[PR #155] [MERGED] Custom Serial Numbers (iMessage/iCloud security analysis) #714

New Issue

Closed

opened 2025-12-29 01:24:48 +01:00 by adam · 0 comments

adam commented 2025-12-29 01:24:48 +01:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/sickcodes/Docker-OSX/pull/155
Author: @sickcodes
Created: 2/26/2021
Status: ✅ Merged
Merged: 2/26/2021
Merged by: @sickcodes

Base: master ← Head: custom-identity

---

📝 Commits (10+)

• 5aa689e WIP: Machine unique value generator
• 3729052 Add zip, fix global variables in the serial generator.
• d3e86e1 Add config.plist and OpenCore boot disk generator to the script.
• 246fd12 TSV output, for easier scripting
• 7886e0f Add --output-env && --output-bootdisk
• 4ffed54 WIP generate-specific-bootdisk.sh
• 9e5538c Add Linux, libguestfs for building bootdisks within the Docker container. Add CPU_STRING to optionally override the whole CPU string. Unify variable names in ./custom.
• 9f10452 Typo
• 23ab20c Major serial number runtime generation and override changes.
• 316a8ab Set temporary branch

📊 Changes

10 files changed (+1960 additions, -84 deletions)

View changed files

📝 CHANGELOG.md (+2 -0)
📝 Dockerfile (+80 -9)
📝 Dockerfile.auto (+36 -5)
📝 Dockerfile.naked (+37 -7)
📝 README.md (+281 -63)
➕ custom/config-nopicker-custom.plist (+885 -0)
➕ custom/generate-specific-bootdisk.sh (+184 -0)
➕ custom/generate-unique-machine-values.sh (+287 -0)
➕ custom/opencore-image-ng.sh (+164 -0)
📝 helm/README.md (+4 -0)

📄 Description

How to test

apt update -y && apt install git curl wget vim xvfb scrot build-essential sshpass -y \
    && git clone https://github.com/stolk/imcat.git \
    && cd imcat \
    && make \
    && sudo cp imcat /usr/bin/imcat \
    && touch /usr/bin/scrotcat \
    && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \
    && chmod +x /usr/bin/scrotcat \
&& BRANCH=custom-identity \
&& CACHE= \
&& export DISPLAY=:99 \
&& cd ~ \
    && ( nohup Xvfb :99 -screen 0 1920x1080x16 & ) \
    && echo 1 | tee /sys/module/kvm/parameters/ignore_msrs \
    ; rm -rf Docker-OSX \
    ; cd ~ \
    && git clone https://github.com/sickcodes/Docker-OSX.git \
    && cd Docker-OSX \
    && git checkout -f "${BRANCH}" \
    && docker build --build-arg RANKMIRRORS=true  --build-arg MIRROR_COUNTRY=US ${CACHE} -t docker-osx:latest . \
    && docker tag docker-osx:latest sickcodes/docker-osx:latest \
    && docker build --build-arg RANKMIRRORS=true  --build-arg MIRROR_COUNTRY=US ${CACHE} -t docker-osx:naked -f Dockerfile.naked . \
    && docker tag docker-osx:naked sickcodes/docker-osx:naked \
    && docker build --build-arg RANKMIRRORS=true  --build-arg MIRROR_COUNTRY=US ${CACHE} -t docker-osx:auto -f Dockerfile.auto . \
    && docker tag docker-osx:auto sickcodes/docker-osx:auto

After that all of these should work.

For testing headless, you can take screenshots in the terminal now using scrotcat.

To test using headless, open a separate terminal with:

export DISPLAY=:99
scrotcat

while true; do scrotcat; sleep 1; done

All the command below are examples of different ways to set serial numbers.

cd ~
wget https://images2.sick.codes/mac_hdd_ng_auto.img

cp mac_hdd_ng_auto.img mac_hdd_ng_testing.img

cd ~

touch C02TW0WAHX87.env
touch ./C02TW0WAHX87.qcow

# successful
docker run -it \
    --device /dev/kvm \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 50922:10022 \
    -e NOPICKER=true \
    -e GENERATE_SPECIFIC=true \
    -e DEVICE_MODEL="iMacPro1,1" \
    -e SERIAL="C02TW0WAHX87" \
    -e BOARD_SERIAL="C027251024NJG36UE" \
    -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
    -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
    -e BOOTDISK=/bootdisk \
    -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \
    -v "${PWD}/mac_hdd_ng_testing.img:/image" \
    sickcodes/docker-osx:naked

# sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber'

until [[ "$(sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber')" = '    |   "IOPlatformSerialNumber" = "C02TW0WAHX87"' ]]; do
    sleep 1
done

docker run -it \
    --device /dev/kvm \
    -v "${PWD}/mac_hdd_ng.img:/image" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 50922:10022 \
    -e NOPICKER=true \
    -e GENERATE_SPECIFIC=true \
    -e DEVICE_MODEL="iMacPro1,1" \
    -e SERIAL="C02TW0WAHX87" \
    -e BOARD_SERIAL="C027251024NJG36UE" \
    -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
    -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
    -e BOOTDISK=/bootdisk \
    -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \
    -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
    sickcodes/docker-osx:auto

docker run -it \
    --device /dev/kvm \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 50922:10022 \
    -e NOPICKER=true \
    -e GENERATE_UNIQUE=true \
    -e GENERATE_SPECIFIC=true \
    -e DEVICE_MODEL="iMacPro1,1" \
    -e BOOTDISK=/bootdisk \
    -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \
    -v "${PWD}/C02TW0WAHX87.env:/env" \
    -v "${PWD}/mac_hdd_ng_testing.img:/image" \
    sickcodes/docker-osx:naked

until [[ "$(sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber')" = '    |   "IOPlatformSerialNumber" = "C02TW0WAHX87"' ]]; do
    sleep 1
done

stat C02TW0WAHX87.qcow
cat C02TW0WAHX87.env

# this image generates a brand new machine, persisting the env file.
# to use this machine later, switch it to specific and use the newly generated values in the env files
docker run -it \
    --device /dev/kvm \
    -v "${PWD}/mac_hdd_ng.img:/image" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 50922:10022 \
    -e NOPICKER=true \
    -e GENERATE_UNIQUE=true \
    -e DEVICE_MODEL="iMacPro1,1" \
    -e BOOTDISK=/bootdisk \
    -v "${PWD}/C02TW0WAHX87.env:/env" \
    -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
    sickcodes/docker-osx:auto


# this image aims to persist the qcow by adding these two lines
    # -e GENERATE_SPECIFIC=true \
    # -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \
docker run -it \
    --device /dev/kvm \
    -v "${PWD}/mac_hdd_ng.img:/image" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 50922:10022 \
    -e NOPICKER=true \
    -e GENERATE_UNIQUE=true \
    -e GENERATE_SPECIFIC=true \
    -e DEVICE_MODEL="iMacPro1,1" \
    -e BOOTDISK=/bootdisk \
    -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \
    -v "${PWD}/C02TW0WAHX87.env:/env" \
    -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
    sickcodes/docker-osx:auto

# a naked run using the testing image
# this tests that on each run it should use a random serial number set.
# no persistent env information
# DONT USE THIS IF YOU WANT TO HAVE ONE DEVICE
docker run -it \
    --device /dev/kvm \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 50922:10022 \
    -e NOPICKER=true \
    -e GENERATE_UNIQUE=true \
    -e DEVICE_MODEL="iMacPro1,1" \
    -v "${PWD}/mac_hdd_ng_testing.img:/image" \
    sickcodes/docker-osx:naked


until [[ "$(sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber')" = '    |   "IOPlatformSerialNumber" = "xxxxxxxxxxxxx"' ]]; do
    sleep 1
done


docker run -it \
    --device /dev/kvm \
    -v "${PWD}/mac_hdd_ng.img:/image" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -p 50922:10022 \
    -e NOPICKER=true \
    -e GENERATE_UNIQUE=true \
    -e DEVICE_MODEL="iMacPro1,1" \
    -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
    sickcodes/docker-osx:auto

