
                0200 0000 0800 0000    
                ;;

    0x19120000) FACTORY_PLATFORM_INFO="0:
                0000 1219 0000 0000 6649 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 5001
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 ff00 0000 0100 0000
                2000 0000 0105 0900 0004 0000 8701 0000
                0204 0a00 0004 0000 8701 0000 0306 0a00
                0004 0000 8701 0000 0f11 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 f0f9 0500 0000 0000
                40fb 0500 0000 0000 40fb 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19020001) FACTORY_PLATFORM_INFO="0:
                0100 0219 0000 0000 8049 0500 0000 0000
                0000 0000 0000 0004 0000 0000 0000 0000
                0000 0060 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 ff00 0000 0100 0000
                2000 0000 ff00 0000 0100 0000 2000 0000
                ff00 0000 0100 0000 2000 0000 ff00 0000
                0100 0000 2000 0000 0008 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                f0fb 0500 0000 0000 f0fb 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19170001) FACTORY_PLATFORM_INFO="0:
                0100 1719 0000 0000 8049 0500 0000 0000
                0000 0000 0000 0004 0000 0000 0000 0000
                0000 0060 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 ff00 0000 0100 0000
                2000 0000 ff00 0000 0100 0000 2000 0000
                ff00 0000 0100 0000 2000 0000 ff00 0000
                0100 0000 2000 0000 0008 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                f0fb 0500 0000 0000 f0fb 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19120001) FACTORY_PLATFORM_INFO="0:
                0100 1219 0000 0000 8049 0500 0000 0000
                0000 0000 0000 0004 0000 0000 0000 0000
                0000 0060 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 ff00 0000 0100 0000
                2000 0000 ff00 0000 0100 0000 2000 0000
                ff00 0000 0100 0000 2000 0000 ff00 0000
                0100 0000 2000 0000 0008 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                f0fb 0500 0000 0000 f0fb 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19320001) FACTORY_PLATFORM_INFO="0:
                0100 3219 0000 0000 8049 0500 0000 0000
                0000 0000 0000 0004 0000 0000 0000 0000
                0000 0060 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 ff00 0000 0100 0000
                2000 0000 ff00 0000 0100 0000 2000 0000
                ff00 0000 0100 0000 2000 0000 ff00 0000
                0100 0000 2000 0000 0008 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                f0fb 0500 0000 0000 f0fb 0500 0000 0000
                0300 0000 0800 0000    
                ;;

    0x19160002) FACTORY_PLATFORM_INFO="0:
                0200 1619 0000 0000 8049 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 0000
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 8701 0000
                0204 0a00 0004 0000 8701 0000 ff00 0000
                0100 0000 2000 0000 0a0b 0000 0000 0000
                0300 0000 0400 0000 80df 1710 0000 0000
                7805 0000 d205 0000 4006 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                a0fa 0500 0000 0000 a0fa 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19260002) FACTORY_PLATFORM_INFO="0:
                0200 2619 0000 0000 8049 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 0000
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 8701 0000
                0204 0a00 0004 0000 8701 0000 ff00 0000
                0100 0000 2000 0000 0a0b 0000 0000 0000
                0300 0000 0400 0000 80df 1710 0000 0000
                7805 0000 d205 0000 4006 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                a0fa 0500 0000 0000 a0fa 0500 0000 0000
                0200 0000 0800 0000    
                ;;

    0x191e0003) FACTORY_PLATFORM_INFO="0:
                0300 1e19 0000 0000 9649 0500 0000 0000
                0102 0202 0000 0004 0000 2002 0000 5001
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 8101 0000
                ff00 0000 0100 0000 2000 0000 ff00 0000
                0100 0000 2000 0000 0604 0000 0000 0000
                0200 0000 0400 0000 00ef 1c0d 0000 0000
                7805 0000 d205 0000 4006 0000 0000 0000
                0000 0000 c800 0000 f0f8 0500 0000 0000
                a0f9 0500 0000 0000 40fc 0500 0000 0000
                0100 0000 0800 0000    
                ;;

    0x19260004) FACTORY_PLATFORM_INFO="0:
                0400 2619 0000 0000 8049 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 0000
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 c701 0000
                0204 0a00 0004 0000 c701 0000 ff00 0000
                0100 0000 2000 0000 0a0b 0000 0505 0600
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                f0fb 0500 0000 0000 f0fb 0500 0000 0000
                0200 0000 0800 0000    
                ;;

    0x193b0005) FACTORY_PLATFORM_INFO="0:
                0500 3b19 0000 0000 8049 0500 0000 0000
                0103 0303 0000 0004 0000 2002 0000 0000
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 0105 0900 0004 0000 c701 0000
                0204 0a00 0004 0000 c701 0000 ff00 0000
                0100 0000 2000 0000 0a13 0000 0005 0600
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                f0fb 0500 0000 0000 f0fb 0500 0000 0000
                0300 0000 0800 0000    
                ;;

