Merge branch 'local-test'

config.json

@@ -30,7 +30,9 @@
       "bridgeFile": "/Contents/Frameworks/",
       "injectFile": "Bugsnag.framework/Versions/A/Bugsnag",
       "needCopyToAppDir": true,
-      "extraShell": "surgeAgent.sh"
+      "noSignTarget": true,
+      "extraShell": "surgeAgent.sh",
+      "useOptool": true
     },
     {
       "packageName": "com.globaldelight.Boom3D-setapp",
@@ -150,7 +152,14 @@
       "needCopyToAppDir": true,
       "deepSignApp": true,
       "injectFile": "AliyunOSSOSX.framework/Versions/A/AliyunOSSOSX",
-      "tccutil": ["All", "AddressBook", "Calendar", "Reminders", "ScreenCapture", "Accessibility"]
+      "tccutil": [
+        "All",
+        "AddressBook",
+        "Calendar",
+        "Reminders",
+        "ScreenCapture",
+        "Accessibility"
+      ]
     },
     {
       "packageName": "com.parallels.desktop.console",
@@ -174,7 +183,12 @@
       "noDeep": true,
       "deepSignApp": true,
       "injectFile": "Sparkle.framework/Versions/A/Sparkle",
-      "tccutil": ["All", "Camera", "Microphone", "ScreenCapture"]
+      "tccutil": [
+        "All",
+        "Camera",
+        "Microphone",
+        "ScreenCapture"
+      ]
     },
     {
       "packageName": "com.pixelmatorteam.pixelmator.touch.x.photo",
@@ -222,15 +236,17 @@
       "needCopyToAppDir": true,
       "deepSignApp": true,
       "extraShell": "stashAgent.sh",
-      "tccutil": ["All"]
+      "tccutil": [
+        "All"
+      ]
     },
     {
       "packageName": "com.firecore.infuse",
       "injectFile": "GZIP.framework/Versions/A/GZIP",
       "needCopyToAppDir": true,
-      "noDeep": true,
-      "deepSignApp": true,
-      "entitlements": "signkeep.xml"
+      "entitlements": "signkeep.xml",
+      "useOptool": true,
+      "deepSignApp": true
     },
     {
       "packageName": "com.coderforart.MWeb3",
@@ -243,28 +259,48 @@
       "needCopyToAppDir": true,
       "deepSignApp": true,
       "injectFile": "NektonyFallManager.framework/Versions/A/NektonyFallManager",
-      "tccutil": ["All", "AddressBook", "Reminders", "Photos", "AppleEvents"]
+      "tccutil": [
+        "All",
+        "AddressBook",
+        "Reminders",
+        "Photos",
+        "AppleEvents"
+      ]
     },
     {
       "packageName": "com.nektony.MacCleaner-PRO-SIII",
       "needCopyToAppDir": true,
       "deepSignApp": true,
       "injectFile": "Sparkle.framework/Versions/A/Sparkle",
-      "tccutil": ["All", "AddressBook", "Calendar", "Reminders", "Photos", "AppleEvents"]
+      "tccutil": [
+        "All",
+        "AddressBook",
+        "Calendar",
+        "Reminders",
+        "Photos",
+        "AppleEvents"
+      ]
     },
     {
       "packageName": "com.nektony.Disk-Expert-SIII",
       "needCopyToAppDir": true,
       "deepSignApp": true,
       "injectFile": "Sparkle.framework/Versions/A/Sparkle",
-      "tccutil": ["All", "Reminders", "Photos"]
+      "tccutil": [
