\ud544\uc790\ub294 \uce74\ud0c8\ub9ac\ub098 \ucd5c\uc885 \ube4c\ub4dc\ub118\ubc84\uc778 19H2026\uc774\uae30\uc5d0,
Kernel Debug Kit 10.15.7 build 19H1824\ub97c \uc120\ud0dd\ud574\uc11c \uc124\uce58\ud558\uc600\ub2e4.<\/p>\n\n\n\n
1. First, Check build number and download appropriate KDK.<\/strong> 2. \ub9ac\ucee4\ubc84\ub9ac \ubaa8\ub4dc\uc5d0 \uc9c4\uc785\ud574\uc11c SIP\ub97c \ube44\ud65c\uc131\ud654\ud55c\ub2e4.<\/strong> 2. Entering recovery mode and disable SIP.<\/strong> 3. \uc544\ub798 \uba85\ub839\uc5b4\ub97c \ucc28\ub840\ub300\ub85c \uc785\ub825\ud574\uc8fc\uace0 \uc7ac\ubd80\ud305\ud55c\ub2e4. <\/strong>(\ud658\uacbd\uc5d0 \ub530\ub77c \uc0c1\uc774\ud560 \uc218 \uc788\uc74c)<\/p>\n\n\n\n 3. Input these below commands and reboot.<\/strong> (Can be different by environemnt)<\/p>\n\n\n\n $ sudo mount -u -w \/ \uadf8\ub7ec\uba74 Verbose \ubaa8\ub4dc\ub85c \ubd80\ud305\ub418\uba74\uc11c \ub514\ubc84\uac70\uac00 attach\ub420\ub54c\uae4c\uc9c0 \ub300\uae30\ud55c\ub2e4. \ub9cc\uc57d \ubd80\ud305\ud574\uc11c \uc5ec\uae30\uae4c\uc9c0 \ud0c0\uac9f\uc758 \uc900\ube44\uacfc\uc815\uc740 \ub05d\ub0ac\ub2e4. \uc774\uc81c \ud638\uc2a4\ud2b8\uc758 \uc900\ube44\uacfc\uc815\uc5d0 \ub300\ud574 \uc0b4\ud3b4\ubcf4\uba74, \uc544\ub798 \uba85\ub839\uc5b4\ub85c \uc811\uc18d\ud574\uc11c \ub514\ubc84\uac70\ub97c attach \ud574\uc8fc\uba74 \ub41c\ub2e4. \uc8fc\uc758\ud560\uc810\uc740 \ucee4\ub110\uc744 \uc2e4\ud589\ud55c \ud6c4\ubd80\ud130\ub294 \ucee4\ub110\uc744 \ub2e4\uc2dc\ub294 \uba48\ucd9c \uc218 \uc5c6\uae30\uc5d0 \ubbf8\ub9ac \ube0c\ub808\uc774\ud06c\ud3ec\uc778\ud2b8\ub97c \uc124\uce58\ud574\uc8fc\uc5b4\uc57c \ub41c\ub2e4. target $ sysctl kern.singleuser<\/p>\n\n\n\n host $ (lldb) b sysctl_singleuser<\/p>\n","protected":false},"excerpt":{"rendered":" \ud544\uc790 \uc0ac\uc6a9\ud658\uacbd(My Environemnt):macOS 14.4 (Hackintosh) 1 Device \ub450 \ub300\uc758 \ub9e5\uc774 \ud544\uc694\ud55c\ub370 \uc5c6\uc73c\ubbc0\ub85c, \ud574\ud0a8\ud1a0\uc2dc \ub178\ud2b8\ubd81\uc5d0\uc11c Vmware Fusion\uc73c\ub85c \uac00\uc0c1 \ub9e5\uc744 \uad6c\ud604\ud558\uc5ec KDK\ub97c \uc2e4\uc2b5\ud574\ubcf4\ub824 \ud55c\ub2e4.Required 2 Mac computer, but since I have only one hackintosh laptop, so going to build environemnt with Vmware Fusion. \uce74\ud0c8\ub9ac\ub098 10.15.7 \ubc84\uc804\uc744 \uc120\ud0dd\ud558\uc600\ub2e4.I chose macOS Catalina 10.15.7, and… \ud0c0\uac9f\uc5d0\uc11c\uc758 \uacfc\uc815\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.Process in… \ub354 \ubcf4\uae30 »macOS Kernel Development Kit\ub85c \ucee4\ub110 \ub514\ubc84\uae45\ud574\ubcf4\uae30 (Debugging kernel using macOS KDK)<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[13],"class_list":["post-2294","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-macos"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2294"}],"version-history":[{"count":10,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2294\/revisions"}],"predecessor-version":[{"id":2344,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2294\/revisions\/2344"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
I’m using Final version of Catalina which build number is 19H2026,
so I installed Kernel Debug Kit 10.15.7 (build 19H1824)<\/p>\n\n\n\n
\uc124\uce58\ub97c \ud558\uace0\ub098\uba74 \uc7ac\ubd80\ud305\uc911\uc5d0 Command+R\ud0a4\ub97c \ub204\ub974\uace0\uc788\ub2e4\ubcf4\uba74 \ub9ac\ucee4\ubc84\ub9ac\ubaa8\ub4dc\ub85c \uc9c4\uc785\ud55c\ub2e4.
