Code signing on iOS/OSX

September 27, 2017 | Marin Usalj
Understanding
Code Signing on iOS/OSX

View Slide

September 27, 2017 | MARIN USALJ
Like a signature written with ink on paper, a digital
signature can be used to identify and authenticate the
signer.
However, a digital signature is more difficult to forge, and
goes one step further: it can ensure that the signed data
has not been altered.
APPLE.COM

View Slide

As a user, you're sure you're getting authorized software
Protects developers from unauthorized copying
User Benefits

View Slide

Apple Benefits
All the mentioned customer benefits
Makes it impossible for programs to download and run more software
No competition for the App Store™ (iOS only)

View Slide

Code Signing
Introduced on iOS from the first day of the App Store
Creeping through Gatekeeper on OSX (> 10.8)

View Slide

Why this talk
Why this talk vs just Fastlane and going home

View Slide

Why this talk vs just Fastlane

View Slide


View Slide

Thousands of dev hours wasted
Things break
Important to understand the underlying technology
Why this talk

View Slide

Code Signing on Apple platforms
Open source tools in combination with Apple's proprietary ones
Relies on public-key cryptography based on the X.509 standard
(like TLS/SSL)
Keychain Access utility manages the X.509 infrastructure on OSX

View Slide

CSR

View Slide

CSR
In Public Key Infrastructure systems, message sent from an applicant
to a Certificate Authority in order to apply for a digital identity
certificate.

View Slide



View Slide

Generated by


View Slide


Generated by

View Slide

CSR
This all happens locally.

View Slide

$ cat pl.csr
-----BEGIN CERTIFICATE REQUEST-----
asOdUe4+lRFvD4BtYExCZanetA3geXBUrf5wgOydIZlS4EeYQyBfWK9SidZpXc
Np/JCEJeyQZH95P2+AvCY+QpuBxNa4z6TMIq/
gOIn+CT+9YENjgCXjNGNfyNeoVQBdm8v22jN15SST9JmfqlWP7P9qsdbPkTFl7
3MqWiKG6bNf/
... ommitted...
BQMBFHmLEx85uttpGvDcIxL3iwFC2l3aaFl88lVuV68dKzgaNtvUpIT+H5lQAf
3cNBh5Mm6tHXegPicOwfKSFW+sfkkZAvDLfovd2WClnecmE9/
fHrLlnYTGtbJr/
h10BLBptxWkmsKPbN110PE5ScGhfzhVrBh+BFGSIZFQ10tqxMZRklsepc6RlFM
2kCcbU=
-----END CERTIFICATE REQUEST-----

View Slide

$ openssl asn1parse -i -in pl.csr
17:d=5 hl=2 l= 9 prim: OBJECT :emailAddress
28:d=5 hl=2 l= 19 prim: IA5STRING :[email protected]
53:d=5 hl=2 l= 3 prim: OBJECT :commonName
58:d=5 hl=2 l= 11 prim: UTF8STRING :Marin Usalj
75:d=5 hl=2 l= 3 prim: OBJECT :countryName
80:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
90:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
101:d=4 hl=2 l= 0 prim: NULL
103:d=3 hl=4 l= 271 prim: BIT STRING
378:d=2 hl=2 l= 0 cons: cont [ 0 ]
380:d=1 hl=2 l= 13 cons: SEQUENCE
382:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption

View Slide

$ openssl req -text -noout -in pl.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: [email protected], CN=Marin Usalj, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
ed:89:b8:54:dd:fa:fd:87:db:03:07:10:6e:2e:a4:
7a:8b:07:cf:68:5c:af:bf:4a:8e:42:fe:14:db:2b:
a0:2f:e9:76:8b:eb:53:76:a7:09:fb:0e:ed:bd:70:
00:a4:9c:c2:5c:61:a5:44:cb:e6:a0:76:a2:02:aa:
... ommitted ...

