Principles of iOS application signing and re-signing technologies
January 31, 2024
by Anthony Peterson
No Comments
1. Application signature principle
(I) Code signature
Code signingIs performed on executable files or scriptsA digital signature. A measure used to confirm that software has not been modified or corrupted after being signed. The principle is the same as digital signature, but the data of signature is code.
1. Simple code signing
1. Apple officially generates a pair of asymmetrically encrypted public and private keys. The iOS system has a built-in public key, and the private key is saved by Apple in the background.
2. When the developer uploads the APP to AppStore, the Apple background signs the APP data with the private key (that is, Hash the APP data to get the Hash value, and then use the private key to encrypt the Hash value to “RSAHash”);
3. After downloading the APP, the iOS system verifies the signature with the public key. If the signature is correct, the APP must be authenticated by the Apple background and has not been modified, which meets Apple’s requirement: ensure that every APP installed is officially approved by Apple. (The public key decrypts “RSAHash” to obtain hash, and the hash of the application package using the same algorithm to obtain hash1 to verify whether the two hash values are the same.)
2. Apple’s actual demand
1. The installation package does not need to be uploaded to the App Store. It can be directly installed on the phone.
Real machine debugging and installation directly when developing APP
Enterprise internal distribution channels, enterprise certificate signing APP also need to be installed smoothly
2. In order to ensure the security of the system, Apple must have absolute control over the installed APP
Install with Apple’s permission
Cannot be abused to allow non-development apps to be installed
(2) Double-layer code signature
The complexity of iOS signatures has increased to meet some of Apple’s requirements for authenticating applicationsDouble signature.
This is not the final iOS signature, but the final iOS signature is a little bit more based on this. First of all, there are two roles, one is iOS system, and the other is our Mac system, because iOS APP development environment is under the Mac system, so this dependency has become the basis of Apple double-layer signature.
1. Apple has a fixed pair of public and private keys. Just like the principle of AppStore before, the private key is in the background of Apple and the public key is in each iOS system. This is called public key A, private key A; A pair of public/private keys that generate an asymmetric encryption algorithm on the Mac (your Xcode does it for you). Public key M and private key M; A=Apple M = Mac
2. Upload the public key M and some of your developer’s information to the Apple background (this is the CSR file);
3. Use the private key A in the Apple background to sign public key M. Get a piece of data that contains the public key M and its signature, and call this data a certificate.
4. During development, after compiling an APP, sign the APP with the local private key M(P12 you will export in the future), and package the certificate obtained in the third step into the APP and install it on the mobile phone;
5. During the installation, the iOS system obtains a certificate.
6. Use the built-in public key A to unsign the certificate to check whether the digital signature is correct.
7. Verify the certificate and ensure that the public key M is authenticated by Apple.
8. Then use the public key M to verify the signature of the APP, which indirectly verifies whether the installation of the APP is officially permitted by Apple. (This only verifies installation behavior, not whether the APP has been changed, since APP content is constantly changing during development and Apple doesn’t need to deal with it.)
(3) Description document
A Provisioning Profile typically consists of three things: certificates, Appids, and devices. Certificates are used to prove the security and validity of our programs when we run or package a project on a real machine.
To address the problem of app abuse, Apple has added two more restrictions.
Only devices registered in the Apple background can be installed.
The signature can only be created for a specific APP.
And Apple also wants to control the App inside iCloud/PUSH/ background run/debugging additional these Entitlements, so Apple call these permission switches uniform Entitlements(Entitlements file). And put it in a file called Provisioning Profile.
The description file is created on the AppleDevelop website (fill in the AppleID in Xcode and it will create it for you), and Xcode is packaged into the APP when it runs. So when we apply for a certificate using CSR, we also apply for one more thing!! That’s the description file!
At development time, after compiling a APP, with local private key M to signature of the APP, at the same time got from apple server Provisioning Profile file is packaged into the APP, a file called embedded. Mobileprovision, install the APP to mobile phones. Finally, the system is verified.
Second, apply re-signature
(I) CoDesign manual re-sign
Xocde provides a signing tool, CoDesign, that can be re-signed with a few commands.
Re-signature steps:
Preparation:
$codesign -vv -d WeChat. App View application signature information
$security find-identity -v -p coDesigning
$otool – l “file name” | grep cry to see whether the machO file encryption (cryptid 0/1)
1. Remove PlugIns and.app packages with PlugIns (e.g. Watch, PlugIns)
2. Re-sign the library in Frameworks
$Codesign — fs “Certificate String” file name forces replacement signature
3. Grant +x (executable) permissions to executable files
$Chmod +x executables add permissions to files
4. Add description file (new project, real machine compilation)
CMD + Shift + 2 install the. App package directly, then Attach to Process the running application to Xcode, dynamic debugging;
(2) re-signature by Xode
Re-signature steps:
1. Create a project with the same name, compile the. App package, and replace it with the. App package to be re-signed.
2. Remove PlugIns and.app packages with PlugIns (e.g. Watch, PlugIns)
3. Re-sign the library in Frameworks
$Codesign — fs “Certificate String” file name forces replacement signature
4. The project with the same name is successfully signed.
Note: 1. The project without the same name will not run the re-signed package content, machO file can not be arbitrarily modified, including the file name;
2. During breakpoint debugging, image List can view the current image list;
(3) SHELL script
The shell is a special interactive tool that provides users with a way to launch programs, manage files in the file system, and processes running on the system. A Shell generally refers to a command-line tool. It allows you to enter a text command, then interpret the command and execute it in the kernel.
A Shell script is a script file that uses various commands in a text file for one-time execution.
Script execution related files
$source FileName
Read and execute the command in FileName in the current shell environment
Features:
Command to force a script to immediately affect the current environment (typically used to load configuration files).
The command forces all commands in the script, regardless of file permissions.
$bash/zsh FileName
Create a subshell to execute the sentences in the script.
$./FileName
Read and execute commands from a file. However, the script file must have executable permissions.
(4) User group & file permissions
Unix and Linux are multi-user, multi-task systems, so the concept of users and groups is built into such systems. Then the same file permissions also have corresponding owning user and owning group.
1. Mac file attributes
2. File type and Permission
File type :(common)
[D] where is the directory?
[-] files
File permissions:
[r]:read [w]:write [x]:execute.
Note: the position of these three permissions will not change, which is RWX in turn, and the minus sign [-] appears in the corresponding position, indicating that there is no permission.
The full permissions of a file are divided into three groups:
Group 1: permissions of the file owner
Group 2: Permissions for other users in this group
Group 3: Permissions of users who are not in this group
3, change permission: chmod
To change file permissions, run the chmod command. There are two Settings:Number type changeandSymbol type change.
File permissions are classified into three identities: [user][group][other]
Three permissions :[read] [write] [execute]
1. Number type:
Compare each permission number: R :4 W :2 x:1
If a file has permissions of [– rwxr-xr-x]
User : 4+2+1 = 7
Group: 4+0+1 = 5
Other: 4+0+1 = 5
Command: chmod 755 File name
The corresponding permissions of various identities are calculated
2. The symbol type: chmod [u, g, o, a] [+ (join) / – (minus) / = (set)] [r, w, x] file name
