Upgrade to Pro — share decks privately, control downloads, hide ads and more …

iOS Code Signing

LOLgrep
April 10, 2018
0
140

iOS Code Signing

Silicon Valley iOS Meetup https://www.meetup.com/sviphone/events/248670457/

LOLgrep

April 10, 2018
Tweet

More Decks by LOLgrep

See All by LOLgrep
Reverse Engineering the iOS Simulator's SpringBoard
lolgrep
0
330

Featured

See All Featured
What's in a price? How to price your products and services
michaelherold
238
11k
How STYLIGHT went responsive
nonsquared
92
4.8k
Thoughts on Productivity
jonyablonski
60
3.9k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Atom: Resistance is Futile
akmur
260
25k
Unsuck your backbone
ammeep
663
57k
The Invisible Customer
myddelton
114
12k
Visualization
eitanlees
137
14k
Facilitating Awesome Meetings
lara
43
5.6k
Producing Creativity
orderedlist
PRO
338
39k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
242
1.2M

Transcript

  1. Code Signing Derek Selander
 @LOLgrep

  2. Code Signing Overview • Identity A fancy term for a

    public/private key in Keychain Access • Entitlements Signed XML saying what an app can do • Provisioning Profiles Entitlements + Certificates + (optionally) approved devices + other metadata

  3. Identities The public/private keys used to sign and verify your

    app

  4. Entitlements XML Capabilities/Security Permissions to what your app can do

  5. Provisioning Profiles Signed plists (including certificates & entitlements) found in

    
 ~/Library/MobileDevice/Provisioning Profiles

  6. The Tools • mobdevim 
 https://github.com/derekselander/mobdevim • LLDB Scripts
 https://github.com/derekselander/lldb

    • jtool
 http://www.newosxbook.com/tools/jtool.html • dsresign
 https://gist.github.com/DerekSelander/ 491e93e0c44cb228906bb69f1bed9578

  7. Commands, mobdevim • # List all apps
 mobdevim -l •

    # Get Entitlement information about com.example.test app
 mobdevim -l com.example.test Entitlements • # List all provisioning profiles
 mobdevim -p • # Get detailed info about provisioning profile f25... UUID
 mobdevim -p f25de34a-3453-48ee-b297-9f53d32033e4 • # Get developer certificates from device
 mobdevim -C • # Get console output
 mobdevim -c • # Debug application (App needs get-task-allow entitlement) (must install first)
 mobdevim -d /path/to/app/on/mac/computer

  8. Commands, misc. • # Display a certificate 
 openssl x509

    -in /path/to/cer/file -text -noout -inform DER • # Look for any apps that have the phrase "selander" in the BundleID
 mdfind kMDItemCFBundleIdentifier = *selander* • # Read provisioning profile 
 security cms -D -i /path/to/provisioning/profile • # Find all valid signing identities
 security find-identity -p codesigning -v • # Resign dat app
 codesign --entitlements /path/to/ent -f -s "$SIGNER" /path/to/app • # Find public PEM certificate for. identity
 security find-certificate -c “identity name" -p

  9. Commands, jtool • # Get signature of app
 jtool --sig

    -v /path/to/app • # Verify app is valid
 jtool --sig /path/to/app • # Get the entitlements of app
 jtool --ent /path/to/app • # List all sections/segments in app
 jtool -l /path/to/app • # List the frameworks dependencies of the app
 jtool -L /path/to/app
 
 
 


  10. "I'd like to keep it on manual control for a

    while"