+        "All",
+        "Reminders",
+        "Photos"
+      ]
     },
     {
       "packageName": "com.nektony.Duplicate-File-Finder-SIII",
       "needCopyToAppDir": true,
       "deepSignApp": true,
       "injectFile": "Sparkle.framework/Versions/A/Sparkle",
-      "tccutil": ["All", "Photos"]
+      "tccutil": [
+        "All",
+        "Photos"
+      ]
     },
     {
       "packageName": "li.zihua.medis2",
@@ -286,7 +322,12 @@
       "deepSignApp": true,
       "injectFile": "TSCAccount.framework/Versions/A/TSCAccount",
       "extraShell": "camtasia.sh",
-      "tccutil": ["Camera", "Microphone", "ScreenCapture", "All"]
+      "tccutil": [
+        "Camera",
+        "Microphone",
+        "ScreenCapture",
+        "All"
+      ]
     },
     {
       "packageName": "me.damir.dropover-mac",
@@ -534,7 +575,12 @@
       "packageName": "com.mac.utility.screen.recorder",
       "bridgeFile": "/Contents/MacOS/",
       "injectFile": "OmniRecorder",
-      "tccutil": ["All", "Camera", "Microphone", "ScreenCapture"]
+      "tccutil": [
+        "All",
+        "Camera",
+        "Microphone",
+        "ScreenCapture"
+      ]
     },
     {
       "packageName": "com.mac.utility.media.player",
@@ -682,14 +728,24 @@
       "injectFile": "Paste",
       "needCopyToAppDir": true,
       "deepSignApp": true,
-      "tccutil": ["All", "Camera", "Microphone", "ScreenCapture"]
+      "tccutil": [
+        "All",
+        "Camera",
+        "Microphone",
+        "ScreenCapture"
+      ]
     },
     {
       "packageName": "cn.better365.ishot",
       "injectFile": "PTHotKey.framework/Versions/A/PTHotKey",
       "needCopyToAppDir": true,
       "deepSignApp": true,
-      "tccutil": ["All", "Camera", "Microphone", "ScreenCapture"]
+      "tccutil": [
+        "All",
+        "Camera",
+        "Microphone",
+        "ScreenCapture"
+      ]
     },
     {
       "packageName": "com.drbuho.BuhoCleaner",
@@ -699,7 +755,9 @@
       "deepSignApp": true,
       "entitlements": "signkeep.xml",
       "extraShell": "buhoCleanerAgent.sh",
-      "tccutil": ["All"]
+      "tccutil": [
+        "All"
+      ]
     },
     {
       "packageName": "org.qcad",
@@ -741,7 +799,9 @@
       "bridgeFile": "/Contents/MacOS/",
       "needCopyToAppDir": true,
       "deepSignApp": true,
-      "tccutil": ["All"]
+      "tccutil": [
+        "All"
+      ]
     },
     {
       "packageName": "com.zeroonetwenty.BlueHarvest5",
@@ -780,7 +840,9 @@
       "bridgeFile": "/Contents/MacOS/",
       "needCopyToAppDir": true,
       "deepSignApp": true,
-      "tccutil": ["All"]
+      "tccutil": [
+        "All"
+      ]
     },
     {
       "packageName": "com.setapp.DesktopClient",
@@ -1059,7 +1121,9 @@
       "deepSignApp": true,
       "injectFile": "Sparkle.framework/Versions/A/Sparkle",
       "extraShell": "aldenteAgent.sh",
-      "tccutil": ["All"]
+      "tccutil": [
+        "All"
+      ]
     }
   ]
 }

