Skip to content

csrstat-NG v2.0 - Enhanced SIP Analysis with Universal Binary

Latest
Latest

Choose a tag to compare

View all tags
@startergo startergo released this 26 Aug 18:18
v2.0
5bb1bb0

csrstat-NG v2.0 - Enhanced System Integrity Protection Analysis

🚀 Major Enhancements

Historically Accurate SIP Analysis

  • Version-specific CSR disable values based on Apple XNU kernel source research
  • 0x67 for macOS Catalina and earlier (dynamic CSR logic era)
  • 0x6F for macOS Big Sur and later (static CSR_DISABLE_FLAGS constant era)
  • Complete CSR flag evolution timeline from El Capitan through current versions

Apple XNU Kernel Source Integration

  • Definitions match Apple's official XNU kernel implementation
  • Based on comprehensive analysis of historical XNU sources (newosxbook.com archives)
  • Discovery that Apple used dynamic CSR calculation before Big Sur introduced static constants
  • Accurate handling of kernel debugger flag inclusion changes between macOS versions

Universal Binary Support

  • ARM64 + x86_64 architecture support in single binary
  • Works natively on both Intel and Apple Silicon Macs
  • Optimized compilation with macOS SDK integration

🔍 Key Features

  • Accurate SIP Flag Analysis - Shows proper binary bit states (0/1)
  • Enhanced Flag Descriptions - Proper categorization of always-enforced, retail-enforced, and internal-only flags
  • Third-Party Kext Analysis - Comprehensive analysis for any third-party kext loading requirements
  • csrutil Command Reference - Shows exact csrutil commands for each protection
  • Clean Output Formatting - Properly aligned columns for easy reading

💾 Installation & Usage

# Download and make executable
chmod +x csrstat
./csrstat

📚 Technical Notes

Architecture-Specific CSR Storage

  • Intel Systems: NVRAM variable csr-active-config
  • Apple Silicon: Device Tree lp-sip0 entry under /chosen/asmb

Historical CSR Evolution Discovery

Analysis of Apple XNU kernel sources revealed that CSR_DISABLE_FLAGS constant didn't exist until Big Sur. Earlier versions used dynamic calculation logic, explaining the different disable values between macOS versions.

🎯 Credits

  • Original Author: Pike R. Alpha (2015-2017)
  • Enhanced by: Joss Brown (2017-2018)
  • Further Enhanced by: Startergo (2021-2025)
  • XNU Kernel Research: Based on Apple's official XNU implementation analysis
Assets 3
Loading