    0x193b0006) FACTORY_PLATFORM_INFO="0:
                0600 3b19 0000 0000 8049 0500 0000 0000
                0101 0101 0000 0004 0000 2002 0000 0000
                0000 0060 6c05 0000 6c05 0000 0000 0000
                0000 0000 0000 0000 0000 0800 0200 0000
                9800 0000 ff00 0000 0100 0000 2000 0000
                ff00 0000 0100 0000 2000 0000 ff00 0000
                0100 0000 2000 0000 0a13 0000 0000 0600
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 0000 0000 0000 0000 0000 0000
                0000 0000 c800 0000 90fb 0500 0000 0000
                f0fb 0500 0000 0000 f0fb 0500 0000 0000
                0300 0000 0800 0000    
                ;;

Especially the last two data sets, but there is a third one with the same device-id. All three new and added to support processors with the Intel® Iris™ Pro Graphics 580 backed in. The most powerful Intel graphics ever.

Ok. So the first two words (0600 3b19) are the device-id (reversed). We know that. Just like all previous revision, but the next six words are new. And no. Sorry. I have no idea what they are used for. Anyway. The next forty three words are pretty much the same. With the exception of the termination value (2000 instead of 4000) and the feature bits (9800 and c701). The next forty one words are also still a mystery. Oh and they all drive an internal (eDP) panel:

0000 0000 0800 0200 0000 9800

Update: Laptop users are advised to use FakePCIID.kext (with injector) to fake a device id of 1912, or anything above 0x191d to bypass the check in AppleIntelSKLGraphicsGLDriver.bundle

Credit and thanks to doix for this update (see comments)!

Hmm. There is one other thing that I noticed in the setup that I used. Take a look at this snippet of the output of my AppleIntelInfo.kext:

iGPU P-States [ 2 5 (6) 21 24 27 30 ]

That is not good. The first three and last three values should not be there so the next thing that I did was to check the output of the Intel Power Gadget.
IGPUFreqError

Even worse (goes up to 3.3GHz) so something was obviously not quite right. Ah there it is – I was stil injection plist data for the IGPU, which is not necessary anymore. Anyway. You can reproduce this with the following snippet:

<key>Mac-DB15BD556843C820</key>
<dict>
        <key>IGPU</key>
        <dict>
                <key>BoostPState</key>
                <array>
                        <integer>24</integer>
                        <integer>24</integer>
                        <integer>24</integer>
                        <integer>24</integer>
                </array>
                <key>BoostTime</key>
                <array>
                         <integer>1</integer>
                         <integer>1</integer>
                         <integer>1</integer>
                         <integer>15</integer>
                </array>
        </dict>
</dict>

Not that the Cinebench score changes, because it didn’t, but just so that you know what to look for when it happens on your setup.

Ok. My flight is almost leaving, and then I will try to update my script, during the flight back home for a well deserved holiday with my family. Ok. This has to be it for now, but I will keep you posted of anything else that I may find, like the new AAPL,XXXX properties 😉

Edit: Okay. Apple sets the model name to: “Intel HD Graphics SKL CRB” and that in combination with the data from /S*/L*/E*/IOUSBHostFamily.kext/C*/P*/AppleUSBXHCIPCI.kext/C*/Info.plist

<key>SklCrb,1-XHCI</key>
<dict>
	<key>CFBundleIdentifier</key>
	<string>com.apple.driver.AppleUSBMergeNub</string>
	<key>IOClass</key>
	<string>AppleUSBMergeNub</string>
	<key>IONameMatch</key>
	<string>XHC1</string>
	<key>IOProviderClass</key>
	<string>AppleUSBXHCIPCI</string>
	<key>IOProviderMergeProperties</key>
	<dict>
		<key>port-count</key>
		<data>
		GgAAAA==
		</data>
		<key>ports</key>
		<dict>
			<key>HS01</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				AQAAAA==
				</data>
			</dict>
			<key>HS02</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				AgAAAA==
				</data>
			</dict>
			<key>HS03</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				AwAAAA==
				</data>
			</dict>
			<key>HS04</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				BAAAAA==
				</data>
			</dict>
			<key>HS05</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				BQAAAA==
				</data>
			</dict>
			<key>HS06</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				BgAAAA==
				</data>
			</dict>
			<key>HS07</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				BwAAAA==
				</data>
			</dict>
			<key>HS08</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				CAAAAA==
				</data>
			</dict>
			<key>HS09</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				CQAAAA==
				</data>
			</dict>
			<key>HS10</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				CgAAAA==
				</data>
			</dict>
			<key>HS11</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				CwAAAA==
				</data>
			</dict>
			<key>HS12</key>
			<dict>
				<key>UsbConnector</key>
				<integer>3</integer>
				<key>port</key>
				<data>
				DAAAAA==
				</data>
			</dict>
		</dict>
	</dict>
	<key>model</key>
	<string>SKLCRB1,1</string>
</dict>

That may put the Geekbench score the one that was found a few months ago, in a new light. I mean. That board-id (Mac-50619A408DB004DA) is still unused so who else – than Apple – would want to use this kind of data? Intel?

by

OS X 10.11.4 wants IMEI, not HECI

Remember this error:

iTunes/Apple Store Content Access Problem. Content playback may be disabled on this computer. You can continue to use the machine, but you should contact an Apple support representative. ErrorCode: 8877652

Well. That appears to be found in Skylake based hardware, but I have good news for you. You can solve this by renaming Device (HECI) to Device (IMEI) in your DSDT/SSDT and then this error:

kernel[0]: IG: ME PCI ACPI device not found – PAVP services will be disabled – add IMEI to EFI / ACPI device list

In /var/log/system.log will also be gone. By the way. PAVP is short of Protected Audio Visual Path

Note: You may not see the above error without the ioppf=0xfff boot flag!

