Fresh install of macOS lacks dev tools, thus no strings #171
Comments
|
Yeah, I agree that's annoying. Have you tried to put a copy of the strings command from a macos that has XCode installed into UAC bin directory? |
Yes, this we've also tried, but it's calling a dynamic library that is provided by the Command Line Developer tools, so putting the strings binary from a system that has it, onto a fresh system, it will still generate the same error. You would probably be able to compile it statically, but we went for tbostrings so that we can get all ASCII and UNICODE strings in the same pass, which is nice. |
|
I will take a look on tbostrings. |
|
I have pushed a new code to develop that solves this. First, UAC will check if xcode tools is installed in the target system. If not, UAC will use astrings tool (built-in shell function that extracts strings from binary files for any operating system). Can you download the develop branch and test it, please? Thanks! |
|
Code has been merged into uac v3.0.0-rc1. |
Annoyingly, Apple doesn't ship the Command Line Developer tools with macOS, thus there is no strings binary to use. When running in a terminal window locally it pops up a message box about this, luckily it does not when using for example EDR.
As a workaround we've taken tbostrings and compiled one for x86_64 and one for arm64 and ship them together with UAC, use a oneliner in the strings_running_processes YAML file with some logic for the artefact to check for the com.apple.quarantine extended attribute, disable it when necessary using xattr, and chmod the executable flag, check CPU architecture, and finally run the appropriate binary with
tbostrings %line%. Not perfect, but it works.The text was updated successfully, but these errors were encountered: