Bypassing iPhone Code Signatures

  Starting with the recent beta releases of the iPhoneOS, Apple has started requiring that all code on the device is signed. This is mostly to make it impossible for programs running through Apple's AppStore to download more software and run it (so no competition for AppStore).

  iOS要求所有程序都必须签名。

  In order to get around this (and thereby to install our own code onto the device) the iPhone Dev Team has patched the signature verification out of the kernel. However, another half of the codesign problem is that the binary contains a number of SHA1 verification hashes that are checked in numerous locations throughout the kernel. Patching this out is A) difficult (especially to track as Apple makes changes) and B) of marginal benefit as adding these hashes is easy. This means you do still have to at least pay lipservice to the code signature process. There are currently three viable options.

  iPhone Dev Team已经把签名校验机制从内核中抽离出来。可是,对于SHA1的校验确无处不在,A)把所有这些校验机制抽离出来很困难(尤其是要跟得上苹果的变化),B)添加这些hashes很容易。

  所以有以下3种方式可以用来帮助绕过这些SHA1校验:

  1、Option #1: Self-Signing

    使用苹果的签名工具codesign进行签名即可。

  2、Option #2: Pseudo-Signing

    codesign是macos平台上的工具,linux平台可以使用ldid。

  3、Option #3: Disable Checks

    关闭所有的校验。

Entitlements

  Every executable also has an XML file (specifically an Objective-C Property List) that is signed into it that is its block of "entitlements". This area is read (I'm not certain by who, but I'd guess the kernel) to determine what seatbelt profile to apply to that process and what extra abilities it gets.

  To dump or set the entitlements of a binary we can use ldid. Dumping uses -e and setting involves passing an argument to -S as you sign the file. You can also pass --entitlements to codesign.

  ldid -e选项用于从bin中导出entitlements权限,-S选项用于签名,给-S添加参数的是一个entitlements文件。也可通过给codesign --entitlements选项来设置权限。如下:

  

Entitlement实战

  

参考:http://www.saurik.com/id/8

Bypassing iPhone Code Signatures的更多相关文章

  1. [转]Bypassing iPhone Code Signatures

    Source Link: http://www.saurik.com/id/8 Due to popular demand, I am putting some of the content I ha ...

  2. Code Sign error: Provisioning profile XXXX can't be found

    [iphone]Code Sign error: Provisioning profile XXXX can't be found 如果你更新了profile,再编译iphone项目,发现下面的错误, ...

  3. iPhone较为基础的代码片段

    Iphone代码片段导航 1.给UITableViewController添加ToolBar. self.navigationController.toolbarHidden = NO; //默认是隐 ...

  4. ipa重签名

    为什么要研究重签名问题?将程序打包成ipa包后,ipa包中会包含Provisioning Profile和_CodeSignature等文件,里面包含了对整个ipa的签名信息. 一旦改动ipa中的不论 ...

  5. An iOS zero-click radio proximity exploit odyssey

    NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 1 ...

  6. github上所有大于800 star OC框架

    https://github.com/XCGit/awesome-objc-frameworks#awesome-objc-frameworks awesome-objc-frameworks ID ...

  7. IOS常用加密GTMBase64

    GTMDefines.h // // GTMDefines.h // // Copyright 2008 Google Inc. // // Licensed under the Apache Lic ...

  8. 验证Xcode真伪的方法,来自苹果官网

    验证Xcode真伪的方法,来自苹果官网   Xcode的验证你的版本 2015年9月22日    注意:中文为有道翻译,看下验证方法即可.   我们最近将应用程序从应用程序商店,还建有Xcode的假冒 ...

  9. iOS使用MD5 - 字符串加密至MD5&获取文件MD5

    iOS 字符串加密至MD5 + (NSString *) md5:(NSString *)str { unsigned ]; CC_MD5( cStr, strlen(cStr), result ); ...

随机推荐

  1. lzugis——Arcgis Server for JavaScript API之自定义InfoWindow

    各位看到这个标题不要嫌烦,因为本人最近一直在研究相关的问题,所以相关文章也只能是这些,同时希望看过我的文章的朋友,我的文章能够给你帮助. 在前面的两篇相关的文章里面,实现InfoWindow是通过di ...

  2. C/C++ 笔试题一

    摘自 网络上的 笔试题,据说是华为的,考察的内容还算全面,也很细致: 答案 疏略 检查了下,应该没有什么大问题,但是 还是那句话,尽信之不如无,所以还是要自己思考 1.static有什么用途?(请至少 ...

  3. [leetcode]_Validate Binary Search Tree

    题目:判断一棵二叉树是否合法.要求二叉树满足 左子树所有值 < 当前值 < 右子树所有值,并且所有点都满足这个条件. 思路: 1.从当前根节点判断,求根节点左子树最大值maxLeft,右子 ...

  4. tensorflow中常用激活函数和损失函数

    激活函数 各激活函数曲线对比 常用激活函数: tf.sigmoid() tf.tanh() tf.nn.relu() tf.nn.softplus() tf.nn.softmax() tf.nn.dr ...

  5. SVN客户端与服务器端搭建操作

    一.客户端的安装 1.点击安装程序 2.修改svn安装位置 3.开始安装 4.客户端安装成功 5.回到左面  右键出现svn检出 tortoiSVN  表示安装成功 Myeclipse svn插件安装 ...

  6. BZOJ1355:[Baltic2009]Radio Transmission

    浅谈\(KMP\):https://www.cnblogs.com/AKMer/p/10438148.html 题目传送门:https://lydsy.com/JudgeOnline/problem. ...

  7. firstModel权限问题

    laravel根目录下没有 .env , 执行 cp .env.example .envstorage和bootstrap/cache 没有给写入权限, 执行 chmod -R 777 storage ...

  8. ODBC CRecordSet访问

    一.概述 ODBC 是一种使用SQL 的程序设计接口.使用ODBC 让应用程序的编写者避免了与数据源相联的复杂性.这项技术目前已经得到了大多数DBMS 厂商们的广泛支持. Microsoft Deve ...

  9. 你知道PORT吗?

    在TCP协议中,有端口(PORT)的概念,很多人都不知道端口到底是什么.之前介绍过物理地址,也就是网卡地址,做个不恰当的比喻,物理地址(MAC)地址,相当于身份证(唯一),家庭地址是几幢几单元相当于I ...

  10. Spring security 浅谈用户验证机制

    step1:首先ApplicationUserDetailsService需要实现UserDetailsService接口(在 org.springframework.security.core.us ...