Update: I should have made it clear that the AppleIntelSKLGraphicsFramebuffer.kext checks for “IMEI” so this is meant for people with Skylake based hardware!

by

New MacBook9,1 frequency data found

I did some digging in OS X 10.11.4 and found additional information about the new and yet to be released MacBook9,1 / Mac-9AE82516C7C6B903 in the FrequencyVectors, suggesting that Apple will be using the following Intel processors:

Intel® Core™ m3-6Y30 Processor (4M Cache, up to 2.20 GHz)

Intel® Core™ m5-6Y54 Processor (4M Cache, up to 2.70 GHz)

Intel® Core™ m7-6Y75 Processor (4M Cache, up to 3.10 GHz)

Update: I also found this reference in the data to HWP:

68 77 70 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00

And that means that the yet to be released MacBook will be the first Mac with support for Intel HardWare-controlled Performance states (HWP is set to on with 01 00 00 00).

by

The unbeatable iPhone (or so they say)…

There are a lot of news articles written about the case of the FBI against Apple, and I personally think that law enforcement agencies should get access to devices and data, after a judge decides that it is necessary, on iDevices of suspects that are somehow involved with terrorism. Like todays attacks in Brussels.

I cannot believe that Apple won’t setup a lab for this and use hardware to get access to locked iDevices, when ordered by law. Is it just me or what?

But… someone (cellebrite.com apparently) already found a new attack vector. Hmm. I wonder who that is and what he did. Perhaps he took out the SIM slot and used a specially crafted SIM card, or used the port at the bottom of the iPhone. Two possible attack vectors. I mean. We all know that iOS has (security related) flaws. Otherwise Jailbreak software would not have been possible.

So yeah. I’m all in for Apple, or some independent organisation, getting access, with a hardware device that won’t be shared with anyone else. I mean. Who gives a BEEP about my stupid pictures and conversations. My bank info? Same story. Law enforcement agencies worldwide already have access to it so whatever. I mean. Is your data really more important to you than the safety of you and your family? Really? Well. To me it isn’t. Not in this universe, so go go Feds!!!

Sure. It may be questionable if this will help law enforcement agencies to prevent future attacks, but to say no upfront… is IMHO not a smart thing to do. Not something Apple should do. And companies like Samsung, Google. Well. You name it. They should all have some kind of hardware device in a lab to help law enforcement agencies. I’m not saying that it should be simple and free of charge, but a reasonable price should be acceptable. And I personally have absolutely zero issues with a solution like this.

by

SIP and Gatekeeper are not good enough…

The Ransomware in the Transmission v2.90 DMG found by Unit 42 certainly proves one thing, and that is that Gatekeeper and SIP in it’s current incarnation, are not good enough. Yes. SIP protects a lot of files, but not all of them. And sure. With Gatekeeper activated it won’t have been installed, but many people – I presume – have changed their Gatekeeper preference so that they can install software from anywhere. Not just the Mac App Store.

Some people even disable (parts of) SIP and this particular case shows us that disabling file system protection is not a smart thing to do. Not that it would protect you against this specific malware, but still.

Apple should also make it possible to add restrictions, yourself, and perhaps back-port some of the SIP changes it made for OS X 10.12 into the next release of El Capitan so that this is a none issue for future attacks.

Please note that the in-app update of Transmission are not affected, suggesting that (some of the) server(s) are/were hacked, or otherwise compromised, and that the developer certificate to sign the version of Transmission that included the malware, was that of a Turkish company (already revoked by Apple). Not the usual certificate from the Transmission developers. I don’t know if the company self was somehow involved, or someone from that company, but their certificate was used by some shady people.

And if only Gatekeeper would have checked the (origin) of the certificate, as it should IMHO, and showed you a warning that the certificate had changed, then at least some folks (not all) would have known about this malware long before it was widespread – the DMG with the ransomware was available for quite some time, but since you had to download the DMG yourself, it may be limited.

In short. It is time for Apple to act… or perhaps people like Craig Federighi should be careful with comments like: “That’s why my team works so hard to stay ahead.“. I mean. Torrent apps like Transmission won’t get accepted by Apple – for the App Store – so they basically expose people to attacks that could have been avoided. Don’t you agree?

Note: Transmission v2.92 will automatically remove the “kernel_service”