From ef06f096d076f739893f1d8baa7f03fadb4e68e5 Mon Sep 17 00:00:00 2001
From: Mykola Grymalyuk <48863253+khronokernel@users.noreply.github.com>
Date: Mon, 29 Mar 2021 20:35:32 -0600
Subject: [PATCH] Fix SIP detection

---
 Resources/Constants.py | 28 ++++++++++++++--------------
 Resources/SysPatch.py  | 15 +++++++--------
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/Resources/Constants.py b/Resources/Constants.py
index 4ee8bf4eb..ff325a753 100644
--- a/Resources/Constants.py
+++ b/Resources/Constants.py
@@ -251,17 +251,17 @@ class Constants:
     @property
     def skylight_path(self): return self.payload_apple_private_frameworks_path / Path("SkyLight.framework")
 
-    csr_values = [
-        "CSR_ALLOW_UNTRUSTED_KEXTS           ",# 0x1   - Introduced in El Capitan
-        "CSR_ALLOW_UNRESTRICTED_FS           ",# 0x2   - Introduced in El Capitan
-        "CSR_ALLOW_TASK_FOR_PID              ",# 0x4   - Introduced in El Capitan
-        "CSR_ALLOW_KERNEL_DEBUGGER           ",# 0x8   - Introduced in El Capitan
-        "CSR_ALLOW_APPLE_INTERNAL            ",# 0x10  - Introduced in El Capitan
-        "CSR_ALLOW_UNRESTRICTED_DTRACE       ",# 0x20  - Introduced in El Capitan
-        "CSR_ALLOW_UNRESTRICTED_NVRAM        ",# 0x40  - Introduced in El Capitan
-        "CSR_ALLOW_DEVICE_CONFIGURATION      ",# 0x80  - Introduced in El Capitan
-        "CSR_ALLOW_ANY_RECOVERY_OS           ",# 0x100 - Introduced in Sierra
-        "CSR_ALLOW_UNAPPROVED_KEXTS          ",# 0x200 - Introduced in High Sierra
-        "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE",# 0x400 - Introduced in Mojave
-        "CSR_ALLOW_UNAUTHENTICATED_ROOT      ",# 0x800 - Introduced in Big Sur
-    ]
\ No newline at end of file
+    csr_values = {
+        "CSR_ALLOW_UNTRUSTED_KEXTS           ": False, # 0x1   - Introduced in El Capitan
+        "CSR_ALLOW_UNRESTRICTED_FS           ": False, # 0x2   - Introduced in El Capitan
+        "CSR_ALLOW_TASK_FOR_PID              ": False, # 0x4   - Introduced in El Capitan
+        "CSR_ALLOW_KERNEL_DEBUGGER           ": False, # 0x8   - Introduced in El Capitan
+        "CSR_ALLOW_APPLE_INTERNAL            ": False, # 0x10  - Introduced in El Capitan
+        "CSR_ALLOW_UNRESTRICTED_DTRACE       ": False, # 0x20  - Introduced in El Capitan
+        "CSR_ALLOW_UNRESTRICTED_NVRAM        ": False, # 0x40  - Introduced in El Capitan
+        "CSR_ALLOW_DEVICE_CONFIGURATION      ": False, # 0x80  - Introduced in El Capitan
+        "CSR_ALLOW_ANY_RECOVERY_OS           ": False, # 0x100 - Introduced in Sierra
+        "CSR_ALLOW_UNAPPROVED_KEXTS          ": False, # 0x200 - Introduced in High Sierra
+        "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE": False, # 0x400 - Introduced in Mojave
+        "CSR_ALLOW_UNAUTHENTICATED_ROOT      ": False, # 0x800 - Introduced in Big Sur
+    }
\ No newline at end of file
diff --git a/Resources/SysPatch.py b/Resources/SysPatch.py
index fba397cfc..f8bf32a9a 100644
--- a/Resources/SysPatch.py
+++ b/Resources/SysPatch.py
@@ -14,7 +14,6 @@ import subprocess
 import uuid
 import zipfile
 import os
-import urllib.request
 from pathlib import Path
 from datetime import date
 
@@ -32,14 +31,17 @@ class PatchSysVolume:
         for current_sip_bit in self.constants.csr_values:
             if sip_int & (1 << i):
                 temp = True
-                # The below array are values that don't affect the ability to patch
-                if current_sip_bit not in ["CSR_ALLOW_TASK_FOR_PID              ", "CSR_ALLOW_KERNEL_DEBUGGER           ", "CSR_ALLOW_APPLE_INTERNAL            ", "CSR_ALLOW_ANY_RECOVERY_OS           ",]:
-                    self.sip_patch_status = False
+                self.constants.csr_values[current_sip_bit] = True
             else:
                 temp = False
             if print_status is True:
                 print(f"- {current_sip_bit}\t {temp}")
             i = i + 1
+        # TODO: Fix this garbage when I have more sanity
+        if ((self.constants.csr_values["CSR_ALLOW_UNTRUSTED_KEXTS           "] is True) and (self.constants.csr_values["CSR_ALLOW_UNRESTRICTED_FS           "] is True) and (self.constants.csr_values["CSR_ALLOW_TASK_FOR_PID              "] is True) and (self.constants.csr_values["CSR_ALLOW_KERNEL_DEBUGGER           "] is True) and (self.constants.csr_values["CSR_ALLOW_APPLE_INTERNAL            "] is True) and (self.constants.csr_values["CSR_ALLOW_UNRESTRICTED_DTRACE       "] is True) and (self.constants.csr_values["CSR_ALLOW_UNRESTRICTED_NVRAM        "] is True) and (self.constants.csr_values["CSR_ALLOW_DEVICE_CONFIGURATION      "] is True) and (self.constants.csr_values["CSR_ALLOW_ANY_RECOVERY_OS           "] is True) and (self.constants.csr_values["CSR_ALLOW_UNAPPROVED_KEXTS          "] is True) and (self.constants.csr_values["CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE"] is True) and (self.constants.csr_values["CSR_ALLOW_UNAUTHENTICATED_ROOT      "] is True)):
+            self.sip_patch_status = False
+        else:
+            self.sip_patch_status = True
 
     def find_mount_root_vol(self, patch):
         root_partition_info = plistlib.loads(subprocess.run("diskutil info -plist /".split(), stdout=subprocess.PIPE).stdout.decode().strip().encode())
@@ -234,10 +236,7 @@ class PatchSysVolume:
 
     def download_files(self):
         print("- Downloading Apple binaries")
-        try:
-            urllib.request.urlretrieve(self.constants.url_apple_binaries, self.constants.payload_apple_root_path_zip)
-        except urllib.error.HTTPError:
-            print("- Link invalid")
+        subprocess.run(f"curl -L {self.constants.url_apple_binaries} --output {self.constants.payload_apple_root_path_zip}".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode()
         if self.constants.payload_apple_root_path_zip.exists():
             print("- Download completed")
             print("- Unzipping download...")