diff --git a/Exploits/fastPathSign/src/codesign.m b/Exploits/fastPathSign/src/codesign.m index 5d01c04..197a46a 100644 --- a/Exploits/fastPathSign/src/codesign.m +++ b/Exploits/fastPathSign/src/codesign.m @@ -161,8 +161,3 @@ int codesign_sign_adhoc(const char *path, bool preserveMetadata, NSDictionary *c return retval; } - -NSDictionary *codesign_dump_entitlements(NSString *path) -{ - return nil; -} \ No newline at end of file diff --git a/Makefile b/Makefile index 1b2b67c..bfe44e0 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,6 @@ make_trollhelper_embedded: @$(MAKE) -C ./TrollHelper FINALPACKAGE=1 EMBEDDED_ROOT_HELPER=1 $(MAKECMDGOALS) assemble_trollstore: - @cp cert.p12 ./TrollStore/.theos/obj/TrollStore.app/cert.p12 @cp ./RootHelper/.theos/obj/trollstorehelper ./TrollStore/.theos/obj/TrollStore.app/trollstorehelper @cp ./TrollHelper/.theos/obj/TrollStorePersistenceHelper.app/TrollStorePersistenceHelper ./TrollStore/.theos/obj/TrollStore.app/PersistenceHelper @export COPYFILE_DISABLE=1 diff --git a/RootHelper/main.m b/RootHelper/main.m index 4337fb6..aa42cc5 100644 --- a/RootHelper/main.m +++ b/RootHelper/main.m @@ -360,6 +360,15 @@ BOOL codeCertChainContainsFakeAppStoreExtensions(SecStaticCodeRef codeRef) return evaluatesToCustomAnchor; } +BOOL isSameFile(NSString *path1, NSString *path2) +{ + struct stat sb1; + struct stat sb2; + stat(path1.fileSystemRepresentation, &sb1); + stat(path2.fileSystemRepresentation, &sb2); + return sb1.st_ino == sb2.st_ino; +} + #ifdef EMBEDDED_ROOT_HELPER // The embedded root helper is not able to sign apps // But it does not need that functionality anyways @@ -373,10 +382,10 @@ int signApp(NSString* appPath) NSDictionary* appInfoDict = infoDictionaryForAppPath(appPath); if(!appInfoDict) return 172; - NSString* executablePath = appMainExecutablePathForAppPath(appPath); - if(!executablePath) return 176; + NSString* mainExecutablePath = appMainExecutablePathForAppPath(appPath); + if(!mainExecutablePath) return 176; - if(![[NSFileManager defaultManager] fileExistsAtPath:executablePath]) return 174; + if(![[NSFileManager defaultManager] fileExistsAtPath:mainExecutablePath]) return 174; NSObject *tsBundleIsPreSigned = appInfoDict[@"TSBundlePreSigned"]; if([tsBundleIsPreSigned isKindOfClass:[NSNumber class]]) @@ -385,13 +394,28 @@ int signApp(NSString* appPath) NSNumber *tsBundleIsPreSignedNum = (NSNumber *)tsBundleIsPreSigned; if([tsBundleIsPreSignedNum boolValue] == YES) { - NSLog(@"[signApp] taking fast path for app which declares it has already been signed (%@)", executablePath); + NSLog(@"[signApp] taking fast path for app which declares it has already been signed (%@)", mainExecutablePath); return 0; } } // XXX: There used to be a check here whether the main binary was already signed with bypass - // In that case it would skip signing aswell, no clue if that's still desirable + // In that case it would skip signing aswell, no clue if that's still needed + // With the new bypass adhoc signing should fail and reapplying the bypass should produce an identical binary + /*SecStaticCodeRef codeRef = getStaticCodeRef(mainExecutablePath); + if(codeRef != NULL) + { + if(codeCertChainContainsFakeAppStoreExtensions(codeRef)) + { + NSLog(@"[signApp] taking fast path for app signed using a custom root certificate (%@)", mainExecutablePath); + CFRelease(codeRef); + return 0; + } + } + else + { + NSLog(@"[signApp] failed to get static code, can't derive entitlements from %@, continuing anways...", mainExecutablePath); + }*/ NSURL* fileURL; NSDirectoryEnumerator *enumerator = [[NSFileManager defaultManager] enumeratorAtURL:[NSURL fileURLWithPath:appPath] includingPropertiesForKeys:nil options:0 errorHandler:nil]; @@ -416,8 +440,27 @@ int signApp(NSString* appPath) NSLog(@"[%@] Adhoc signing...", filePath); + NSDictionary *entitlementsToUse = nil; + if (isSameFile(filePath, mainExecutablePath)) { + // In the case where the main executable currently has no entitlements at all + // We want to ensure it gets signed with fallback entitlements + // These mimic the entitlements that Xcodes gives every app it signs + NSDictionary* mainExecutableEntitlements = dumpEntitlementsFromBinaryAtPath(filePath); + if (!mainExecutableEntitlements) { + entitlementsToUse = @{ + @"application-identifier" : @"TROLLTROLL.*", + @"com.apple.developer.team-identifier" : @"TROLLTROLL", + @"get-task-allow" : (__bridge id)kCFBooleanTrue, + @"keychain-access-groups" : @[ + @"TROLLTROLL.*", + @"com.apple.token" + ], + }; + } + } + // First attempt ad hoc signing - int r = codesign_sign_adhoc(tmpPath.fileSystemRepresentation, true, nil); + int r = codesign_sign_adhoc(tmpPath.fileSystemRepresentation, true, entitlementsToUse); if (r != 0) { NSLog(@"[%@] Adhoc signing failed with error code %d, continuing anyways...\n", filePath, r); } @@ -445,20 +488,6 @@ int signApp(NSString* appPath) } } - /*SecStaticCodeRef codeRef = getStaticCodeRef(executablePath); - if(codeRef != NULL) - { - if(codeCertChainContainsFakeAppStoreExtensions(codeRef)) - { - NSLog(@"[signApp] taking fast path for app signed using a custom root certificate (%@)", executablePath); - CFRelease(codeRef); - return 0; - } - } - else - { - NSLog(@"[signApp] failed to get static code, can't derive entitlements from %@, continuing anways...", executablePath); - }*/ return 0; } #endif diff --git a/TrollStore/Resources/fallback.entitlements b/TrollStore/Resources/fallback.entitlements deleted file mode 100644 index 2bdf115..0000000 --- a/TrollStore/Resources/fallback.entitlements +++ /dev/null @@ -1,17 +0,0 @@ - - - - - application-identifier - TROLLTROLL.* - com.apple.developer.team-identifier - TROLLTROLL - get-task-allow - - keychain-access-groups - - TROLLTROLL.* - com.apple.token - - - \ No newline at end of file