This script hooks into macOS amfid to grant restricted entitlements to selected executables. Tested on macOS 15.4.
Only disabling Debugging Restrictions (ALLOW_TASK_FOR_PID) is
required and other SIP restrictions can be left enabled:
James Gill JJTech0130
JJTech0130
/ usbmuxd.lua
Last active
May 7, 2026 20:30
— forked from axelkar/usbmuxd.lua
Usbmuxd protocol dissector for Wireshark. Passes TCP to Wireshark's built-in TCP dissector
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local proto_usbmuxd = Proto("usbmuxd", "Usbmuxd Protocol") | |
| proto_usbmuxd.fields.protocol = ProtoField.uint32("usbmuxd.protocol", "Message Kind", base.DEC) | |
| proto_usbmuxd.fields.length = ProtoField.uint32("usbmuxd.length", "Length", base.DEC) | |
| proto_usbmuxd.fields.magic = ProtoField.uint32("usbmuxd.magic", "Magic", base.HEX) | |
| proto_usbmuxd.fields.tx_seq = ProtoField.uint16("usbmuxd.tx_seq", "Transmit sequence", base.DEC) | |
| proto_usbmuxd.fields.rx_seq = ProtoField.uint16("usbmuxd.rx_seq", "Receive sequence", base.DEC) | |
| proto_usbmuxd.fields.version_major = ProtoField.uint32("usbmuxd.version_major", "Major version", base.DEC) | |
| proto_usbmuxd.fields.version_minor = ProtoField.uint32("usbmuxd.version_minor", "Minor version", base.DEC) |
JJTech0130
/ README.md
Created
March 3, 2026 13:15
— forked from zhaofengli/README.md
Selectively bypass entitlement validation by debugging amfid