Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Transparency, Consent and Control (TCC) is a feature for privacy protection in Apple products. A user has to explicitly allow access to particular folder and files via authentication in order to prevent arbitrary applications from accessing sensitive data.

The directory ~/Library/Application Support/MobileSync/Backup is protected by TCC since backups contain photos, contacts and other things. However, using the built in utility AppleMobileBackup to make a backup at a custom location completely bypass the TCC check. The service has Full Disk Access rights, apparently, which allows it to write/read to this location without consideration.

The bypass was initially fixed by removing the --root flag from the utility in order to prevent the custom mounting of a directory for the backup. This came with some problems though.

The stupid bypass is copying the binary from Monterey and rerunning it. Since it still has the flag and is likely signed, it works fine. Second, the utility DeviceLink has the capability of setting the root directory, allowing for the choosing of the mount point still. The author didn't verify these were fixed properly though.