macOS on the M1 processor seems to prevent modified binaries from running. For instance, a simple C hello world:
#import <stdio.h>
int main(void) {
printf("Hello World!\n");
}
If I compile this with Clang and run it, everything works as expected. However, if I go into a hex editor and change the 'H' => 'h' (or something else trivial), the the kernel immediately sends a SIGKILL, i.e.
➜ ~ ✗ ./a.out
[1] 943 killed ./a.out
I assume this is due to the fact that there are heavier codesigning restrictions on the M1 (https://eclecticlight.co/2020/08/22/apple-silicon-macs-will-require-signed-code/), but if I try to sign the modified binary with a self-signed cert, I get a fairly non-descript error:
➜ ~ ✗ codesign -s zbaylin a.out
a.out: the codesign_allocate helper tool cannot be found or used
I know codesign_allocate is in my PATH, and I am able to sign unmodified executables, but any binary that has been modified refuses to sign.
Is there any way to sign these binaries, or disable the signature checks temporarily? I should mention that all of this works on my 2019 MacBook Pro (x86, obviously), so I think it has something to do with the M1 in particular.
Thanks!
It's a known bug in the codesign tool. To work around it, make a copy of your modified executable, sign the copy, then replace the original executable with the signed copy and it should work.
For more details, see here.