From d560351eb7ab17912336aef8399204b2a7090864 Mon Sep 17 00:00:00 2001 From: Sam Bingner Date: Sat, 29 Dec 2018 11:40:13 -1000 Subject: Add a cdHashFor function --- Makefile | 2 +- inject.h | 1 + inject.m | 101 ++++++++++++++++++++++++++++++++++----------------------------- 3 files changed, 56 insertions(+), 48 deletions(-) diff --git a/Makefile b/Makefile index 4d63026..c0b693e 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ ARCHS ?= arm64 -target ?= iphone:11.0:11.0 +target ?= iphone:latest:11.0 CFLAGS = -Iinclude include $(THEOS)/makefiles/common.mk diff --git a/inject.h b/inject.h index f5429e3..613a950 100644 --- a/inject.h +++ b/inject.h @@ -10,6 +10,7 @@ #define _INJECT_H_ #include +NSString *cdhashFor(NSString *file); int injectTrustCache(NSArray *files, uint64_t trust_chain); #endif diff --git a/inject.m b/inject.m index b7a073d..b835963 100644 --- a/inject.m +++ b/inject.m @@ -31,11 +31,15 @@ extern NSString *kMISValidationOptionUniversalFileOffset; extern NSString *kMISValidationOptionAllowAdHocSigning; extern NSString *kMISValidationOptionOnlineAuthorization; -enum { +enum cdHashType { cdHashTypeSHA1 = 1, cdHashTypeSHA256 = 2 }; +static char *cdHashName[3] = {NULL, "SHA1", "SHA256"}; + +static enum cdHashType requiredHash = cdHashTypeSHA256; + #define TRUST_CDHASH_LEN (20) struct trust_mem { @@ -56,6 +60,49 @@ bool check_amfi(NSString *path) { return MISValidateSignatureAndCopyInfo(path, @{kMISValidationOptionAllowAdHocSigning: @YES, kMISValidationOptionRespectUppTrustAndAuthorization: @YES}, NULL) == 0; } +NSString *cdhashFor(NSString *file) { + NSString *cdhash = nil; + SecStaticCodeRef staticCode; + OSStatus result = SecStaticCodeCreateWithPathAndAttributes(CFURLCreateWithFileSystemPath(kCFAllocatorDefault, (CFStringRef)file, kCFURLPOSIXPathStyle, false), kSecCSDefaultFlags, NULL, &staticCode); + const char *filename = file.UTF8String; + if (result != errSecSuccess) { + if (_SecCopyErrorMessageString != NULL) { + CFStringRef error = _SecCopyErrorMessageString(result, NULL); + fprintf(stderr, "Unable to generate cdhash for %s: %s\n", filename, [(__bridge id)error UTF8String]); + CFRelease(error); + } else { + fprintf(stderr, "Unable to generate cdhash for %s: %d\n", filename, result); + } + return nil; + } + + CFDictionaryRef cfinfo; + result = SecCodeCopySigningInformation(staticCode, kSecCSDefaultFlags, &cfinfo); + NSDictionary *info = CFBridgingRelease(cfinfo); + CFRelease(staticCode); + if (result != errSecSuccess) { + fprintf(stderr, "Unable to copy cdhash info for %s\n", filename); + return nil; + } + NSArray *cdhashes = info[@"cdhashes"]; + NSArray *algos = info[@"digest-algorithms"]; + NSUInteger algoIndex = [algos indexOfObject:@(requiredHash)]; + + if (cdhashes == nil) { + printf("%s: no cdhashes\n", filename); + } else if (algos == nil) { + printf("%s: no algos\n", filename); + } else if (algoIndex == NSNotFound) { + printf("%s: does not have %s hash\n", cdHashName[requiredHash], filename); + } else { + cdhash = [cdhashes objectAtIndex:algoIndex]; + if (cdhash == nil) { + printf("%s: missing %s cdhash entry\n", file.UTF8String, cdHashName[requiredHash]); + } + } + return cdhash; +} + NSArray *filteredHashes(uint64_t trust_chain, NSDictionary *hashes) { #if !__has_feature(objc_arc) NSArray *result; @@ -113,58 +160,18 @@ int injectTrustCache(NSArray *files, uint64_t trust_chain) { *(uint64_t *)&mem.uuid[0] = 0xabadbabeabadbabe; *(uint64_t *)&mem.uuid[8] = 0xabadbabeabadbabe; NSMutableDictionary *hashes = [NSMutableDictionary new]; - SecStaticCodeRef staticCode; - CFDictionaryRef cfinfo; int errors=0; for (NSString *file in files) { - OSStatus result = SecStaticCodeCreateWithPathAndAttributes(CFURLCreateWithFileSystemPath(kCFAllocatorDefault, (CFStringRef)file, kCFURLPOSIXPathStyle, false), kSecCSDefaultFlags, NULL, &staticCode); - const char *filename = file.UTF8String; - if (result != errSecSuccess) { - if (_SecCopyErrorMessageString != NULL) { - CFStringRef error = _SecCopyErrorMessageString(result, NULL); - fprintf(stderr, "Unable to generate cdhash for %s: %s\n", filename, [(__bridge id)error UTF8String]); - CFRelease(error); - } else { - fprintf(stderr, "Unable to generate cdhash for %s: %d\n", filename, result); - } - errors++; - continue; - } - - - result = SecCodeCopySigningInformation(staticCode, kSecCSDefaultFlags, &cfinfo); - NSDictionary *info = CFBridgingRelease(cfinfo); - CFRelease(staticCode); - if (result != errSecSuccess) { - fprintf(stderr, "Unable to copy cdhash info for %s\n", filename); - continue; - } - NSArray *cdhashes = info[@"cdhashes"]; - NSArray *algos = info[@"digest-algorithms"]; - NSUInteger algoIndex = [algos indexOfObject:@(cdHashTypeSHA256)]; - - if (cdhashes == nil) { - printf("%s: no cdhashes\n", filename); - errors++; - } else if (algos == nil) { - printf("%s: no algos\n", filename); - errors++; - } else if (algoIndex == NSNotFound) { - printf("%s: does not have SHA256 hash\n", filename); + NSString *cdhash = cdhashFor(file); + if (cdhash == nil) { errors++; } else { - NSData *cdhash = [cdhashes objectAtIndex:algoIndex]; - if (cdhash != nil) { - if (hashes[cdhash] == nil) { - printf("%s: OK\n", filename); - hashes[cdhash] = file; - } else { - printf("%s: same as %s (ignoring)", filename, [hashes[cdhash] UTF8String]); - } + if (hashes[cdhash] == nil) { + printf("%s: OK\n", file.UTF8String); + hashes[cdhash] = file; } else { - printf("%s: missing SHA256 cdhash entry\n", filename); - errors++; + printf("%s: same as %s (ignoring)", file.UTF8String, [hashes[cdhash] UTF8String]); } } } -- cgit v1.2.3