procursusteam / ldid Goto Github PK
View Code? Open in Web Editor NEWLink Identity Editor. Put real or fake signatures in a Mach-O.
License: GNU Affero General Public License v3.0
Link Identity Editor. Put real or fake signatures in a Mach-O.
License: GNU Affero General Public License v3.0
When signing an app bundle and you have a stray binary inside it, ldid correctly resigns it but for whatever reason that binary looses it's entitlements. Works fine for main binary / app plugin binaries.
Hey guys. I want to hire you to develop fork of this with support of HSM (pkcs11). How i can contact you?
https://github.com/libimobiledevice/libplist/releases/tag/2.5.0 changed parts of the API to use uint8_t *
instead of char *
which causes ldid to fail to compile
I'm probably doing something wrong, but no matter how I uses the -K
option I get a different kind of error. Some p12 file sign successfully but fail to verify with codesign -v
(CSSMERR_TP_NOT_TRUSTED
), some give various parsing errors (ldid: An error occured while parsing: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
, ldid: An error occursed while parsing the certificate: error:00000000:lib(0):func(0):reason(0)
). Additionally, it seems to keep asking for a password despite never having set one.
I tried with both a self-signed code-signing certificate I exported from Keychain Access as p12, an iOS developer certificate similarly exported, and a p12 certificate generated by AltSign.
What am I possibly doing wrong?
I attached the p12 files I'm trying to sign with (I'm aware they contain private keys).
p12.zip
I tried using ldid, impactor, and zsign on my a15 device. All apps seem to install fine but when opened, just crash. As soon as I use the apple codesign command with the same certs, it can be installed and the app runs fine without crashing.
Here is a diff between ldid and apple codesign:
It seems to not be including resources such as lproj's info.plist's, etc. Its lacking the Authority despite providing the same authority cert.
Example:
ldid -S -M -Kcert.p12 <mach-o>
will resign the file and merge existing entitlements with empty ones.
But when used on a directory:
ldid -S -M -Kcert.p12 <name.app>
will resign all mach-o and replace their entitlements with empty ones.
and -s flag doesn't work on a directory, so there is no way to deep sign like with codesign.
ldid version: v2.1.5-procursus4
os: linux, macOS
Can you build ldid for tvOS?
Thanks.
Line 3682 in aaf8f23
"requre" -> "require"
At least it's better then the original ldid, which breaks static binaries by adding the DYLDLINK flag, which makes them not run on x86
Hello!
I managed to build a statically linked ldid for Win32 (mingw target) with MinGW toolchain. I have applied some fixes to make it work like here and here. It builds and works.
Windows, compared to linux and macOS forbids renaming files when a file with the same name already exists. I've applied a fix to remove the original executable before it renames the temporary one. It now successfully signs a bundle.
But when I try to sign a single mach-o it fails with permission denied
when it tries to remove the original executable.
Here is the line where it fails (it fixed bundle sign, but broke single mach-o sign)
I come here to ask for your help to give me some clues.
Here is my branch. And this is a link to artifact
Thank you.
We should remove all asserts and show proper error messages.
Command:
ldid -e 'YouTube.app/Frameworks/CydiaSubstrate.framework/CydiaSubstrate'
Expected result:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>IOUserClient</string>
</array>
<key>platform-application</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>com.google.ios.youtube</string>
</array>
<key>application-identifier</key>
<string>com.google.ios.youtube</string>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.usernotifications.time-sensitive</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.google.ios.youtube</string>
</array>
</dict>
</plist>
Actual result:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>IOUserClient</string>
</array>
<key>platform-application</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>com.google.ios.youtube</string>
</array>
<key>application-identifier</key>
<string>com.google.ios.youtube</string>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.usernotifications.time-sensitive</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.google.ios.youtube</string>
</array>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>IOUserClient</string>
</array>
<key>platform-application</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>com.google.ios.youtube</string>
</array>
<key>application-identifier</key>
<string>com.google.ios.youtube</string>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.usernotifications.time-sensitive</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.google.ios.youtube</string>
</array>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>IOUserClient</string>
</array>
<key>platform-application</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>com.google.ios.youtube</string>
</array>
<key>application-identifier</key>
<string>com.google.ios.youtube</string>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.usernotifications.time-sensitive</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.google.ios.youtube</string>
</array>
</dict>
</plist>
PlugIns and the main executable don't have this issue.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.