View Slide

$ openssl req -text -noout -in pl.csr
Certificate Request:
... ommitted ...
Signature Algorithm: sha256WithRSAEncryption
db:02:97:b4:d2:dc:7d:44:dd:35:e6:6e:34:9d:7f:20:c1:eb:
c2:7a:8a:6d:f5:87:ed:91:15:e4:f1:1a:67:24:10:55:b3:c2:
7c:fb:5a:88:bd:34:6e:4b:9a:e2:bf:89:2a:4e:f3:4a:e1:d7:
ac:65:71:09:0d:fe:47:31:bb:a1:07:3f:86:c5:f7:75:50:e2:
9b:74:9c:d3:31:13:7a:f3:06:9b:fc:81:f7:15:78:2e:79:61:
34:6b:c7:71:93:45:ec:14:63:97:f8:37:cd:5f:d6:39:f3:6b:
22:34:c8:4b:ab:ae:ca:ba:c9:c8:ed:30:25:4a:31:01:85:bf:
... ommitted ...

View Slide

Private / Public
Key Pair

View Slide

Key Pair
RSA (2048 bit)
Public key: Embedded in CSRs, certificates, shared
Private key: Used for actual signing. Should not be shared

View Slide

Key Pair
Creating CSRs / certs on several Macs can be a problem
Certificate you generate on one machine WILL NOT be usable for
code signing on a machine that does not have that private key
Forgetting this is a great way to waste hours and get angry

View Slide


View Slide

Certificate

View Slide

Certificate
Broadly - A public key combined with additional information,
Signed by Certificate Authority (CA) stating that the information in the
certificate is correct.

View Slide

Certificate
It's a guarantee that:
- you, the named developer, built this code
- you are a member of the developer program
- Apple has issued you a certificate to do so

View Slide




View Slide

Not Before:
Sep 2 18:40:48 2016 GMT
Not After:
Sep 2 18:40:48 2017 GMT
4d:f7:2d:ce:67:2a:41:19:6a:ad:2d:d2:01:ad:45:97:b9:42:
c4:bb:ba:37:16:2a:a9:5a:aa:3b:a6:b0:5c:c6:86:1c:f3:fc:
59:a0:9d:4c:b3:c4:8f:6c:3f:6d:3b:a1:c6:00:52:db:e4:ff:
c5:a5:6b:69:c0:1a:bd:28:a0:e1:6e:0d:23:2c:8c:99:42:6f:
96:8e:10:18:a5:55:c2:8f:78:c6:cd:4b:dd:0f:6c:db:d0:34:
70:87:aa:4e:1c:fd:b2:38:23:04:a4:04:a0:d1:36:bb:e6:d2:
aa:c4:32:77:c0:5d:1c:cf:ad:ff:dd:80:40:a7:82:6b:2a:75:



View Slide


View Slide

Not Before:
Sep 2 18:40:48 2016 GMT
Not After:
Sep 2 18:40:48 2017 GMT
4d:f7:2d:ce:67:2a:41:19:6a:ad:2d:d2:01:ad:45:97:b9:42:
c5:a5:6b:69:c0:1a:bd:28:a0:e1:6e:0d:23:2c:8c:99:42:6f:
70:87:aa:4e:1c:fd:b2:38:23:04:a4:04:a0:d1:36:bb:e6:d2:

View Slide

$ openssl x509 -in marin.cer -inform DER -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:a5:01:64:2e:8f:dd:62
Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations,
CN=Apple Worldwide Developer Relations Certification Authority
Validity
Not Before: Sep 2 18:40:48 2016 GMT
Not After : Sep 2 18:40:48 2017 GMT
Subject: UID=XTD6RSHE3Y, CN=iPhone Developer:
Marin Usalj (A4560M2TBD), OU=M3S82H073H, O=Playgrounds, Inc., C=US

View Slide

... ommitted ...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
3f:d6:7d:d0:d9:b2:4a:9b:95:0e:b5:33:68:01:e3:
a4:1d:0d:f9:58:3a:b8:c6:aa:43:5d:35:a0:b1:8a:
... ommitted ...
42:e3:b2:4e:f3:4a:bd:bc:56:3a:bc:7b:4d:94:63:
1d:b4:aa:1e:64:7b:e1:eb:7d:28:9a:8d:31:b4:25:
Exponent: 65537 (0x10001)