\uc5ec\uae30\uc11c \uc720\ud2f8\ub9ac\ud2f0 > \ud130\ubbf8\ub110\uc5d0\uc11c csrustil disable<\/code> \uba85\ub839\uc5b4\ub97c \uc785\ub825\ud558\uba74 SIP\ub97c \ube44\ud65c\uc131\ud654\uc2dc\ud0ac \uc218 \uc788\ub2e4.
\uadf8\ub7f0\ub2e4\uc74c, \uc7ac\ubd80\ud305\uc744 \uc9c4\ud589\ud55c\ub2e4.<\/p>\n\n\n\n
When reboot and keep pressing Command+R shortcuts, you can go to recovery mode.
Entering Utilities > Terminal, and enter command csrutil disable<\/code>. then, SIP disabled.<\/p>\n\n\n\n![\"\"](\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/04\/\uc2a4\ud06c\ub9b0\uc0f7-2024-04-08-\uc624\ud6c4-3.47.02.png\")
<\/figure>\n\n\n\n
$ sudo cp \/Library\/Developer\/KDKs\/KDK_10.15.7_19H1824.kdk\/System\/Library\/Kernels\/kernel.development \/System\/Library\/Kernels
$ sudo kextcache -invalidate \/Volumes\/Macintosh\\ HD
$ sudo nvram boot-args=”debug=0x141 kext-dev-mode=1 kcsuffix=development pmuflags=1 -v”
(\uc0ac\uc9c4\uc5d0 \uc788\ub294 nvram \uba85\ub839\uc5b4\ub85c\ub294 \uc81c\ub300\ub85c \uc791\ub3d9\uc548\ud574\uc11c \uc218\uc815\ud588\uc2b5\ub2c8\ub2e4.)
$ sudo reboot<\/p>\n\n\n\n![\"\"](\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/04\/image-13-1024x827.png\")
<\/figure>\n\n\n\n
Then, it boots with verbose mode and waiting until attach debuggers.<\/p>\n\n\n\n![\"\"](\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/04\/\uc2a4\ud06c\ub9b0\uc0f7-2024-04-08-\uc624\ud6c4-3.50.50.png\")
<\/figure>\n\n\n\nuname -a<\/code> \uba85\ub839\uc5b4\ub85c \ud655\uc778\ud574\ubcf4\uba74, DEVELOPEMENT \ube4c\ub4dc\ub85c \ubd80\ud305\ub41c \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4!
If booted and check command with uname -a<\/code>, you can check that it booted with DEVELOPMENT build!<\/p>\n\n\n\n
This is the end of target process.<\/p>\n\n\n\n
\ud0c0\uac9f\uc5d0\uc11c \uc124\uce58\ud588\ub358 \ubc84\uc804\uc758 KDK\ub97c \uc124\uce58\ud574\uc8fc\uace0,
Now, let’s take a look at process of host.
Install same version of KDK that previously installed in target.<\/p>\n\n\n\n
Input these commands and attach debuggers.
$ lldb
$ (lldb) target create \/Library\/Developer\/KDKs\/KDK_10.15.7_19H1824.kdk\/System\/Library\/Kernels\/kernel.development
$ (lldb) kdp-remote 192.168.209.136<\/p>\n\n\n\n
One of important things is that, if you resume kernel, then it cannot be stopped. so, needed to be install breakpoint before resume.<\/p>\n\n\n\n
<\/p>\n\n\n\n![\"\"](\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/04\/image-14-1024x652.png\")
<\/figure>\n\n\n\n