main.py

@@ -6,7 +6,6 @@ import shutil
 from pathlib import Path
 import time
 
-
 def read_input(prompt):
     return input(prompt).strip().lower()
 

tool/Patch.json

@@ -1,21 +1,4 @@
 {
-  "surge": {
-    "locate": [
-      "/Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper"
-    ],
-    "arm": "FF C3 02 D1 FA 67 06 A9 F8 5F 07 A9 F6 57 08 A9 F4 4F 09 A9 FD 7B 0A A9 FD 83 02 91 F3 03 00 AA BF 83 1B F8 19 01 00 B0 20 ?? 43 F9 62 12 40 F9 ?? ?? 00 94 A2 23 01 D1 01 00 80 52 ?? ?? 00 94 C0 00 00 F0 00 ?? ?? 91 E2 43 01 91 01 00 80 52 ?? ?? 00 94 A0 83 5B F8 E2 2B 40 F9 81 00 80 52 ?? ?? 00 94 F5 03 00 AA A0 83 5B F8 ?? ?? 00 94 E0 2B 40 F9 ?? ?? 00 94 C0 00 00 F0 00 ?? ?? 91 E2 43 01 91 01 00 80 52",
-    "x86": "55 48 89 E5 41 57 41 56 41 55 41 54 53 48 83 EC 58 48 89 FB 4C 8D 7D C0 49 C7 07 00 00 00 00 48 8B 3D ?? ?? ?? 00 48 8B 53 20 48 8B 35 ?? ?? 01 00 4C 8B 35 ?? ?? 01 00 41 FF D6 48 89 C7 31 F6 4C 89 FA E8 ?? ?? 01 00 48 8D 3D ?? ?? 01 00 4C 8D 65 C8 31 F6 4C 89 E2 E8 ?? ?? 01 00 49 8B 3F 49 8B 14 24 BE 04 00 00 00 E8 ?? ?? 01 00 89 45 BC 49 8B 3F E8 ?? ?? 01 00 49 8B 3C 24 E8 ?? ?? 01 00 48 8D 3D ?? ?? 01 00 31 F6 4C 89 E2 E8 ?? ?? 01 00",
-    "out": "surge.sh",
-    "replaceIntel": "{{==intel==}}",
-    "replaceARM": "{{==arm64==}}"
-  },
-  "stash": {
-    "locate": [
-      "/Applications/Stash.app/Contents/Library/LaunchServices/ws.stash.app.mac.daemon.helper"
-    ],
-    "out": "stash.sh",
-    "fixPlist": true
-  },
   "cmmx": {
     "locate": [
       "/Applications/CleanMyMac X.app/Contents/Library/LaunchServices/com.macpaw.CleanMyMac4.Agent"

tool/Setapps/airBuddyAgent.sh

@@ -1,8 +1,7 @@
 tccutil reset All codes.rambo.AirBuddy-setapp
 helper="/Applications/Setapp/AirBuddy.app/Contents/Library/LaunchServices/codes.rambo.AirBuddy.Installer"
 backup="${helper}_backup"
-if [ -e "$backup" ];
-then
+if [ -e "$backup" ]; then
   echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
   rm "$helper"
   cp "$backup" "$helper"
@@ -12,7 +11,7 @@ else
 fi
 echo "准备自动计算Helper偏移参数..."
 cp ./tool/Setapps/airbuddy_x.sh ./tool/Setapps/airbuddy.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter airbuddy
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter airbuddy
 sh ./tool/Setapps/airbuddy.sh
 rm ./tool/Setapps/airbuddy.sh

tool/Setapps/batteriesAgent.sh

@@ -1,8 +1,7 @@
 tccutil reset All io.fadel.Batteries-setapp
 helper="/Applications/Setapp/Batteries.app/Contents/Library/LoginItems/io.fadel.Batteries-setapp.Helper.app/Contents/MacOS/io.fadel.Batteries-setapp.Helper"
 backup="${helper}_backup"
-if [ -e "$backup" ];
-then
+if [ -e "$backup" ]; then
   echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
   rm "$helper"
   cp "$backup" "$helper"
@@ -12,7 +11,7 @@ else
 fi
 echo "准备自动计算Helper偏移参数..."
 cp ./tool/Setapps/batteries_x.sh ./tool/Setapps/batteries.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter batteries
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter batteries
 sh ./tool/Setapps/batteries.sh
 rm ./tool/Setapps/batteries.sh

tool/Setapps/cmmxSetAppAgent.sh

@@ -2,13 +2,11 @@ tccutil reset All com.macpaw.CleanMyMac-setapp
 helper="/Applications/CleanMyMac.app/Contents/Library/LaunchServices/com.macpaw.CleanMyMac-setapp.Agent"
 helper2="/Applications/CleanMyMac.app/Contents/Library/LoginItems/CleanMyMac Menu.app/Contents/Library/LaunchServices/com.macpaw.CleanMyMac-setapp.Agent"
 helpers=("$helper" "$helper2")
-for helper in "${helpers[@]}";
-do
+for helper in "${helpers[@]}"; do
   # 拼接备份文件的路径
   backup="${helper}_backup"
   # 判断是否存在备份文件
-  if [ -e "$backup" ];
-  then
+  if [ -e "$backup" ]; then
     echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
     rm "$helper"
     cp "$backup" "$helper"
@@ -19,7 +17,7 @@ do
 done
 echo "准备自动计算Helper偏移参数..."
 cp ./tool/Setapps/cmmsetapp_o.sh ./tool/Setapps/cmmsetapp.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter cmmxsetapp
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter cmmxsetapp
 sh ./tool/Setapps/cmmsetapp.sh
 rm ./tool/Setapps/cmmsetapp.sh

