Skip to content

Releases: startergo/csrstat-NG

csrstat-NG v2.0 - Enhanced SIP Analysis with Universal Binary

26 Aug 18:18
@startergo startergo
v2.0
5bb1bb0

Choose a tag to compare

View all tags
csrstat-NG v2.0 - Enhanced SIP Analysis with Universal Binary Latest
Latest

csrstat-NG v2.0 - Enhanced System Integrity Protection Analysis

🚀 Major Enhancements

Historically Accurate SIP Analysis

  • Version-specific CSR disable values based on Apple XNU kernel source research
  • 0x67 for macOS Catalina and earlier (dynamic CSR logic era)
  • 0x6F for macOS Big Sur and later (static CSR_DISABLE_FLAGS constant era)
  • Complete CSR flag evolution timeline from El Capitan through current versions

Apple XNU Kernel Source Integration

  • Definitions match Apple's official XNU kernel implementation
  • Based on comprehensive analysis of historical XNU sources (newosxbook.com archives)
  • Discovery that Apple used dynamic CSR calculation before Big Sur introduced static constants
  • Accurate handling of kernel debugger flag inclusion changes between macOS versions

Universal Binary Support

  • ARM64 + x86_64 architecture support in single binary
  • Works natively on both Intel and Apple Silicon Macs
  • Optimized compilation with macOS SDK integration

🔍 Key Features

  • Accurate SIP Flag Analysis - Shows proper binary bit states (0/1)
  • Enhanced Flag Descriptions - Proper categorization of always-enforced, retail-enforced, and internal-only flags
  • Third-Party Kext Analysis - Comprehensive analysis for any third-party kext loading requirements
  • csrutil Command Reference - Shows exact csrutil commands for each protection
  • Clean Output Formatting - Properly aligned columns for easy reading

💾 Installation & Usage

# Download and make executable
chmod +x csrstat
./csrstat

📚 Technical Notes

Architecture-Specific CSR Storage

  • Intel Systems: NVRAM variable csr-active-config
  • Apple Silicon: Device Tree lp-sip0 entry under /chosen/asmb

Historical CSR Evolution Discovery

Analysis of Apple XNU kernel sources revealed that CSR_DISABLE_FLAGS constant didn't exist until Big Sur. Earlier versions used dynamic calculation logic, explaining the different disable values between macOS versions.

🎯 Credits

  • Original Author: Pike R. Alpha (2015-2017)
  • Enhanced by: Joss Brown (2017-2018)
  • Further Enhanced by: Startergo (2021-2025)
  • XNU Kernel Research: Based on Apple's official XNU implementation analysis
Assets 3
Loading

csrstat

16 Jan 01:23
@startergo startergo
version_1.0.1
6c62b68
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
csrstat

Reset disable/enable statements to reflect the bit change.

Loading

csrstat

02 Oct 21:19
@startergo startergo
version_1.0.0
0c87806
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
csrstat

Utility for checking the status of the system integrity protection in Big Sur.
Apple only shows few of the bits, but not all. For instance SIP=0x00000FFF(on Apple hardware) Or SIP=0x00000FEF (On Hack or Apple internal hardware/software) will look like this. For csrutil status Apple shows:

Configuration:
	Apple Internal
	Kext Signing
	Filesystem Protections
	Debugging Restrictions
	DTrace Restrictions
	NVRAM Protections
	BaseSystem Verification

Csrstat shows:


        Kext Signing			1 
	Filesystem Protections		1 
	Debugging Restrictions		1 
	Kernel Debugging Restrictions	1 
	Apple Internal			0 
	DTrace Restrictions		1 
	NVRAM Protections		1 
	Device Configuration		1 
	BaseSystem Verification		1 
	Unapproved Kexts Restrictions	1 
	Executable Policy		1 
	Unauthenticated Root		1
Loading