Upgrade to Pro — share decks privately, control downloads, hide ads and more …

iOS Code Signing

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for LOLgrep LOLgrep
April 10, 2018
0
150

iOS Code Signing

Silicon Valley iOS Meetup https://www.meetup.com/sviphone/events/248670457/

Avatar for LOLgrep

LOLgrep

April 10, 2018
Tweet

More Decks by LOLgrep

See All by LOLgrep
Reverse Engineering the iOS Simulator's SpringBoard
Avatar for LOLgrep lolgrep
0
380

Featured

See All Featured
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.2k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
84
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.2k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
34k
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.6k
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
140
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
254
22k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
650
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
0
1.1k

Transcript

  1. Code Signing Derek Selander
 @LOLgrep

  2. Code Signing Overview • Identity A fancy term for a

    public/private key in Keychain Access • Entitlements Signed XML saying what an app can do • Provisioning Profiles Entitlements + Certificates + (optionally) approved devices + other metadata

  3. Identities The public/private keys used to sign and verify your

    app

  4. Entitlements XML Capabilities/Security Permissions to what your app can do

  5. Provisioning Profiles Signed plists (including certificates & entitlements) found in

    
 ~/Library/MobileDevice/Provisioning Profiles

  6. The Tools • mobdevim 
 https://github.com/derekselander/mobdevim • LLDB Scripts
 https://github.com/derekselander/lldb

    • jtool
 http://www.newosxbook.com/tools/jtool.html • dsresign
 https://gist.github.com/DerekSelander/ 491e93e0c44cb228906bb69f1bed9578

  7. Commands, mobdevim • # List all apps
 mobdevim -l •

    # Get Entitlement information about com.example.test app
 mobdevim -l com.example.test Entitlements • # List all provisioning profiles
 mobdevim -p • # Get detailed info about provisioning profile f25... UUID
 mobdevim -p f25de34a-3453-48ee-b297-9f53d32033e4 • # Get developer certificates from device
 mobdevim -C • # Get console output
 mobdevim -c • # Debug application (App needs get-task-allow entitlement) (must install first)
 mobdevim -d /path/to/app/on/mac/computer

  8. Commands, misc. • # Display a certificate 
 openssl x509

    -in /path/to/cer/file -text -noout -inform DER • # Look for any apps that have the phrase "selander" in the BundleID
 mdfind kMDItemCFBundleIdentifier = *selander* • # Read provisioning profile 
 security cms -D -i /path/to/provisioning/profile • # Find all valid signing identities
 security find-identity -p codesigning -v • # Resign dat app
 codesign --entitlements /path/to/ent -f -s "$SIGNER" /path/to/app • # Find public PEM certificate for. identity
 security find-certificate -c “identity name" -p

  9. Commands, jtool • # Get signature of app
 jtool --sig

    -v /path/to/app • # Verify app is valid
 jtool --sig /path/to/app • # Get the entitlements of app
 jtool --ent /path/to/app • # List all sections/segments in app
 jtool -l /path/to/app • # List the frameworks dependencies of the app
 jtool -L /path/to/app
 
 
 


  10. "I'd like to keep it on manual control for a

    while"