tool/Setapps/proxyManSetappAgent.sh

@@ -1,8 +1,7 @@
 tccutil reset All com.proxyman.NSProxy-setapp
 helper="/Applications/Setapp/Proxyman.app/Contents/Library/LaunchServices/com.proxyman.NSProxy.HelperTool"
 backup="${helper}_backup"
-if [ -e "$backup" ];
-then
+if [ -e "$backup" ]; then
   echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
   rm "$helper"
   cp "$backup" "$helper"
@@ -12,7 +11,7 @@ else
 fi
 echo "准备自动计算Helper偏移参数..."
 cp ./tool/Setapps/proxyman_o.sh ./tool/Setapps/proxyman.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter proxymansetapp
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter proxymansetapp
 sh ./tool/Setapps/proxyman.sh
 rm ./tool/Setapps/proxyman.sh

tool/aldenteAgent.sh

@@ -1,7 +1,6 @@
 helper="/Applications/AlDente.app/Contents/Library/LaunchServices/com.apphousekitchen.aldente-pro.helper"
 backup="${helper}_backup"
-if [ -e "$backup" ];
-then
+if [ -e "$backup" ]; then
   echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
   rm "$helper"
   cp "$backup" "$helper"
@@ -11,7 +10,7 @@ else
 fi
 echo "准备自动计算Helper偏移参数..."
 cp ./tool/aldente_x.sh ./tool/aldente.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter aldente
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter aldente
 sh ./tool/aldente.sh
 rm ./tool/aldente.sh

tool/buhoCleanerAgent.sh

@@ -1,7 +1,6 @@
 helper="/Applications/BuhoCleaner.app/Contents/Library/LaunchServices/com.drbuho.BuhoCleaner.PrivilegedHelperTool"
 backup="${helper}_backup"
-if [ -e "$backup" ];
-then
+if [ -e "$backup" ]; then
   echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
   rm "$helper"
   cp "$backup" "$helper"
@@ -11,7 +10,7 @@ else
 fi
 echo "准备自动计算Helper偏移参数..."
 cp ./tool/buhoCleaner_x.sh ./tool/buhoCleaner.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter buhoCleaner
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter buhoCleaner
 sh ./tool/buhoCleaner.sh
 rm ./tool/buhoCleaner.sh

tool/cmmxAgent.sh

@@ -1,10 +1,9 @@
-
 echo "准备自动计算Helper偏移参数..."
 
 cp ./tool/cmm_o.sh ./tool/cmm.sh
 
-chmod +x ./tool/QAQ_GenshineImpactStarter
+chmod +x ./tool/GenShineImpactStarter
 
-./tool/QAQ_GenshineImpactStarter cmmx
+./tool/GenShineImpactStarter cmmx
 
 sh ./tool/cmm.sh

tool/proxyManAgent.sh

@@ -1,11 +1,10 @@
-
 echo "准备自动计算Helper偏移参数..."
 
 cp ./tool/proxyman_o.sh ./tool/proxyman.sh
 
-chmod +x ./tool/QAQ_GenshineImpactStarter
+chmod +x ./tool/GenShineImpactStarter
 
-./tool/QAQ_GenshineImpactStarter proxyman
+./tool/GenShineImpactStarter proxyman
 
 sh ./tool/proxyman.sh
 

tool/senseiAgent.sh

@@ -1,8 +1,7 @@
 tccutil reset All org.cindori.Sensei
 helper="/Applications/Sensei.app/Contents/Library/LaunchServices/org.cindori.SenseiHelper"
 backup="${helper}_backup"
-if [ -e "$backup" ];
-then
+if [ -e "$backup" ]; then
   echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
   rm "$helper"
   cp "$backup" "$helper"
@@ -12,7 +11,7 @@ else
 fi
 echo "准备自动计算Helper偏移参数..."
 cp ./tool/sensei_x.sh ./tool/sensei.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter sensei
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter sensei
 sh ./tool/sensei.sh
 rm ./tool/sensei.sh

