Building secure privileged XPC services is not trivial. During my talk "Abusing & Securing XPC in macOS apps" on Objective By The Sea conference, I promised to share an example of a secure one. So, here it is!
This tool is not only mentioned to help to secure vulnerable XPC apps but also may help you learning XPC exploitation. Go to the ConnectionVerifier.swift file and comment the if statements.
1. Please remember that you need to update the Info.plist files with a SecRequirement string basing on your developer certificate, since the Helper uses SMJobless API. More info here
Note, that in order to be secure, the SecRequirement string at least has to include:
- bundle identifiers (of the installer and the service)
- your dev certificate's team ID
- 'anchor trusted' prefix
- minimum version (of the installer and the service)
2. Updates also need to be performed in Shared/Constants.swift.