Jump to content

Tool to remove Apple Code Signatures from binaries

Apple Code Signature Hack

  • Please log in to reply
24 replies to this topic

#1
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

This tool allows you to remove code signatures from binaries.

 

Proof of concept:

 

EDIT: New version with support to remove code signing DRS (this checks frameworks and libraries signatures when set).

Attached Files



#2
Smith@@™

Smith@@™

    InsanelyMac LOL

  • Retired
  • 2,928 posts
  • Gender:Male
  • Location:Somewhere over the rainbow...ITALIA!
  • Interests:Dark matter and dark energy. E basta. HD3000. E basta.

It works good. Thank you.



#3
Phil511

Phil511

    InsanelyMac Protégé

  • Members
  • PipPip
  • 63 posts
  • Gender:Male
  • Location:USA

Would Apple signatures from binaries allows you to update all your software in Mavericks?



#4
iFIRE

iFIRE

    InsanelyMacaholic

  • Banned
  • PipPipPipPipPipPipPipPipPipPipPip
  • 3,807 posts
  • Gender:Male
  • Location:Bcn-Spain

yes, we can :D , go DEVs, go,

 

thanks Andy!!!!!



#5
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

Would Apple signatures from binaries allows you to update all your software in Mavericks?

Removing code signatures has nothing to do with updates.
If it is an app you can update it if it is in your app store account.
Otherwise (system itself) you can update it anyway

#6
C.Frio

C.Frio

    InsanelyMac Legend

  • Pandora Team
  • 1,170 posts
  • Gender:Male
  • Location:Cabo frio - Brasil

hi..

sorry the stupid question..but how do I use it....(3 times a day with water?) :lol:

c.frio

 

edit..I got..yet..tks



#7
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

New version with DRS removal support...

Enjoy :D



#8
eʍwe

eʍwe

    InsanelyMac Protégé

  • Members
  • PipPip
  • 62 posts
  • Gender:Male
  • Location:Jongen
  • Interests:Respect to the others

Hai Andy, im noobs, what the function of this apps..?
to make all loaded kext(not verify) to be verify by apple certificate?! :rolleyes:



#9
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

v

Hai Andy, im noobs, what the function of this apps..?
to make all loaded kext(not verify) to be verify by apple certificate?! :rolleyes:

no for that you need to sign the binary/bundle with an Apple dev certificate
this does the reverse.
binaries signed you can unsign (for example when you need to change the plist or modify the binary)

#10
Onixs

Onixs

    Since 2007

  • Members
  • PipPipPipPipPipPipPip
  • 779 posts
  • Gender:Male

no for that you need to sign the binary/bundle with an Apple dev certificate
this does the reverse.
binaries signed you can unsign (for example when you need to change the plist or modify the binary)

why would you need to unsign if you edit the plist or binary? 

do we also need to codesign it back after editing?

sorry, im not getting it :(



#11
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

why would you need to unsign if you edit the plist or binary?
do we also need to codesign it back after editing?
sorry, im not getting it :(

if you edit the plist or binary from a signed app bundle the app will crash. removing all the code sigs will make the app work.
especially for store apps this is useful. you can hack anybody's apps by removing masreceipt and codesignature folders combined with binary code signature removal.
I tested this...

#12
Onixs

Onixs

    Since 2007

  • Members
  • PipPipPipPipPipPipPip
  • 779 posts
  • Gender:Male

if you edit the plist or binary from a signed app bundle the app will crash. removing all the code sigs will make the app work.
especially for store apps this is useful. you can hack anybody's apps by removing masreceipt and codesignature folders combined with binary code signature removal.
I tested this.

Thanks for the explanation, Understood! :)

Lastly, Do we need to codesign -f -s - "xxxx" after editng it?



#13
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

Thanks for the explanation, Understood! :)
Lastly, Do we need to codesign -f -s - "xxxx" after editng it?

resigning after code signature removal doesn't work yet.
this will be adressed in the next version (better binary patching)

#14
20100

20100

    InsanelyMac Protégé

  • Members
  • Pip
  • 2 posts

nice stuff I made some try but i m still annoyed with sandbox/ entitlements :

 

"XPC domain creation failed: Process is not in an inherited sandbox."

 

any idea how to remove sandboxing from an app ?



#15
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

nice stuff I made some try but i m still annoyed with sandbox/ entitlements :

"XPC domain creation failed: Process is not in an inherited sandbox."

any idea how to remove sandboxing from an app ?

Yes I do.
I'll create an app for it soon.

#16
20100

20100

    InsanelyMac Protégé

  • Members
  • Pip
  • 2 posts

really nice, can't wait to see you work.

 

In the meantime i find my problem : the first binary i striped was calling a second binary in the bundle which have the same name. I striped the second one and got no problem.

 

great tool !!

 

another question: could you point me to some informations about DRS ? 



#17
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

really nice, can't wait to see you work.

In the meantime i find my problem : the first binary i striped was calling a second binary in the bundle which have the same name. I striped the second one and got no problem.

great tool !!

another question: could you point me to some informations about DRS ?

Drs simply checks a number of frameworks and libraries their code signature on load

#18
shilohhh

shilohhh

    InsanelyMac Protégé

  • Members
  • PipPip
  • 88 posts
  • Gender:Male
  • Location:Texas
I added your tool to a applescript app I created that patches the OpenCL framework and prevents GPUs from using OpenCL. May I have your permission to share this app with others?

Also, Can you create a tool or patch that would completely disable all code sign checkin at all times?

http://reverse.put.a...ons-with-a-nop/

#19
Andy Vandijck

Andy Vandijck

    InsanelyMac Deity

  • Coders
  • 1,630 posts
  • Gender:Male
  • Location:Tienen
  • Interests:Programming stuff for Mac OS X...
    Hacking...
    Hard rock (also really big Metallica...

I added your tool to a applescript app I created that patches the OpenCL framework and prevents GPUs from using OpenCL. May I have your permission to share this app with others?

Also, Can you create a tool or patch that would completely disable all code sign checkin at all times?

http://reverse.put.a...ons-with-a-nop/

1. Sure go ahead.
2. Fully disabling code sign checking needs a kernel patch as well as some other which I haven't found yet. Need time...

#20
joe75

joe75

    Renegade

  • Retired
  • 2,253 posts
  • Gender:Male
  • Location:Rochester, NY

AnV FTW!

 

:pirate:







Also tagged with one or more of these keywords: Apple, Code Signature, Hack

  Topic Stats Last Post Info

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy