Doesn't work on Mojave 10.14

[uyjulian]

Nothing shows up in OBS even when injected

[zakk4223]

It does work in Mojave, I've tested the standalone SyphonInject application+injection package.

There are a few cases where it may not work, the two big ones being:

1. The application renders using Metal, which SyphonInject doesn't support yet.
2. The application was signed with extra security (library validation) which may block the injection.

On Mojave injecting a process will more than likely trigger a permission dialog for 'controlling' the target application.

There was at least one report of OBS having issues with SyphonInject in High Sierra. Without knowing which applications are involved it is hard to determine if the problem is with OBS or something else

[uyjulian]

I tried the Syphon Simple Apps -> Simple Client, and it didn't show up there either.
When I select my application and hit "Inject", I get a prompt, so I selected the rightmost button. It doesn't work.
The Syphon Simple Apps -> Simple Server + Syphon Simple Apps -> Simple Client works just fine.
I also used the package from http://krylon.rsdio.com/zakk/syphoninject/SyphonInject-current.zip and it did not work either.
I'm using renpy as the process to inject.
I'm running Mojave 10.14.1 Beta (18B45d).

[zakk4223]

I just realized my main development environment is perhaps not a good test, as I forgot it has a few security features disabled.

Indeed, it doesn't work on my laptop running 10.14. Apple closed the 'loophole' that let injection work. It'll work if you disable SIP, but that's a really really bad idea. The days of SyphonInject may be over

[uyjulian]

You don't need to disable SIP entirely. You can open Utilities -> Terminal in Recovery Mode then do csrutil disable;csrutil enable --without debug
If you also want to run any kext you want, you can do csrutil disable;csrutil enable --without debug,kext

[ozzy4812]

If I type this in terminal will it allow syphon inject to work?

[uyjulian]

You can open Utilities -> Terminal in Recovery Mode

[ozzy4812]

I’m confused at what you just commented can u comment it again?

[uyjulian]

Restart your computer while holding Command-R. Wait for it to show the apple logo. Once the menus are shown, click "Utilities" then click "Terminal". Type csrutil disable;csrutil enable --without debug,kext then hit return. Now you can click Apple menu -> restart.

[ozzy4812]

What is dangerous about disabling it, I really want syphon inject to work but I don’t want the effect of disabling it to harm my Mac?

[uyjulian]

Any program not signed by Apple can run on your Mac.
As long as you know what you are downloading and what you are running, you should be fine.

[ozzy4812]

Alright, what about games like fortnite and Minecraft are they safe to run, also is there any chance disabling it could cause viruses?

[ozzy4812]

Lastly if I partially disable it will it work with syphon inject and also if it’s partially disabled what can it protect that disabling can’t protect

[ozzy4812]

How do you partially disable system integrity protection because I want my Mac to be as safe as it can be while syphon works

[uyjulian]

You partially disable it with csrutil disable;csrutil enable --without debug,kext

[ozzy4812]

Is it safe to leave it partially disabled?

[uyjulian]

Yes

[ozzy4812]

Alright 2 more questions then I’ll stop buggin ya lol, the first one is fortnite and Minecraft and other games like those safe to run with it partially disabled and the second is what’s different about leaving it partially disabled and will i need to restart my computer when I partially disable it

[uyjulian]

1. yes
2. some security features that block SyphonInject are disabled
3. yes

[zakk4223]

I'm not even sure SyphonInject will work with Fortnite, since I believe it uses Metal

[ozzy4812]

Oh ok so your saying just disabling it partially will let syphon inject run and cause no harm to my computer?

[uyjulian]

yes

[ozzy4812]

Zakk are you the developer of syphon inject?

[uyjulian]

yes he is

[zakk4223]

yes

[ozzy4812]

Is there any chance you are going to be able to fix syphon inject zakk because I rely on it when I stream

[ozzy4812]

And/or record

[uyjulian]

Disabling SIP is the "fix" for Mojave.

[ozzy4812]

Alright, I’m just worried it’s going to cause harm to my computer is all lol but I believe partially disabling it is better and more safer then disabling it is that correct?

[uyjulian]

Yes, I said that multiple times

[ozzy4812]

Alright thank you for the help

[ozzy4812]

Hello again, So i tried doing it and it says failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.