View Slide

... ommitted ...
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:DF:00:DB:AD:F0:0D:BA:DF:00:DB:AD:F0:0D:BA:DF:00:DB:AD:F0
keyid:BA:DF:00:DB:AD:F0:0D:BA:DF:00:DB:AD:F0:0D:BA:DF:00:DB:AD:F0
X509v3 Certificate Policies:
Policy: 1.2.840.113635.100.5.1
User Notice: ...
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
Code Signing

View Slide

... ommitted ...
44:3c:85:fe:45:33:e4:dc:f8:4f:bb:dc:57:76:4f:f8:cd:32:
9b:4a:ca:35:83:a1:02:03:a6:d5:64:f2:96:96:3b:ad:86:97:
74:01:33:6c:df:2f:f8:46:17:d5:2f:00:b9:e2:8e:35:3a:46:
66:3d:1d:49:f5:cb:ff:04:1a:94:ae:9b:d7:ba:46:e7:bf:28:
... ommitted ...
f8:f8:ba:3c:6c:db:b7:16:20:f7:e2:c2:23:ad:b4:b1:74:60:
cf:5c:37:a0:a4:e0:76:d1:22:8a:1b:68:63:ad:c3:e1:4f:fd:
ad:80:20:59

View Slide

PKCS #12

View Slide

PKCS #12
Archive file format for storing many cryptography objects as a single
file
Commonly used to bundle a private key with its X.509 certificate,
or to bundle all the members of a chain of trust

View Slide

Not Before:
Sep 2 18:40:48 2016 GMT
Not After:
Sep 2 18:40:48 2017 GMT
4d:f7:2d:ce:67:2a:41:19:6a:ad:2d:d2:01:ad:45:97:b9:42:
c5:a5:6b:69:c0:1a:bd:28:a0:e1:6e:0d:23:2c:8c:99:42:6f:
70:87:aa:4e:1c:fd:b2:38:23:04:a4:04:a0:d1:36:bb:e6:d2:
Release.p12

View Slide

PKCS #12
PKCS #12 file may be encrypted and signed
Internal storage containers are called SafeBags, may also be
encrypted and signed

View Slide

$ openssl pkcs12 -in marin.p12 -passinpass:passw0rd -passout pass:passw0rd
MAC verified OK
Bag Attributes
friendlyName: iPhone Developer: [email protected] (ABCUT7VXYZ)
localKeyID: BA DF 00 DB AD FO 0D BA DF 00 DB AD F0 0D BA DF 00 DB AD F0
subject=/UID=TBD6RSNF4Y/CN=iPhone Developer: [email protected] (ABCUT7VXYZ)/
OU=Q234J5G5G1/O=Marin Usalj/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple
Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
LGh5IJEcCLvyzW+wV3SVIEIekP8x5lSXMAn7FiMg4IKh+sBCs4aIrcbiXov5YycQaT+gQHUc569hZY
Ssdlz/asBQuqybJ+mCAMbBZ99jLM25wJO14l5IHd673EhrW/
...ommitted...
p7TVLKhK95bec7a1admvtJm+UbvJXzI7gEIfXZdvmh3FK4AVabvYoFlKwGzMavJB=
-----END CERTIFICATE-----

View Slide

$ openssl pkcs12 -in marin.p12 -passinpass:passw0rd -passout pass:passw0rd
... continued ...
Bag Attributes
friendlyName: iOS Developer: Marin Usalj (Marin Usalj)
localKeyID: BA DF 00 DB AD FO 0D BA DF 00 DB AD F0 0D BA DF 00 DB AD F0
Key Attributes:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2FD20992DD748148
iUWOSSWoLOR8xgDD7VexOSSMuWjvbRhO/Cyzdqd2orpzVkYTKDmEIjy8BScUD2pmW/
...ommitted...
2fex4o7ZyE7QMgg49Jau5eidAlksyaJpFXvvA/boSEFO3WJ4m3wxt2==
-----END RSA PRIVATE KEY-----

