> Modern MacOS is also pretty unfriendly for developers and power users.
It has become somewhat unfriendly, but I really appreciate that you can still do whatever you want.
To run self-signed apps, run `sudo spctl --master-disable`
To turn off System Integrity Protection, run `csrutil --disable` from recovery mode.
To modify the root filesystem, do all of the above and run `csrutil authenticated-root disable` from recovery mode.
To disable library validation, do all of the above and run `sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true`
To disable AMFI, do all of the above and add the boot argument amfi_get_out_of_my_way=0x1
(Some steps may be a bit different on Apple Silicon Macs, I don't own any so I'm not as familiar.)
---
You now have the same privileges Apple does. You can grant yourself whatever entitlements you like, inject your own code into any process, load your own kernel extensions, or just replace the whole kernel with your custom build of XNU.
I actually think a decent chunk of macOS's perceived "unfriendliness" comes from Mac users being less willing to hack around than users of other OSs. The common refrain in Mac circles seems to be that System Integrity Protection should never be switched off under any circumstances. I agree, if you're a normal user—but if you're not, and the handcuffs are annoying you, just unlock them already. (But do leave everything else in place until such a time as it presents a roadblock.)
Also, method swizzling in Objective-C is fun, try it!
There’s a safer way to run self-signed software on macOS, for anyone that prefers not to do the master disable. First, try to run the program. When it fails, open Settings.app and go to the security section. You’ll find the most recently blocked program name mentioned and an Allow button that will remove the block. Then, you can run the program. You need to do this only once per program.
Right click open. Fail. Right click open again, hit okay, and it will succeed. It remembers your decision. This has been the magic incantation since signing was introduced.
It has become somewhat unfriendly, but I really appreciate that you can still do whatever you want.
To run self-signed apps, run `sudo spctl --master-disable`
To turn off System Integrity Protection, run `csrutil --disable` from recovery mode.
To modify the root filesystem, do all of the above and run `csrutil authenticated-root disable` from recovery mode.
To disable library validation, do all of the above and run `sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true`
To disable AMFI, do all of the above and add the boot argument amfi_get_out_of_my_way=0x1
(Some steps may be a bit different on Apple Silicon Macs, I don't own any so I'm not as familiar.)
---
You now have the same privileges Apple does. You can grant yourself whatever entitlements you like, inject your own code into any process, load your own kernel extensions, or just replace the whole kernel with your custom build of XNU.
I actually think a decent chunk of macOS's perceived "unfriendliness" comes from Mac users being less willing to hack around than users of other OSs. The common refrain in Mac circles seems to be that System Integrity Protection should never be switched off under any circumstances. I agree, if you're a normal user—but if you're not, and the handcuffs are annoying you, just unlock them already. (But do leave everything else in place until such a time as it presents a roadblock.)
Also, method swizzling in Objective-C is fun, try it!