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/sickcodes/Docker-OSX/pull/155 **Author:** [@sickcodes](https://github.com/sickcodes) **Created:** 2/26/2021 **Status:** ✅ Merged **Merged:** 2/26/2021 **Merged by:** [@sickcodes](https://github.com/sickcodes) **Base:** `master` ← **Head:** `custom-identity` --- ### 📝 Commits (10+) - [`5aa689e`](https://github.com/sickcodes/Docker-OSX/commit/5aa689e8ad4fe46f1a781b394486c81831f2b3d5) WIP: Machine unique value generator - [`3729052`](https://github.com/sickcodes/Docker-OSX/commit/372905218fb73c0de5eb6903aad5d2e0299c624a) Add zip, fix global variables in the serial generator. - [`d3e86e1`](https://github.com/sickcodes/Docker-OSX/commit/d3e86e1c5337100347efa31a4a6619366cf4737c) Add config.plist and OpenCore boot disk generator to the script. - [`246fd12`](https://github.com/sickcodes/Docker-OSX/commit/246fd12c1842da1ef03d2b6241c15e7e60731609) TSV output, for easier scripting - [`7886e0f`](https://github.com/sickcodes/Docker-OSX/commit/7886e0fd065bfaaa773787aed2ac055061abd388) Add --output-env <filename> && --output-bootdisk <filename> - [`4ffed54`](https://github.com/sickcodes/Docker-OSX/commit/4ffed5472416cf0662cf356343bde23f20f0e541) WIP generate-specific-bootdisk.sh - [`9e5538c`](https://github.com/sickcodes/Docker-OSX/commit/9e5538c195b30ad55d24e4976a0f9ad67f70a446) Add Linux, libguestfs for building bootdisks within the Docker container. Add CPU_STRING to optionally override the whole CPU string. Unify variable names in ./custom. - [`9f10452`](https://github.com/sickcodes/Docker-OSX/commit/9f104526e04e7527b1f067290e9854a9b9fa8c0b) Typo - [`23ab20c`](https://github.com/sickcodes/Docker-OSX/commit/23ab20c2fa5883dc6dd32300fde1d65bc50f9cfe) Major serial number runtime generation and override changes. - [`316a8ab`](https://github.com/sickcodes/Docker-OSX/commit/316a8abfa05839c14098c3279fae31f0d6210775) Set temporary branch ### 📊 Changes **10 files changed** (+1960 additions, -84 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+2 -0) 📝 `Dockerfile` (+80 -9) 📝 `Dockerfile.auto` (+36 -5) 📝 `Dockerfile.naked` (+37 -7) 📝 `README.md` (+281 -63) ➕ `custom/config-nopicker-custom.plist` (+885 -0) ➕ `custom/generate-specific-bootdisk.sh` (+184 -0) ➕ `custom/generate-unique-machine-values.sh` (+287 -0) ➕ `custom/opencore-image-ng.sh` (+164 -0) 📝 `helm/README.md` (+4 -0) </details> ### 📄 Description ## How to test ```bash apt update -y && apt install git curl wget vim xvfb scrot build-essential sshpass -y \ && git clone https://github.com/stolk/imcat.git \ && cd imcat \ && make \ && sudo cp imcat /usr/bin/imcat \ && touch /usr/bin/scrotcat \ && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ && chmod +x /usr/bin/scrotcat \ && BRANCH=custom-identity \ && CACHE= \ && export DISPLAY=:99 \ && cd ~ \ && ( nohup Xvfb :99 -screen 0 1920x1080x16 & ) \ && echo 1 | tee /sys/module/kvm/parameters/ignore_msrs \ ; rm -rf Docker-OSX \ ; cd ~ \ && git clone https://github.com/sickcodes/Docker-OSX.git \ && cd Docker-OSX \ && git checkout -f "${BRANCH}" \ && docker build --build-arg RANKMIRRORS=true --build-arg MIRROR_COUNTRY=US ${CACHE} -t docker-osx:latest . \ && docker tag docker-osx:latest sickcodes/docker-osx:latest \ && docker build --build-arg RANKMIRRORS=true --build-arg MIRROR_COUNTRY=US ${CACHE} -t docker-osx:naked -f Dockerfile.naked . \ && docker tag docker-osx:naked sickcodes/docker-osx:naked \ && docker build --build-arg RANKMIRRORS=true --build-arg MIRROR_COUNTRY=US ${CACHE} -t docker-osx:auto -f Dockerfile.auto . \ && docker tag docker-osx:auto sickcodes/docker-osx:auto ``` After that all of these should work. For testing headless, you can take screenshots in the terminal now using `scrotcat`. To test using headless, open a separate terminal with: ``` export DISPLAY=:99 scrotcat while true; do scrotcat; sleep 1; done ``` All the command below are examples of different ways to set serial numbers. ```bash cd ~ wget https://images2.sick.codes/mac_hdd_ng_auto.img cp mac_hdd_ng_auto.img mac_hdd_ng_testing.img cd ~ touch C02TW0WAHX87.env touch ./C02TW0WAHX87.qcow # successful docker run -it \ --device /dev/kvm \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -p 50922:10022 \ -e NOPICKER=true \ -e GENERATE_SPECIFIC=true \ -e DEVICE_MODEL="iMacPro1,1" \ -e SERIAL="C02TW0WAHX87" \ -e BOARD_SERIAL="C027251024NJG36UE" \ -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ -e BOOTDISK=/bootdisk \ -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \ -v "${PWD}/mac_hdd_ng_testing.img:/image" \ sickcodes/docker-osx:naked # sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber' until [[ "$(sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber')" = ' | "IOPlatformSerialNumber" = "C02TW0WAHX87"' ]]; do sleep 1 done docker run -it \ --device /dev/kvm \ -v "${PWD}/mac_hdd_ng.img:/image" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -p 50922:10022 \ -e NOPICKER=true \ -e GENERATE_SPECIFIC=true \ -e DEVICE_MODEL="iMacPro1,1" \ -e SERIAL="C02TW0WAHX87" \ -e BOARD_SERIAL="C027251024NJG36UE" \ -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ -e BOOTDISK=/bootdisk \ -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \ -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \ sickcodes/docker-osx:auto docker run -it \ --device /dev/kvm \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -p 50922:10022 \ -e NOPICKER=true \ -e GENERATE_UNIQUE=true \ -e GENERATE_SPECIFIC=true \ -e DEVICE_MODEL="iMacPro1,1" \ -e BOOTDISK=/bootdisk \ -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \ -v "${PWD}/C02TW0WAHX87.env:/env" \ -v "${PWD}/mac_hdd_ng_testing.img:/image" \ sickcodes/docker-osx:naked until [[ "$(sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber')" = ' | "IOPlatformSerialNumber" = "C02TW0WAHX87"' ]]; do sleep 1 done stat C02TW0WAHX87.qcow cat C02TW0WAHX87.env # this image generates a brand new machine, persisting the env file. # to use this machine later, switch it to specific and use the newly generated values in the env files docker run -it \ --device /dev/kvm \ -v "${PWD}/mac_hdd_ng.img:/image" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -p 50922:10022 \ -e NOPICKER=true \ -e GENERATE_UNIQUE=true \ -e DEVICE_MODEL="iMacPro1,1" \ -e BOOTDISK=/bootdisk \ -v "${PWD}/C02TW0WAHX87.env:/env" \ -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \ sickcodes/docker-osx:auto # this image aims to persist the qcow by adding these two lines # -e GENERATE_SPECIFIC=true \ # -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \ docker run -it \ --device /dev/kvm \ -v "${PWD}/mac_hdd_ng.img:/image" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -p 50922:10022 \ -e NOPICKER=true \ -e GENERATE_UNIQUE=true \ -e GENERATE_SPECIFIC=true \ -e DEVICE_MODEL="iMacPro1,1" \ -e BOOTDISK=/bootdisk \ -v "${PWD}/C02TW0WAHX87.qcow:/bootdisk" \ -v "${PWD}/C02TW0WAHX87.env:/env" \ -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \ sickcodes/docker-osx:auto # a naked run using the testing image # this tests that on each run it should use a random serial number set. # no persistent env information # DONT USE THIS IF YOU WANT TO HAVE ONE DEVICE docker run -it \ --device /dev/kvm \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -p 50922:10022 \ -e NOPICKER=true \ -e GENERATE_UNIQUE=true \ -e DEVICE_MODEL="iMacPro1,1" \ -v "${PWD}/mac_hdd_ng_testing.img:/image" \ sickcodes/docker-osx:naked until [[ "$(sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber')" = ' | "IOPlatformSerialNumber" = "xxxxxxxxxxxxx"' ]]; do sleep 1 done docker run -it \ --device /dev/kvm \ -v "${PWD}/mac_hdd_ng.img:/image" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -p 50922:10022 \ -e NOPICKER=true \ -e GENERATE_UNIQUE=true \ -e DEVICE_MODEL="iMacPro1,1" \ -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \ sickcodes/docker-osx:auto ``` --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

adam added the pull-request label 2025-12-29 01:24:48 +01:00

adam closed this issue 2025-12-29 01:24:48 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

tahoe

sequoia

runtime-download

mouse-fix

sonoma

ventura

naked-vnc-legacy-patch

persistent

rollback-naked

shrink-naked

mojave-high-sierra

libguestfs-linux-hold

netdev

stock-images-in-dockerfile

monterey

naked-auto

cpu-max-features

glibc-revert-wip

file-downgrade-all-images

osx-serial-update

custom-plist-always

custom-identity

No results found.

Labels

Clear labels

bug

documentation

enhancement

following upstream developments

good first issue

help wanted

invalid

pull-request

Mirrored from GitHub Pull Request

question

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/Docker-OSX#714