bughz
/
TrollStore
mirror of https://github.com/opa334/TrollStore.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

WIP signing improvements, don't seem to be fixing the issue I was trying to fix

This commit is contained in:
opa334 2023-11-28 02:27:12 +01:00
parent f73642d37a
commit fd2f266121
2 changed files with 52 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Exploits/fastPathSign/src/main.m
View File

@ -64,10 +64,7 @@ int main(int argc, char *argv[]) {
} }
} }
char *machoPath = extract_preferred_slice(input); int r = codesign_sign_adhoc(input, true, customEntitlements);
printf("Extracted best slice to %s\n", machoPath);
int r = codesign_sign_adhoc(machoPath, true, customEntitlements);
if (r != 0) { if (r != 0) {
printf("Failed adhoc signing (%d) Continuing anyways...\n", r); printf("Failed adhoc signing (%d) Continuing anyways...\n", r);
} }
@ -75,6 +72,9 @@ int main(int argc, char *argv[]) {
printf("AdHoc signed file!\n"); printf("AdHoc signed file!\n");
} }
char *machoPath = extract_preferred_slice(input);
printf("Extracted best slice to %s\n", machoPath);
printf("Applying CoreTrust bypass...\n"); printf("Applying CoreTrust bypass...\n");
if (apply_coretrust_bypass(machoPath) != 0) { if (apply_coretrust_bypass(machoPath) != 0) {

83
RootHelper/main.m
View File

@ -562,16 +562,27 @@ int signApp(NSString* appPath)
NSLog(@"[signApp] failed to get static code, can't derive entitlements from %@, continuing anways...", mainExecutablePath); NSLog(@"[signApp] failed to get static code, can't derive entitlements from %@, continuing anways...", mainExecutablePath);
}*/ }*/
NSURL* fileURL; int (^signFile)(NSString *, NSDictionary *) = ^(NSString *filePath, NSDictionary *entitlements) {
NSDirectoryEnumerator *enumerator = [[NSFileManager defaultManager] enumeratorAtURL:[NSURL fileURLWithPath:appPath] includingPropertiesForKeys:nil options:0 errorHandler:nil];
while(fileURL = [enumerator nextObject])
{
NSString *filePath = fileURL.path;
NSLog(@"Checking %@", filePath); NSLog(@"Checking %@", filePath);
FAT *fat = fat_init_from_path(filePath.fileSystemRepresentation); FAT *fat = fat_init_from_path(filePath.fileSystemRepresentation);
if (fat) { if (fat) {
NSLog(@"%@ is binary", filePath); NSLog(@"%@ is binary", filePath);
// This is FAT or MachO, sign and apply CoreTrust bypass fat_free(fat);
// First attempt ad hoc signing
int r = signAdhoc(filePath, entitlements);
if (r != 0) {
// If it doesn't work it's not a big deal, that usually happens when the binary had the bypass applied already (Don't ask me why)
NSLog(@"[%@] Adhoc signing failed with error code %d, continuing anyways...\n", filePath, r);
}
else {
NSLog(@"[%@] Adhoc signing worked!\n", filePath);
}
fat = fat_init_from_path(filePath.fileSystemRepresentation);
if (!fat) return 175; // This should never happen, if it does then everything is fucked
// Now apply CoreTrust bypass to best slice
MachO *machoForExtraction = fat_find_preferred_slice(fat); MachO *machoForExtraction = fat_find_preferred_slice(fat);
if (machoForExtraction) { if (machoForExtraction) {
NSString *tmpPath = [NSTemporaryDirectory() stringByAppendingPathComponent:[NSUUID UUID].UUIDString]; NSString *tmpPath = [NSTemporaryDirectory() stringByAppendingPathComponent:[NSUUID UUID].UUIDString];
@ -585,34 +596,6 @@ int signApp(NSString* appPath)
NSLog(@"[%@] Adhoc signing...", filePath); NSLog(@"[%@] Adhoc signing...", filePath);
NSDictionary *entitlementsToUse = nil;
if (isSameFile(filePath, mainExecutablePath)) {
// In the case where the main executable currently has no entitlements at all
// We want to ensure it gets signed with fallback entitlements
// These mimic the entitlements that Xcodes gives every app it signs
NSDictionary* mainExecutableEntitlements = dumpEntitlementsFromBinaryAtPath(filePath);
if (!mainExecutableEntitlements) {
entitlementsToUse = @{
@"application-identifier" : @"TROLLTROLL.*",
@"com.apple.developer.team-identifier" : @"TROLLTROLL",
@"get-task-allow" : (__bridge id)kCFBooleanTrue,
@"keychain-access-groups" : @[
@"TROLLTROLL.*",
@"com.apple.token"
],
};
}
}
// First attempt ad hoc signing
int r = signAdhoc(tmpPath, entitlementsToUse);
if (r != 0) {
NSLog(@"[%@] Adhoc signing failed with error code %d, continuing anyways...\n", filePath, r);
}
else {
NSLog(@"[%@] Adhoc signing worked!\n", filePath);
}
NSLog(@"[%@] Applying CoreTrust bypass...", filePath); NSLog(@"[%@] Applying CoreTrust bypass...", filePath);
r = apply_coretrust_bypass(tmpPath.fileSystemRepresentation); r = apply_coretrust_bypass(tmpPath.fileSystemRepresentation);
if (r == 0) { if (r == 0) {
@ -631,9 +614,39 @@ int signApp(NSString* appPath)
} }
fat_free(fat); fat_free(fat);
} }
return 0;
};
NSURL* fileURL;
NSDirectoryEnumerator *enumerator = [[NSFileManager defaultManager] enumeratorAtURL:[NSURL fileURLWithPath:appPath] includingPropertiesForKeys:nil options:0 errorHandler:nil];
while(fileURL = [enumerator nextObject])
{
NSString *filePath = fileURL.path;
if (isSameFile(filePath, mainExecutablePath)) {
// Skip main executable, we will sign it at the end
continue;
}
int r = signFile(filePath, nil);
if (r != 0) return r;
} }
return 0; // In the case where the main executable currently has no entitlements at all
// We want to ensure it gets signed with fallback entitlements
// These mimic the entitlements that Xcodes gives every app it signs
NSDictionary *entitlementsToUse = nil;
NSDictionary* mainExecutableEntitlements = dumpEntitlementsFromBinaryAtPath(mainExecutablePath);
if (!mainExecutableEntitlements) {
entitlementsToUse = @{
@"application-identifier" : @"TROLLTROLL.*",
@"com.apple.developer.team-identifier" : @"TROLLTROLL",
@"get-task-allow" : (__bridge id)kCFBooleanTrue,
@"keychain-access-groups" : @[
@"TROLLTROLL.*",
@"com.apple.token"
],
};
}
return signFile(mainExecutablePath, entitlementsToUse);
} }
#endif #endif