Jump to content

Tool to remove Apple Code Signatures from binaries


28 posts in this topic

Recommended Posts

This tool allows you to remove code signatures from binaries.

 

Proof of concept:

 

EDIT: New version with support to remove code signing DRS (this checks frameworks and libraries signatures when set).

stripcodesig.zip

  • 2 weeks later...

Would Apple signatures from binaries allows you to update all your software in Mavericks?

Removing code signatures has nothing to do with updates.

If it is an app you can update it if it is in your app store account.

Otherwise (system itself) you can update it anyway

  • 3 months later...

New version with DRS removal support...

Enjoy :D

  • 3 weeks later...

v

 

Hai Andy, im noobs, what the function of this apps..?

to make all loaded kext(not verify) to be verify by apple certificate?! :rolleyes:

no for that you need to sign the binary/bundle with an Apple dev certificate

this does the reverse.

binaries signed you can unsign (for example when you need to change the plist or modify the binary)

no for that you need to sign the binary/bundle with an Apple dev certificate

this does the reverse.

binaries signed you can unsign (for example when you need to change the plist or modify the binary)

why would you need to unsign if you edit the plist or binary? 

do we also need to codesign it back after editing?

sorry, im not getting it :(

why would you need to unsign if you edit the plist or binary?

do we also need to codesign it back after editing?

sorry, im not getting it :(

if you edit the plist or binary from a signed app bundle the app will crash. removing all the code sigs will make the app work.

especially for store apps this is useful. you can hack anybody's apps by removing masreceipt and codesignature folders combined with binary code signature removal.

I tested this...

if you edit the plist or binary from a signed app bundle the app will crash. removing all the code sigs will make the app work.

especially for store apps this is useful. you can hack anybody's apps by removing masreceipt and codesignature folders combined with binary code signature removal.

I tested this.

Thanks for the explanation, Understood! :)

Lastly, Do we need to codesign -f -s - "xxxx" after editng it?

Thanks for the explanation, Understood! :)

Lastly, Do we need to codesign -f -s - "xxxx" after editng it?

resigning after code signature removal doesn't work yet.

this will be adressed in the next version (better binary patching)

  • 4 weeks later...

nice stuff I made some try but i m still annoyed with sandbox/ entitlements :

 

"XPC domain creation failed: Process is not in an inherited sandbox."

 

any idea how to remove sandboxing from an app ?

Yes I do.

I'll create an app for it soon.

really nice, can't wait to see you work.

 

In the meantime i find my problem : the first binary i striped was calling a second binary in the bundle which have the same name. I striped the second one and got no problem.

 

great tool !!

 

another question: could you point me to some informations about DRS ? 

really nice, can't wait to see you work.

 

In the meantime i find my problem : the first binary i striped was calling a second binary in the bundle which have the same name. I striped the second one and got no problem.

 

great tool !!

 

another question: could you point me to some informations about DRS ?

Drs simply checks a number of frameworks and libraries their code signature on load
  • 2 weeks later...

I added your tool to a applescript app I created that patches the OpenCL framework and prevents GPUs from using OpenCL. May I have your permission to share this app with others?

 

Also, Can you create a tool or patch that would completely disable all code sign checkin at all times?

 

http://reverse.put.as/2013/11/23/breaking-os-x-signed-kernel-extensions-with-a-nop/

I added your tool to a applescript app I created that patches the OpenCL framework and prevents GPUs from using OpenCL. May I have your permission to share this app with others?

 

Also, Can you create a tool or patch that would completely disable all code sign checkin at all times?

 

http://reverse.put.as/2013/11/23/breaking-os-x-signed-kernel-extensions-with-a-nop/

1. Sure go ahead.

2. Fully disabling code sign checking needs a kernel patch as well as some other which I haven't found yet. Need time...

Cool tool.

I study the code, it removed sign related command and data from mach-o.

I'm wondering why the binary can't be signed with another certification now?

Look forward for your update.

I'm still checking why.

It just doesn't want to resign afterwards.

Probably needs to be realigned and sizes adjusted.

  • 4 months later...

Hi Andy,

 

Probably a silly question but can this be run on a intel i7 based mac? if not what needs to be changed to enable it to run?

 

Thanks for the help and sorry if its a dumb Question but I've been playing around with it and havent been able to get it to run as im on a i7 mac and keep getting this error:

 

d: warning: ignoring file Makefile, file was built for unsupported file format ( 0x43 0x43 0x3D 0x67 0x63 0x63 0x0A 0x43 0x46 0x4C 0x41 0x47 0x53 0x3D 0x2D 0x61 ) which is not the architecture being linked (x86_64): Makefile

Undefined symbols for architecture x86_64:

  "_main", referenced from:

     implicit entry/start for main executable

ld: symbol(s) not found for architecture x86_64

clang: error: linker command failed with exit code 1 (use -v to see invocation)

  • 3 weeks later...
  • Allan pinned this topic
  • Allan featured and unpinned this topic
×
×
  • Create New...