tool/stashAgent.sh

@@ -1,7 +1,6 @@
 helper="/Applications/Stash.app/Contents/Library/LaunchServices/ws.stash.app.mac.daemon.helper"
 backup="${helper}_backup"
-if [ -e "$backup" ];
-then
+if [ -e "$backup" ]; then
   echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
   rm "$helper"
   cp "$backup" "$helper"
@@ -10,8 +9,20 @@ else
   cp "$helper" "$backup"
 fi
 echo "准备自动计算Helper偏移参数..."
-cp ./tool/stash_x.sh ./tool/stash.sh
-chmod +x ./tool/QAQ_GenshineImpactStarter
-./tool/QAQ_GenshineImpactStarter stash
-sh ./tool/stash.sh
-rm ./tool/stash.sh
+
+chmod +x ./tool/GenShineImpactStarter
+./tool/GenShineImpactStarter "$helper"
+
+echo "是否全新安装Stash?"
+echo "这将删除你的默认配置信息.请先备份配置信息到其他位置."
+read -p "(y/n,默认n):" option
+if [ $option = 'y' ]; then #判断用户是否输入，如果未输入则打印error
+  sudo /bin/launchctl unload /Library/LaunchDaemons/ws.stash.app.mac.daemon.helper.plist
+  sudo /bin/rm /Library/LaunchDaemons/ws.stash.app.mac.daemon.helper.plist
+  sudo /bin/rm /Library/PrivilegedHelperTools/ws.stash.app.mac.daemon.helper
+fi
+xattr -c '/Applications/Stash.app'
+src_info='/Applications/Stash.app/Contents/Info.plist'
+/usr/libexec/PlistBuddy -c "Set :SMPrivilegedExecutables:ws.stash.app.mac.daemon.helper \"identifier \\\"ws.stash.app.mac.daemon.helper\\\"\"" "$src_info"
+codesign -f -s - --all-architectures --deep /Applications/Stash.app/Contents/Library/LaunchServices/ws.stash.app.mac.daemon.helper
+codesign -f -s - --all-architectures --deep /Applications/Stash.app

tool/stash_x.sh

@@ -1,13 +0,0 @@
-echo "是否全新安装Stash?"
-echo "这将删除你的默认配置信息.请先备份配置信息到其他位置."
-read -p "(y/n,默认n):" option
-if [ $option = 'y' ]; then #判断用户是否输入，如果未输入则打印error
-  sudo /bin/launchctl unload /Library/LaunchDaemons/ws.stash.app.mac.daemon.helper.plist
-  sudo /bin/rm /Library/LaunchDaemons/ws.stash.app.mac.daemon.helper.plist
-  sudo /bin/rm /Library/PrivilegedHelperTools/ws.stash.app.mac.daemon.helper
-fi
-xattr -c '/Applications/Stash.app'
-src_info='/Applications/Stash.app/Contents/Info.plist'
-/usr/libexec/PlistBuddy -c "Set :SMPrivilegedExecutables:ws.stash.app.mac.daemon.helper \"identifier \\\"ws.stash.app.mac.daemon.helper\\\"\"" "$src_info"
-codesign -f -s - --all-architectures --deep /Applications/Stash.app/Contents/Library/LaunchServices/ws.stash.app.mac.daemon.helper
-codesign -f -s - --all-architectures --deep /Applications/Stash.app

