mirror of
https://github.com/opa334/TrollStore.git
synced 2026-07-02 03:00:39 +08:00
TrollStore 2: First working POC :D
This commit is contained in:
@@ -1,3 +0,0 @@
|
||||
#include <stdbool.h>
|
||||
|
||||
int binary_sign_adhoc(const char *path, bool preserveMetadata);
|
||||
@@ -0,0 +1,4 @@
|
||||
#import <stdbool.h>
|
||||
#import <Foundation/Foundation.h>
|
||||
|
||||
int codesign_sign_adhoc(const char *path, bool preserveMetadata, NSDictionary *customEntitlements);
|
||||
@@ -89,7 +89,7 @@ extern const CFStringRef kSecCodeInfoResourceDirectory; /* Internal */
|
||||
}
|
||||
#endif
|
||||
|
||||
int binary_sign_adhoc(const char *path, bool preserveMetadata)
|
||||
int codesign_sign_adhoc(const char *path, bool preserveMetadata, NSDictionary *customEntitlements)
|
||||
{
|
||||
NSString *filePath = [NSString stringWithUTF8String:path];
|
||||
OSStatus status = 0;
|
||||
@@ -99,8 +99,31 @@ int binary_sign_adhoc(const char *path, bool preserveMetadata)
|
||||
SecIdentityRef identity = (SecIdentityRef)kCFNull;
|
||||
NSMutableDictionary* parameters = [[NSMutableDictionary alloc] init];
|
||||
parameters[(__bridge NSString*)kSecCodeSignerIdentity] = (__bridge id)identity;
|
||||
uint64_t preserveMetadataFlags = 0;
|
||||
if (preserveMetadata) {
|
||||
parameters[(__bridge NSString*)kSecCodeSignerPreserveMetadata] = @(kSecCSPreserveIdentifier | kSecCSPreserveRequirements | kSecCSPreserveEntitlements | kSecCSPreserveResourceRules);
|
||||
preserveMetadataFlags = (kSecCSPreserveIdentifier | kSecCSPreserveRequirements | kSecCSPreserveEntitlements | kSecCSPreserveResourceRules);
|
||||
if (!customEntitlements) {
|
||||
preserveMetadataFlags |= kSecCSPreserveEntitlements;
|
||||
}
|
||||
parameters[(__bridge NSString*)kSecCodeSignerPreserveMetadata] = @(preserveMetadataFlags);
|
||||
}
|
||||
|
||||
if (customEntitlements) {
|
||||
NSError *error;
|
||||
NSData *xmlData = [NSPropertyListSerialization dataWithPropertyList:customEntitlements format:NSPropertyListXMLFormat_v1_0 options:0 error:&error];
|
||||
if (!xmlData) {
|
||||
NSLog(@"Failed to encode entitlements: %@", error);
|
||||
return -1;
|
||||
}
|
||||
else {
|
||||
// Super easy to use API, definitely not busted...
|
||||
// Did I forget to mention it just segfaults if you don't add this prefix?
|
||||
uint32_t entitlementsData[xmlData.length+8];
|
||||
entitlementsData[0] = OSSwapHostToBigInt32(0xFADE7171);
|
||||
entitlementsData[1] = OSSwapHostToBigInt32(xmlData.length+8);
|
||||
[xmlData getBytes:&entitlementsData[2] length:xmlData.length];
|
||||
parameters[(__bridge NSString*)kSecCodeSignerEntitlements] = [NSData dataWithBytes:entitlementsData length:xmlData.length+8];
|
||||
}
|
||||
}
|
||||
|
||||
SecCodeSignerRef signerRef;
|
||||
@@ -137,4 +160,9 @@ int binary_sign_adhoc(const char *path, bool preserveMetadata)
|
||||
}
|
||||
|
||||
return retval;
|
||||
}
|
||||
|
||||
NSDictionary *codesign_dump_entitlements(NSString *path)
|
||||
{
|
||||
return nil;
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
#include "adhoc.h"
|
||||
#include "codesign.h"
|
||||
#include "coretrust_bug.h"
|
||||
#include <choma/FAT.h>
|
||||
#include <choma/MachO.h>
|
||||
@@ -52,12 +52,22 @@ int apply_coretrust_bypass_wrapper(const char *inputPath, const char *outputPath
|
||||
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
if (argc != 2) return -1;
|
||||
if (argc < 2) return -1;
|
||||
|
||||
char *machoPath = extract_preferred_slice(argv[1]);
|
||||
char *input = argv[argc-1];
|
||||
|
||||
NSDictionary *customEntitlements = nil;
|
||||
if (argc == 4) {
|
||||
if (!strcmp(argv[1], "--entitlements")) {
|
||||
NSString *entitlementsPath = [NSString stringWithUTF8String:argv[2]];
|
||||
customEntitlements = [NSDictionary dictionaryWithContentsOfFile:entitlementsPath];
|
||||
}
|
||||
}
|
||||
|
||||
char *machoPath = extract_preferred_slice(input);
|
||||
printf("Extracted best slice to %s\n", machoPath);
|
||||
|
||||
int r = binary_sign_adhoc(machoPath, true);
|
||||
int r = codesign_sign_adhoc(machoPath, true, customEntitlements);
|
||||
if (r != 0) {
|
||||
printf("Failed adhoc signing (%d) Continuing anyways...\n", r);
|
||||
}
|
||||
@@ -72,8 +82,8 @@ int main(int argc, char *argv[]) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (copyfile(machoPath, argv[1], 0, COPYFILE_ALL | COPYFILE_MOVE | COPYFILE_UNLINK) == 0) {
|
||||
chmod(argv[1], 0755);
|
||||
if (copyfile(machoPath, input, 0, COPYFILE_ALL | COPYFILE_MOVE | COPYFILE_UNLINK) == 0) {
|
||||
chmod(input, 0755);
|
||||
printf("Applied CoreTrust Bypass!\n");
|
||||
}
|
||||
else {
|
||||
Reference in New Issue
Block a user