Swift code to programmatically perform dylib injection. You can also use this (or the manual method of dylib injection from the command line) to validate/test some of the findings from my EntitlementChecks scripts (https://github.com/cedowens/EntitlementCheck).
- Build your injection dylib to do whatever function you desire (ex: pop calc). You can use the included calc.c file as well. If you want to use that file, build it by running:
gcc -dynamiclib calc.c -o calc.dylib
- In the Inject_Dylib main.swift file, edit the binpath variable value and enter the path to the vulnerable application you want to inject into. Note: you can use my EntitlementCheck tools to help find vulnerable apps/binaries (https://github.com/cedowens/EntitlementCheck)
- In the Inject_Dylib main.swift file, edit the maliciousDylibPath variable value and enter the name of the injection dylib you want to use
- Build the Inject-Dylib project (by default Xcode will drop the binary to ~/Library/Developer/Xcode/DerivedData/Inject_Dylib-[random]/Build/Products/Debug)
- Place your injection dylib in the same folder as the Inject_Dylib binary
-
./Inject_Dylib
The sample code here injects into GarageBand (which does not have HardenedRuntime enabled) and uses the included compiled calc.dylib (pops calculator) for the injection.