tool/surge copy.sh

@@ -1,70 +0,0 @@
-echo "是否全新安装Surge?"
-echo "这将删除你的默认配置信息.请先备份配置信息到其他位置."
-read -p "(y/n,默认n):" option 
-if [ $option = 'y' ];then             #判断用户是否输入，如果未输入则打印error
-  # declare user=$(whoami)
-  sudo /bin/launchctl unload /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
-  # sudo /usr/bin/killall -u root -9 com.nssurge.surge-mac.helper
-  sudo /bin/rm /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
-  sudo /bin/rm /Library/PrivilegedHelperTools/com.nssurge.surge-mac.helper
-
-  sudo rm -rf ~/Library/Preferences/com.nssurge.surge-mac.plist
-  sudo rm -rf ~/Library/Application\ Support/com.nssurge.surge-mac
-else
-  echo "非全新安装,跳过清除。"
-fi
-
-echo "感谢QQ 302****398 用户无偿提供授权信息。"
-echo "大胆！检测到你在用盗版软件，这可能会危害你的设备！甚至被国家安全局和保密处就地正法，请三思！"
-
-helper='/Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper'
-
-echo "正在定位你的Mac物理地址...GPS定位中...你跑不掉了! 即将联系Surge开发者发送你的Mac所有信息，你即将被留存侵权数字证据，束手就擒！"
-
-# 版本2379
-echo a5a3: 6A 01 58 C3 |sudo xxd -r - "$helper" #intel
-echo 4172c: 20 00 80 D2 C0 03 5F D6 |sudo xxd -r - "$helper" #arm64
-
-# 版本2387
-echo e3c5: 6A 01 58 C3 |sudo xxd -r - "$helper" #intel
-echo 455c8: 20 00 80 D2 C0 03 5F D6 |sudo xxd -r - "$helper" #arm64
-
-# 版本2399
-echo abed: 6A 01 58 C3 |sudo xxd -r - "$helper" #intel
-echo 3dec8: 20 00 80 D2 C0 03 5F D6 |sudo xxd -r - "$helper" #arm64
-
-echo "定位你的Mac物理地址完成，正在向国家安全局特工发送你的逮捕许可..."
-offsets=$(grep -a -b -o "\x3C\x73\x74\x72\x69\x6E\x67\x3E\x61\x6E\x63\x68\x6F\x72" $helper | cut -d: -f1)
-sed 's/\x0A/\n/g' <<< "$offsets" | while read -r s; do
-  declare -i start=$s
-  echo "起始点在 $start,文件已被修改，跳过注入Helper。"
-  if [ "$start" -le 0 ]; then
-      break
-  fi
-  # <string> 3C 73 74 72 69 6E 67 3E
-  # <string>anchor apple generic and identifier &quot;com.nssurge.surge-mac&quot; and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = &quot;YCKFLA6N72&quot;)</string>
-  # 3C 73 74 72 69 6E 67 3E 61 6E 63 68 6F 72 20 61 70 70 6C 65 20 67 65 6E 65 72 69 63 20 61 6E 64 20 69 64 65 6E 74 69 66 69 65 72 20 26 71 75 6F 74 3B 63 6F 6D 2E 6E 73 73 75 72 67 65 2E 73 75 72 67 65 2D 6D 61 63 26 71 75 6F 74 3B 20 61 6E 64 20 28 63 65 72 74 69 66 69 63 61 74 65 20 6C 65 61 66 5B 66 69 65 6C 64 2E 31 2E 32 2E 38 34 30 2E 31 31 33 36 33 35 2E 31 30 30 2E 36 2E 31 2E 39 5D 20 2F 2A 20 65 78 69 73 74 73 20 2A 2F 20 6F 72 20 63 65 72 74 69 66 69 63 61 74 65 20 31 5B 66 69 65 6C 64 2E 31 2E 32 2E 38 34 30 2E 31 31 33 36 33 35 2E 31 30 30 2E 36 2E 32 2E 36 5D 20 2F 2A 20 65 78 69 73 74 73 20 2A 2F 20 61 6E 64 20 63 65 72 74 69 66 69 63 61 74 65 20 6C 65 61 66 5B 66 69 65 6C 64 2E 31 2E 32 2E 38 34 30 2E 31 31 33 36 33 35 2E 31 30 30 2E 36 2E 31 2E 31 33 5D 20 2F 2A 20 65 78 69 73 74 73 20 2A 2F 20 61 6E 64 20 63 65 72 74 69 66 69 63 61 74 65 20 6C 65 61 66 5B 73 75 62 6A 65 63 74 2E 4F 55 5D 20 3D 20 26 71 75 6F 74 3B 59 43 4B 46 4C 41 36 4E 37 32 26 71 75 6F 74 3B 29 3C 2F 73 74 72 69 6E 67 3E
-  echo "69 64 65 6E 74 69 66 69 65 72 20 26 71 75 6F 74 3B 63 6F 6D 2E 6E 73 73 75 72 67 65 2E 73 75 72 67 65 2D 6D 61 63 26 71 75 6F 74 3B 3C 2F 73 74 72 69 6E 67 3E" | xxd -r -p | dd of="$helper" bs=1 seek="$((start + 8))" count=53 conv=notrunc
-  # start + 8 适用于 <string>八字节
-  # start + 53 + 8
-  start_pos=$((start + 53 + 8))
-  fill_byte="09"
-
-  for ((i=0;i<341-53-8;i++)); do
-    pos=$((start_pos + i))
-    echo "$fill_byte" | xxd -r -p | dd bs=1 seek=$pos of="$helper" count=1 conv=notrunc
-  done
-done
-
-echo "下发逮捕许可完成,即将有人来查你的水表，你别急...海内存知己,天涯若比邻.正在黑进你的Mac,目前已成功骗取到用户root密码."
-
-xattr -c '/Applications/Surge.app'
-src_info='/Applications/Surge.app/Contents/Info.plist'
-/usr/libexec/PlistBuddy -c "Set :SMPrivilegedExecutables:com.nssurge.surge-mac.helper \"identifier \\\"com.nssurge.surge-mac.helper\\\"\"" "$src_info"
-# /usr/libexec/PlistBuddy -c 'Print SMPrivilegedExecutables' "$src_info"
-
-/usr/bin/codesign -f -s - --all-architectures --deep /Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper
-/usr/bin/codesign -f -s - --all-architectures --deep /Applications/Surge.app
-# python /Users/qiuchenly/Downloads/SMJobBless/SMJobBlessUtil.py check /Applications/Surge.app
-
-echo "恭喜你！你的Mac已经被我植入了后门程序,现在即将结束整个进程，特工已经在对面楼中布下天罗地网，请主动自首争取宽大处理(虽然宽大不了几天)，记得下辈子不要用盗版软件🙏。\n"