View Slide

Team, Bundle, App
ID

View Slide

Team ID
Each dev account has a unique identifier
You might have an enterprise and a production account with Apple:
- Team Rocket = BHKW85A12H
- Team Rocket (Ent) = A8WFE5231P

View Slide

Bundle ID
Each app should have it's own bundle ID in a reverse DNS format
Beta: com.yolo.ios.beta
AppStore: com.yolo.ios

View Slide

App ID
An app ID is composed of a team prefix followed by a bundle ID.
A8WFE5231P. com.yolo.ios.beta

View Slide

Device IDs
Each iOS device has a unique identifier
Used in provisioning profiles for whitelisting
(much wow. very device)

View Slide

Entitlements

View Slide

Entitlements
Which system resources an app is allowed to use, and under what
conditions.
Each entitlement has a default value, which in most cases disables
the capability associated with the entitlement.

View Slide

Entitlements examples
iCloud
Push notifications
get-task-allow (debug builds only)
Siri, ...

View Slide

Entitlements
Enable only resource access you need
This minimizes damage potential if malicious code exploits your app

View Slide

Entitlements
Plist format
Can be inspected from a compiled app

View Slide

$ codesign -d --entitlements :- Yolo.app
...
application-identifier
A8WFE5231P.com.yolo.ios.beta
get-task-allow

com.apple.developer.siri

...

View Slide

Provisioning Profiles

View Slide

When put together all these objects combine so that:
- This unique app (App ID)
- Can run on this restricted set of devices (UDIDs)
- With a set of permssions (Entitlements)
- With trust based on the signed Certificate.

View Slide

Not Before:
Sep 2 18:40:48 2016 GMT
Not After:
Sep 2 18:40:48 2017 GMT
4d:f7:2d:ce:67:2a:41:19:6a:ad:2d:d2:01:ad:45:97:b9:42:
c5:a5:6b:69:c0:1a:bd:28:a0:e1:6e:0d:23:2c:8c:99:42:6f:
70:87:aa:4e:1c:fd:b2:38:23:04:a4:04:a0:d1:36:bb:e6:d2:
Provisioning proﬁle
A8WFE5231P. com.yolo.ios.beta
Entitlements

keychain-access-groups

A8WFE5231P.*

get-task-allow


760FB38B-F7CA-4789-B4A2-78B6B37B2217 EXP. 2018-01-30T19:05:44Z
Yolo Beta

View Slide

Not a PLIST
Cryptographic Message Syntax (CMS), RFC 3852

View Slide

$ security cms -D -i Yolo.app/embedded.mobileprovision

AppIDName
XC com yolo ios beta
ApplicationIdentifierPrefix

A8WFE5231P

CreationDate
2017-01-30T19:05:44Z
Platform

iOS

View Slide

...
TeamName
Team Rocket (Ent)
TimeToLive
365
UUID
927br60c-h7ob-8362-g8l3-62ked01y0863
Version
1

View Slide

DeveloperCertificates

hyMfz10PxbEahZCVeZvoXbRU7sUOhb1WpKxd6pl1UxSfG/
pm4kg1ABVBPTWy9ykk6UNh5xgEKdKQbkHGanfFCqmGwiDWDxxZWDhdO
vd108Hjbr162Kg45XRWLWqZAY6XgsmI10BikHkM1077TpShJSBqH76rYeGuV
sp7rTO6HKm+CSKxVsYhq10yM1Gf4vqHODNxTOPwwueenOWa+ThGiexIRN
EpNFb3Hn792gFlUqRNrv373EgR
...ommitted...
gIze2hoxtLn5JPOlkCDOp4mUgitmjOnAgcrojnB4qMbEA10emTYbI3bAR1IKb
Rger5i8H8iSDi10ggbs27KINCp10F98rfa5ErKCKcPOKmvmax7E5P8PF79cZH
uZe/7idS4SEJ10X6HiY7GznHWJg+Y928GBlQBhu8cikTO5nw44JTILe1/S2==

View Slide

...
Entitlements

get-task-allow

application-identifier

...

