Inside iOS: Codesign

[IMG]

Jailbreaking has been taken for granted for the longest time. However, there is one thing that jailbreakers have never gotten around, the codesign. The idea of a signature is nothing new. In the most simplest of terms, it’s simply an identity that you add to a program to give information on who made it, and to ensure nothing has been tampered with after things are final. However, it goes so much deeper than that.

What is a signature

Like a regular written signature, a signature attached to a program allows you to be identified. However, Apple’s signature not only identifies the developer of a given application, it goes further to also give information about the person who purchased it. It is essentially a part of an app that is read before it’s run.

Why is there a signature

This is one of the main defenses of Apple’s to ensure a few things are certain before an app is run:

  1. It’s official. This is, first and foremost, important to Apple as it allows the device to verify that the app is officially and won’t be malicious.
  2. It’s purchased. Inside the code-signature is an addition after purchasing. This holds the information of the purchaser. Many checks are put in place here as well to ensure that the app was purchased appropriately. Apps will not install correctly if this part of the signature is not met.
  3. Stop outside competition. This may seem crazy, but in reality, it really isn’t. Apple wants to stop outside sources from releasing apps. The App Store, after all, is still a business. So by requiring these signatures, they will stop other stores from being able to install apps on their iDevices.

How does it work

There are numerous areas where signatures are checked to ensure they are official and safe. The first one exists in iTunes. Upon installation, iTunes itself will do a check on the signature to ensure that the app was purchased by the device owner. If the check matches out, it will install. The signature process is part of the DRM process.

However, the second check goes on after installation; on the iDevice itself. The iDevice will simply check to ensure the app is signed. It will not do any checks to ensure the app is purchased since the stock apps do not have this additional signature on them. Once the check is completed, the app will boot up.

Why is this a problem

This is a problem that arises for jailbreakers. Apple’s checks for the codesignature before an app boots is done in multiple places. It’s not just one, and it’s sporadically done. Even if we do figure out where the checks are and patch them, it’s no guarantee that Apple won’t change the check locations in the future. So it’s best to get around this problem another way.

How do you get around the problem

Just like you can sign off a credit card purchase with a batman and superman symbol (true story by the way), you can sign off an app in a similar fashion, as long as it’s in the right place with the appropriate requirements. The signature doesn’t even require an Apple developer’s license. Saurik, the developer behind Cydia offers three ways to get around the problem, two of which require you to sign yourself.

  • The first way requires you to get a signing identity from Apple’s developer website. This doesn’t require the hundred big ones, but does require a dev account. With this method, you will be using Apples stock signing tool to sign the app. The app can be signed using the following commands after you have everything setup:
mac$ platform=/Developer/Platforms/iPhoneOS.platform
mac$ allocate=${platform}/Developer/usr/bin/codesign_allocate
mac$ export CODESIGN_ALLOCATE=${allocate}
mac$ codesign -fs “Name” Program
mac$ scp Program mobile@iphone:
  • The second way deals with a fake signature. Similar to the batman and superman symbols, you can create a fake signature to get around the system. Cydia offers a package for this called ldid (that is an l as in lettuce). Once installed, you can either SSH into your iDevice or use a mobile Terminal app to relinquish the following commands:
iphone$ ldid -S Program
   The command is simple, but powerful as it will allow your app to run.
  • The third way is probably the one the one that seems like, “no duh, we should do this instead of the signing crap!” However, it isn’t that simple. The third method of getting around the signatures is to turn them off. Seems simple enough, and a few commands will get you there; you’ll never have to sign another document again.Why wouldn’t you want to do this? Well, it’s simple, it causes problems with a few things… The biggest is the loss of Wi-Fi connectivity. We really don’t want to lose that ability, so I’m not even going to show you how to do this one. Just stick to the beautiful batman and superman symbols.

Writer’s note: I haven’t actually been able to test any of these methods myself, but I assure they work. If they didn’t, we would have no tweaks, no apps, no nothing.

Source: http://www.saurik.com/id/8

Post a response / What do you think?