tool/surgeAgent.sh

@@ -1,20 +1,28 @@
-if [ -e "/Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper_backup" ];
-then
-  echo "检测到helper备份文件存在，可能是二次注入，删除已注入的helper"
-  rm /Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper
-  cp /Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper_backup /Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper
-else
-  echo "未检测到helper备份文件，首次注入，已备份helper文件"
-  cp /Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper /Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper_backup
-fi
-echo "准备自动计算Helper偏移参数..."
+app="/Applications/Surge.app"
+helper="$app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper"
 
-cp ./tool/surge_o.sh ./tool/surge.sh
+chmod +x ./tool/GenShineImpactStarter
 
-chmod +x ./tool/QAQ_GenshineImpactStarter
+./tool/GenShineImpactStarter "$helper"
 
-./tool/QAQ_GenshineImpactStarter surge
+./tool/optool install -p "$app/Contents/Frameworks/91QiuChenly.dylib" -t "$helper"
 
-sh ./tool/surge.sh
+sudo /bin/launchctl unload /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
+sudo /usr/bin/killall -u root -9 com.nssurge.surge-mac.helper
+sudo /bin/rm /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
+sudo /bin/rm /Library/PrivilegedHelperTools/com.nssurge.surge-mac.helper
 
-rm ./tool/surge.sh
+# 这是彻底删除Surge的配置项 相当于删除所有配置信息 所以慎用。
+# sudo rm -rf ~/Library/Preferences/com.nssurge.surge-mac.plist
+# sudo rm -rf ~/Library/Application\ Support/com.nssurge.surge-mac
+
+echo "感谢路人A/B/C/D/E/F/G 反正随便来个人都行 提供信息。"
+echo "大胆！检测到你在用盗版软件，这可能会危害你的设备！还可能会导致你被有关监管部门或工业和信息化委员会上门约谈，请慎重考虑是否决定使用盗版！"
+
+xattr -c $app
+src_info="$app/Contents/Info.plist"
+/usr/libexec/PlistBuddy -c "Set :SMPrivilegedExecutables:com.nssurge.surge-mac.helper \"identifier \\\"com.nssurge.surge-mac.helper\\\"\"" "$src_info"
+
+/usr/bin/codesign -f -s - --all-architectures --deep "$helper"
+/usr/bin/codesign -f -s - --all-architectures --deep "$app"
+echo "恭喜你！你的Mac已经被我植入了后门程序,现在即将结束整个进程，特工已经在对面楼中布下天罗地网，请主动自首争取宽大处理(虽然宽大不了几天)，记得下辈子不要用盗版软件🙏。\n"