View Slide

Signing Code

View Slide

Signing Code
After building is done, signing is performed
All the individual components of the app are signed
Signing all sorts of code, including tools, applications, scripts,
libraries, plug-ins, ...

View Slide

Signing Code
Code signature consists of three parts:
- A seal
- A digital signature
- Code requirements

View Slide

Seal
- A seal
- Code requirements
abc1234
badf00d
asd23f

View Slide

Signing Code
- A seal
- Code requirements
abc1234
badf00d
asd23f
+ --------->

View Slide

Signing Code
- A seal
- Code requirements

View Slide

Signature
Signed code may contain several different digital signatures
If the code is universal, the object code for each slice (arch) is signed
separately. This signature is stored within the binary file itself

View Slide

Signature
Various data components signed in _CodeSignature/CodeResources
- Bundle contents (e.g. Info.plist, sounds, images)
- Nested code, libraries, tools

View Slide

$ vi _CodeSignature/CodeResources
AppIcon-Dev29x29~ipad.png

uz2wfiTTUrftvAmfLV9iVgc210sO=

[email protected]

QBsZgAb7ostVQ10hvWLNfYmP7ECq=

View Slide

Verifying Signatures

View Slide

Verifying
Verifying software computes the same set of hashes across the
various blocks of code and data
Public key from cert used to decrypt hashes -> original hashes
If the two hashes match, the signature is valid

View Slide

$ codesign -vvvv Lyft.app
Lyft.app: valid on disk
Lyft.app: satisfies its Designated Requirement
$ echo yolo >> Lyft.app/yolo
$ codesign -vvv --verify Lyft.app
Lyft.app: a sealed resource is missing or invalid
file added: /Users/marinusalj/Downloads/Payload/
Lyft.app/yolo

View Slide

$ echo "wat" >> Lyft.app/yolo # adding a random file
$ codesign -vvv --verify Lyft.app
Lyft.app/yolo

View Slide

$ echo "wat" >> Lyft.app/yolo # adding a random file
Lyft.app/yolo

View Slide

tl;dr;

View Slide

  
Archiving is
broken!

View Slide

  
Try now, I've fixed provisioning
profiles

View Slide

  

View Slide

  
...

View Slide

  
㿄

View Slide

... 3 hours later

View Slide


View Slide


Generated by

View Slide


Needed for code signing
Stored only on this Mac

View Slide

tl;dr;
Always know which machine generated the PKs
Store certs with keys encrypted in .p12 files
Private key is needed for signing!

View Slide

tl;dr;
Codesign is deterministic, xcodebuild phones home
Unpack .p12 yourself on CI instead of relying on developer.apple.com
Try debugging systematically step by step instead of brute forcing

View Slide

References
newosxbook.com/articles/CodeSigning.pdf
https://wiki.cacert.org/ConvertingPgpKeyToCertificate
https://en.wikipedia.org/wiki/Certificate_signing_request
https://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One#Example_encoded_in_DER
https://developer.apple.com/support/certificates
https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html
https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-
csrs
https://www.raywenderlich.com/2915/ios-code-signing-under-the-hood
https://developer.apple.com/library/content/technotes/tn2206/_index.html#/apple_ref/doc/uid/DTS40007919-CH1-TNTAG207
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/
LaunchingYourApponDevices/LaunchingYourApponDevices.html#//apple_ref/doc/uid/TP40012582-CH27-SW4
https://www.objc.io/issues/17-security/inside-code-signing/
https://developer.apple.com/library/content/qa/qa1798/_index.html
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/
MaintainingCertificates/MaintainingCertificates.html

View Slide

Thanks
PLAYGROUNDS, LYFT

View Slide

@supermarin
supermar.in
Marin Usalj

View Slide

Code signing on iOS/OSX

Code signing on iOS/OSX

Marin Usalj

More Decks by Marin Usalj

Other Decks in Education

Featured

Transcript