Page 1 of 1

lsock not working on Elcapitan

PostPosted: Sun Nov 15, 2015 3:35 pm
by backendbilly
Hey J,

It's been very quite lately on this forum. Thought I would mention that lsock shows no connections at all when recompiled on Elcapitan. Using an older executable that worked on Yosemite shows the following:

Code: Select all
connect(AF_SYS_CONTROL): Resource busy
Apparently some other process is using the system socket. On iOS, this is usually UserEventAgent. Kill it (-9!) and immediately start this program
Unable to continue without socket


Recompiling lsock will get it to work but displays no connection

Billy

Re: lsock not working on Elcapitan

PostPosted: Mon Nov 16, 2015 1:57 am
by morpheus
Apple has significantly hardened EC, enforcing entitlements on just about ANYTHING. Specifically, these are the entitlements required also by top:

Code: Select all
bash-3.2# ~/jtool --ent /usr/bin/nettop
Entitlements:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.private.network.statistics</key>
        <true/>
</dict>
</plist>


Which - if granted to my lovely tool, will make it work. Either that, or disable System Integrity Protection. Not much I can do since the entitlement has been baked into the kernel..

Re: lsock not working on Elcapitan

PostPosted: Thu Nov 19, 2015 1:55 am
by backendbilly
it does not seem to matter whether the entitlement is added or not in fact if it's added, it will get killed and a report gets generated.

Re: lsock not working on Elcapitan

PostPosted: Fri Nov 20, 2015 9:14 pm
by morpheus
That's because OS X doesn't take kindly to self signed binaries. You'd have to sign with a valid certificate.