Bypassing iPhone Code Signatures

  Starting with the recent beta releases of the iPhoneOS, Apple has started requiring that all code on the device is signed. This is mostly to make it impossible for programs running through Apple's AppStore to download more software and run it (so no competition for AppStore).

  iOS要求所有程序都必须签名。

  In order to get around this (and thereby to install our own code onto the device) the iPhone Dev Team has patched the signature verification out of the kernel. However, another half of the codesign problem is that the binary contains a number of SHA1 verification hashes that are checked in numerous locations throughout the kernel. Patching this out is A) difficult (especially to track as Apple makes changes) and B) of marginal benefit as adding these hashes is easy. This means you do still have to at least pay lipservice to the code signature process. There are currently three viable options.

  iPhone Dev Team已经把签名校验机制从内核中抽离出来。可是,对于SHA1的校验确无处不在,A)把所有这些校验机制抽离出来很困难(尤其是要跟得上苹果的变化),B)添加这些hashes很容易。

  所以有以下3种方式可以用来帮助绕过这些SHA1校验:

  1、Option #1: Self-Signing

    使用苹果的签名工具codesign进行签名即可。

  2、Option #2: Pseudo-Signing

    codesign是macos平台上的工具,linux平台可以使用ldid。

  3、Option #3: Disable Checks

    关闭所有的校验。

Entitlements

  Every executable also has an XML file (specifically an Objective-C Property List) that is signed into it that is its block of "entitlements". This area is read (I'm not certain by who, but I'd guess the kernel) to determine what seatbelt profile to apply to that process and what extra abilities it gets.

  To dump or set the entitlements of a binary we can use ldid. Dumping uses -e and setting involves passing an argument to -S as you sign the file. You can also pass --entitlements to codesign.

  ldid -e选项用于从bin中导出entitlements权限,-S选项用于签名,给-S添加参数的是一个entitlements文件。也可通过给codesign --entitlements选项来设置权限。如下:

  

Entitlement实战

  

参考:http://www.saurik.com/id/8

Bypassing iPhone Code Signatures的更多相关文章

  1. [转]Bypassing iPhone Code Signatures

    Source Link: http://www.saurik.com/id/8 Due to popular demand, I am putting some of the content I ha ...

  2. Code Sign error: Provisioning profile XXXX can't be found

    [iphone]Code Sign error: Provisioning profile XXXX can't be found 如果你更新了profile,再编译iphone项目,发现下面的错误, ...

  3. iPhone较为基础的代码片段

    Iphone代码片段导航 1.给UITableViewController添加ToolBar. self.navigationController.toolbarHidden = NO; //默认是隐 ...

  4. ipa重签名

    为什么要研究重签名问题?将程序打包成ipa包后,ipa包中会包含Provisioning Profile和_CodeSignature等文件,里面包含了对整个ipa的签名信息. 一旦改动ipa中的不论 ...

  5. An iOS zero-click radio proximity exploit odyssey

    NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 1 ...

  6. github上所有大于800 star OC框架

    https://github.com/XCGit/awesome-objc-frameworks#awesome-objc-frameworks awesome-objc-frameworks ID ...

  7. IOS常用加密GTMBase64

    GTMDefines.h // // GTMDefines.h // // Copyright 2008 Google Inc. // // Licensed under the Apache Lic ...

  8. 验证Xcode真伪的方法,来自苹果官网

    验证Xcode真伪的方法,来自苹果官网   Xcode的验证你的版本 2015年9月22日    注意:中文为有道翻译,看下验证方法即可.   我们最近将应用程序从应用程序商店,还建有Xcode的假冒 ...

  9. iOS使用MD5 - 字符串加密至MD5&获取文件MD5

    iOS 字符串加密至MD5 + (NSString *) md5:(NSString *)str { unsigned ]; CC_MD5( cStr, strlen(cStr), result ); ...

随机推荐

  1. iOS开发之Documentation.build/Script-BC552B3A15.sh:

    /Users/hbbhao/Library/Developer/Xcode/DerivedData/AWLive-dmbegyhgamayzudqqdentwngdpkr/Build/Intermed ...

  2. charles抓包并分析问题

    1.抓包并分析 某列表页 传入的参数: -------------------------------------------------------------------------------- ...

  3. 正则,re模块

    一.正则表达式(精准匹配) 匹配字符串内容的一种规则 二.字符组 在同一个位置可能出现的各种字符组成了一个字符组,在正则表达式中用[]表示 常见字符组格式如下:[0123456789],[0-9],[ ...

  4. shell 中并发执行

    http://bbs.51cto.com/thread-1104907-1-1.html http://www.51testing.com/html/28/116228-238978.html htt ...

  5. 剑指Offer面试题:13.合并两个排序的链表

    一 题目:合并两个排序的链表 题目:输入两个递增排序的链表,合并这两个链表并使新链表中的结点仍然是按照递增排序的.例如输入下图中的链表1和链表2,则合并之后的升序链表如链表3所示. 二 代码实现 te ...

  6. SSH框架(2)

    个人分类: Java面试   Struts 谈谈你对Struts的理解. 答: 1.struts是一个按MVC模式设计的Web层框架,其实它就是一个大大的servlet,这个Servlet名为Acti ...

  7. 监听Documents文件夹内文件发生改变

    // 当Documents内文件发生改变时,启动计时器,每秒计算一次大小,当大小不发生改变时说明传输完毕,就开始刷新. @property (nonatomic, strong) NSTimer *t ...

  8. vue-router linkActiveClass问题

    在使用vue做移动端的时候,底部四个菜单中当前菜单需要高亮显示,但是由于路由配置的问题导致了下图中的问题: # 首页会一直常亮,不论是否有点击(路由配置如右图) 经过排查,发现问题出现在router中 ...

  9. 让maven生成可运行jar包

    平时项目大多用到的是war包,今天实现了一个简单功能,无需部署到web服务器上,只需本地跑java代码即可,因此只要生成一个jar包.那么怎么让maven项目打成一个可以使用java命令跑的jar包呢 ...

  10. (7)Stream简介

    流的个人理解: 怎样获得流: 怎样处理流: 中间操作和终端操作介绍: 中间操作和终端操作的使用: 流的个人理解: Stream也就是流,他和IO流不一样,他是java8诞生的东西,我对他的理解就是一个 ...