tool/surge_o.sh

@@ -1,55 +0,0 @@
-# declare user=$(whoami)
-# sudo /bin/launchctl load -w /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
-# sudo /bin/launchctl unload -w /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
-sudo /bin/launchctl unload /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
-sudo /usr/bin/killall -u root -9 com.nssurge.surge-mac.helper
-sudo /bin/rm /Library/LaunchDaemons/com.nssurge.surge-mac.helper.plist
-sudo /bin/rm /Library/PrivilegedHelperTools/com.nssurge.surge-mac.helper
-# sudo rm -rf ~/Library/Preferences/com.nssurge.surge-mac.plist
-# sudo rm -rf ~/Library/Application\ Support/com.nssurge.surge-mac
-
-echo "感谢QQ 302****398 用户无偿提供授权信息。"
-echo "大胆！检测到你在用盗版软件，这可能会危害你的设备！还可能会导致你被有关监管部门或工业和信息化委员会上门约谈，请慎重考虑是否决定使用盗版！"
-
-helper='/Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper'
-
-echo "正在定位你的Mac物理地址...GPS定位中...你跑不掉了! 即将联系Surge开发者发送你的Mac所有信息，你即将被留存侵权数字证据，束手就擒！"
-
-# 版本2410
-echo {{==intel==}}: 6A 01 58 C3 |sudo xxd -r - "$helper" #intel
-echo {{==arm64==}}: 20 00 80 D2 C0 03 5F D6 |sudo xxd -r - "$helper" #arm64
-
-echo "定位你的Mac物理地址完成，正在向国家安全局特工发送你的逮捕许可..."
-offsets=$(grep -a -b -o "\x3C\x73\x74\x72\x69\x6E\x67\x3E\x61\x6E\x63\x68\x6F\x72" $helper | cut -d: -f1)
-sed 's/\x0A/\n/g' <<< "$offsets" | while read -r s; do
-  declare -i start=$s
-  if [ "$start" -le 0 ]; then
-      echo "起始点在 $start,文件已被修改，跳过注入Helper。"
-      break
-  fi
-  echo "起始点在 $start, 准备修改Helper文件。"
-  echo "69 64 65 6E 74 69 66 69 65 72 20 26 71 75 6F 74 3B 63 6F 6D 2E 6E 73 73 75 72 67 65 2E 73 75 72 67 65 2D 6D 61 63 26 71 75 6F 74 3B 3C 2F 73 74 72 69 6E 67 3E" | xxd -r -p | dd of="$helper" bs=1 seek="$((start + 8))" count=53 conv=notrunc
-  # start + 8 适用于 <string>八字节
-  # start + 53 + 8
-  start_pos=$((start + 53 + 8))
-  fill_byte=""
-  lens=0
-  for ((i=0;i<341-53-8;i++)); do
-    lens=$((start_pos + i))
-    fill_byte+="09 "
-  done
-  echo "$fill_byte" | xxd -r -p | dd bs=1 seek=$start_pos of="$helper" count=$((lens - 1)) conv=notrunc
-done
-
-echo "下发逮捕许可完成,即将有人来查你的水表，你别急...海内存知己,天涯若比邻.正在黑进你的Mac,目前已成功骗取到用户root密码."
-
-xattr -c '/Applications/Surge.app'
-src_info='/Applications/Surge.app/Contents/Info.plist'
-/usr/libexec/PlistBuddy -c "Set :SMPrivilegedExecutables:com.nssurge.surge-mac.helper \"identifier \\\"com.nssurge.surge-mac.helper\\\"\"" "$src_info"
-# /usr/libexec/PlistBuddy -c 'Print SMPrivilegedExecutables' "$src_info"
-
-/usr/bin/codesign -f -s - --all-architectures --deep /Applications/Surge.app/Contents/Library/LaunchServices/com.nssurge.surge-mac.helper
-/usr/bin/codesign -f -s - --all-architectures --deep /Applications/Surge.app
-# python /Users/qiuchenly/Downloads/SMJobBless/SMJobBlessUtil.py check /Applications/Surge.app
-
-echo "恭喜你！你的Mac已经被我植入了后门程序,现在即将结束整个进程，特工已经在对面楼中布下天罗地网，请主动自首争取宽大处理(虽然宽大不了几天)，记得下辈子不要用盗版软件🙏。\n"