{"id":47626,"date":"2025-05-06T16:50:45","date_gmt":"2025-05-06T20:50:45","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=47626"},"modified":"2025-05-06T16:50:45","modified_gmt":"2025-05-06T20:50:45","slug":"retrospective-on-reverse-engineering-a-tiger-bug","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/05\/06\/retrospective-on-reverse-engineering-a-tiger-bug\/","title":{"rendered":"Retrospective on Reverse-Engineering a Tiger Bug"},"content":{"rendered":"

Rosyna Keller<\/a> (Mastodon<\/a>, tweet<\/a>):<\/p>\n

At the time, Apple only allowlisted specific menu extras by class name (checked in -[SUISStartupObject _canLoadClass:])<\/code>. Any attempt to load a menu extra that advertised a different class name in its Info.plist’s NSPrincipalClass<\/a> entry would fail. Menu extras were first-class citizens. You could hold the Command (⌘) key down to move or quit them. They loaded automatically and needed no backing application. This sent lots of developers looking for workarounds to Apple’s allowlist, as they wanted these features for their own menus.<\/p>

Some developers would steal one of the allowlisted class names for their menu extra plugin. This was unwise. The Objective-C runtime only allowed one class instance with a specific name to be loaded at a time. When it found duplicates, the one it chose was an implementation detail that could cause unexpected crashes. Favorite choices of class names to hijack included AppleVerizonExtra<\/code> or IrDAExtra<\/code>, i.e., something a user isn’t likely to have enabled. In the rare case someone did<\/em> enable these, or if more than one developer chose to steal the same class name, all hell could break loose.<\/p>

This was the impetus for Menu Extra Enabler<\/a>. It was an old-style InputManager plugin that automatically loaded into SystemUIServer when installed and overrode the -[SUISStartupObject _canLoadClass:]<\/code> instance method to return YES<\/code> unregardless of what class name was used for the menu extra’s principal class.<\/p>\n

[…]<\/p>\n

I’m desperately looking for any assistance that can be provided. Specifically, I need some temporary help to afford the health insurance and rent. […] My ultimate goal is to find some contracting work for macOS\/iOS where I can use my reverse engineering and bug fixing\/finding\/working around skills. I miss figuring out how things work, something I could do in spades while working on macOS Notarization at Apple.<\/p><\/blockquote>\n\n

Previously:<\/p>\n