[uyjulian]

Restart your computer while holding Command-R. Wait for it to show the apple logo. Once the menus are shown, click "Utilities" then click "Terminal". Type csrutil disable;csrutil enable --without debug,kext then hit return. Now you can click Apple menu -> restart.

[ozzy4812]

I didn't see what you commented just now? could u send it again please

[uyjulian]

Restart your computer while holding Command-R. Wait for it to show the apple logo. Once the menus are shown, click "Utilities" then click "Terminal". Type csrutil disable;csrutil enable --without debug,kext then hit return. Now you can click Apple menu -> restart.

[ozzy4812]

I tried restarting it while holding command R and when i did that it just restarted my computer and didn't show any menus? what is it called doing the first step i might try to google it and see if i can find a way to do it

[uyjulian]

https://www.google.com/search?q=macos+disable+sip

[ozzy4812]

Is it under disk utility? Where I find terminal

[ozzy4812]

Nvm found it

[ozzy4812]

For the without part is there a space after the without part to the debug and the Kext thing do I put syphon inject instead or do I leave it kext

[uyjulian]

yes, leave it kext

[gsquaredxc]

Seemly still doesn't work, SIP is disabled.

[uyjulian]

Check your SIP settings again, and try Syphon Simple Server and connect your application. https://github.com/Syphon/Simple/releases/download/version-3/Syphon.Simple.Apps.3.zip

If Syphon Simple Server does not work with your application (such as OBS), it's a problem with your application, not SyphonInject.
If you checked your SIP settings and SyphonInject doesn't work, it's a problem with your injected application (Metal isn't supported IIRC)

[gsquaredxc]

Current config:

Configuration:
	Apple Internal: disabled
	Kext Signing: disabled
	Filesystem Protections: enabled
	Debugging Restrictions: disabled
	DTrace Restrictions: enabled
	NVRAM Protections: enabled
	BaseSystem Verification: enabled

I'm currently on macOS 10.14.1

[uyjulian]

Yes, that config should work.

[gsquaredxc]

Ok, so syphon works, as I see the option in the dropdown menu of OBS and the client confirms it works fine, but OBS isn't playing nicely and just leaves a black screen. It can't even show the server.

[uyjulian]

It appears to be an OBS problem, not a SyphonInject problem.

[fmoraes74]

Indeed, it doesn't work on my laptop running 10.14. Apple closed the 'loophole' that let injection work. It'll work if you disable SIP, but that's a really really bad idea. The days of SyphonInject may be over

@zakk4223 Can you comment why you say it doesn't work? I have an injection code using mach_inject that works from the command line, so I am wondering what is different with SyphonInject which is not working

[zakk4223]

If mach_inject is working on 10.14 then you have SIP disabled (or at least partially disabled). If mach_inject works, SyphonInject should work too. Although I've not kept up with it on every Mojave release so it is possible something else has broken.

Trying to do runtime code injection on macOS going forward isn't worth the effort really; I'm not willing to openly tell people to disable SIP and with library validation/hardened runtime starting to become the default it is pointless anyways.

SyphonInject uses a Scripting Addition to load the code into the process at runtime. Pre Mojave this wasn't covered by SIP, but apple finally caught up and made SIP protect that mechanism. With SIP debug protections disabled it should still work as long as the binary doesn't have library validation enabled.

[fmoraes74]

Is it possible to load the addition without Scripting Addition like mach_inject does with its Mono injection and shared library injection?

[zakk4223]

It is possible, but it would require quite a refactor to maintain all the functionality. Most of the control functionality relied on AppleScript events, which will no longer work.

It would also need to be split up into a privileged launchd daemon, since task_for_pid() is restricted to privileged processes

[fmoraes74]

So there is no shared library that implements the server that can be injected? Just wondering as I didn't dig deep into how the injection worked in the current version.

[zakk4223]

There is a bundle that the Scripting Addition extension loads. It might require a bit of changes to work via mach_inject_bundle. If I remember right the main hook is triggered via an objective-c class +load method and I'm not sure that necessarily gets run without extra poking.

[x11joe]

Does this still work with catalina or big sur?