procursusteam / ldid Goto Github PK

View Code? Open in Web Editor NEW

173.0 11.0 38.0 380 KB

Link Identity Editor. Put real or fake signatures in a Mach-O.

License: GNU Affero General Public License v3.0

C++ 88.16% C 10.88% Makefile 0.96%

codesigning macos ios signing

ldid's People

Contributors

Stargazers

Watchers

ldid's Issues

ldid strips entitlements of stray binaries even when using -s

When signing an app bundle and you have a stray binary inside it, ldid correctly resigns it but for whatever reason that binary looses it's entitlements. Works fine for main binary / app plugin binaries.

Whom can I contact?

Hey guys. I want to hire you to develop fork of this with support of HSM (pkcs11). How i can contact you?

Can't build with latest libplist

https://github.com/libimobiledevice/libplist/releases/tag/2.5.0 changed parts of the API to use uint8_t * instead of char * which causes ldid to fail to compile

ldid -K not working?

I'm probably doing something wrong, but no matter how I uses the -K option I get a different kind of error. Some p12 file sign successfully but fail to verify with codesign -v (CSSMERR_TP_NOT_TRUSTED), some give various parsing errors (ldid: An error occured while parsing: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure, ldid: An error occursed while parsing the certificate: error:00000000:lib(0):func(0):reason(0)). Additionally, it seems to keep asking for a password despite never having set one.

I tried with both a self-signed code-signing certificate I exported from Keychain Access as p12, an iOS developer certificate similarly exported, and a p12 certificate generated by AltSign.

What am I possibly doing wrong?

I attached the p12 files I'm trying to sign with (I'm aware they contain private keys).
p12.zip

Lacks a15 support

I tried using ldid, impactor, and zsign on my a15 device. All apps seem to install fine but when opened, just crash. As soon as I use the apple codesign command with the same certs, it can be installed and the app runs fine without crashing.
Here is a diff between ldid and apple codesign:

It seems to not be including resources such as lproj's info.plist's, etc. Its lacking the Authority despite providing the same authority cert.

ldid replaces entitlements instead of merging when signing a directory

Example:

ldid -S -M -Kcert.p12 <mach-o> will resign the file and merge existing entitlements with empty ones.

But when used on a directory:

ldid -S -M -Kcert.p12 <name.app> will resign all mach-o and replace their entitlements with empty ones.

and -s flag doesn't work on a directory, so there is no way to deep sign like with codesign.

ldid version: v2.1.5-procursus4
os: linux, macOS

Can you build ldid for tvOS?

Can you build ldid for tvOS?
Thanks.

Error message typo

ldid/ldid.cpp

Line 3682 in aaf8f23

fprintf(stderr, "ldid: -e, -q, and -h requre a signed binary\n");

"requre" -> "require"

running `ldid -S` on a static binary and then trying to strip it gives the error `_libcd_validate_csblobs: superblob is invalid`

At least it's better then the original ldid, which breaks static binaries by adding the DYLDLINK flag, which makes them not run on x86

Help compiling for Win32

Hello!

I managed to build a statically linked ldid for Win32 (mingw target) with MinGW toolchain. I have applied some fixes to make it work like here and here. It builds and works.

Windows, compared to linux and macOS forbids renaming files when a file with the same name already exists. I've applied a fix to remove the original executable before it renames the temporary one. It now successfully signs a bundle.

But when I try to sign a single mach-o it fails with permission denied when it tries to remove the original executable.

Here is the line where it fails (it fixed bundle sign, but broke single mach-o sign)

I come here to ask for your help to give me some clues.

Here is my branch. And this is a link to artifact

Thank you.

Add proper error handling

We should remove all asserts and show proper error messages.

Ldid signs with 3 identical entitlements plist when signing bundle's frameworks

Command:

ldid -e 'YouTube.app/Frameworks/CydiaSubstrate.framework/CydiaSubstrate'

Expected result:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.iokit-user-client-class</key>
	<array>
		<string>IOUserClient</string>
	</array>
	<key>platform-application</key>
	<true/>
	<key>get-task-allow</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>com.google.ios.youtube</string>
	</array>
	<key>application-identifier</key>
	<string>com.google.ios.youtube</string>
	<key>aps-environment</key>
	<string>production</string>
	<key>com.apple.developer.usernotifications.time-sensitive</key>
	<true/>
	<key>com.apple.security.application-groups</key>
	<array>
		<string>group.com.google.ios.youtube</string>
	</array>
</dict>
</plist>

Actual result:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.iokit-user-client-class</key>
	<array>
		<string>IOUserClient</string>
	</array>
	<key>platform-application</key>
	<true/>
	<key>get-task-allow</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>com.google.ios.youtube</string>
	</array>
	<key>application-identifier</key>
	<string>com.google.ios.youtube</string>
	<key>aps-environment</key>
	<string>production</string>
	<key>com.apple.developer.usernotifications.time-sensitive</key>
	<true/>
	<key>com.apple.security.application-groups</key>
	<array>
		<string>group.com.google.ios.youtube</string>
	</array>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.iokit-user-client-class</key>
	<array>
		<string>IOUserClient</string>
	</array>
	<key>platform-application</key>
	<true/>
	<key>get-task-allow</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>com.google.ios.youtube</string>
	</array>
	<key>application-identifier</key>
	<string>com.google.ios.youtube</string>
	<key>aps-environment</key>
	<string>production</string>
	<key>com.apple.developer.usernotifications.time-sensitive</key>
	<true/>
	<key>com.apple.security.application-groups</key>
	<array>
		<string>group.com.google.ios.youtube</string>
	</array>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.iokit-user-client-class</key>
	<array>
		<string>IOUserClient</string>
	</array>
	<key>platform-application</key>
	<true/>
	<key>get-task-allow</key>
	<true/>
	<key>keychain-access-groups</key>
	<array>
		<string>com.google.ios.youtube</string>
	</array>
	<key>application-identifier</key>
	<string>com.google.ios.youtube</string>
	<key>aps-environment</key>
	<string>production</string>
	<key>com.apple.developer.usernotifications.time-sensitive</key>
	<true/>
	<key>com.apple.security.application-groups</key>
	<array>
		<string>group.com.google.ios.youtube</string>
	</array>
</dict>
</plist>

PlugIns and the main executable don't have this issue.

procursusteam / ldid Goto Github PK

ldid's People

Contributors

Stargazers

Watchers

Forkers

ldid's Issues

Recommend Projects

Recommend Topics

Recommend Org