Extract reallocation/signature to helper function.

[ldid.git] / ldid.cpp
diff --git a/ldid.cpp b/ldid.cpp

index 8445315db50faee25cfadd604f03525bd7f80b20..e800dfee50c2b94586d2dece222c9fd0189ec175 100644 (file)
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -1,54 +1,40 @@
-/* JocStrap - Java/Objective-C Bootstrap
- * Copyright (C) 2007  Jay Freeman (saurik)
+/* ldid - (Mach-O) Link-Loader Identity Editor
+ * Copyright (C) 2007-2012  Jay Freeman (saurik)
  */
  
  */
  
+/* GNU Affero General Public License, Version 3 {{{ */
  /*
  /*
- *        Redistribution and use in source and binary
- * forms, with or without modification, are permitted
- * provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the
- *    above copyright notice, this list of conditions
- *    and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the
- *    above copyright notice, this list of conditions
- *    and the following disclaimer in the documentation
- *    and/or other materials provided with the
- *    distribution.
- * 3. The name of the author may not be used to endorse
- *    or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
- * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
  
  
-#include "minimal/stdlib.h"
-#include "minimal/string.h"
-#include "minimal/mapping.h"
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
  
  
-#include "sha1.h"
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+**/
+/* }}} */
+
+#include "minimal/stdlib.h"
  
  #include <cstring>
  #include <string>
  #include <vector>
  
  
  #include <cstring>
  #include <string>
  #include <vector>
  
-#include <sys/wait.h>
-#include <sys/types.h>
+#include <dlfcn.h>
+#include <fcntl.h>
+
+#include <sys/mman.h>
  #include <sys/stat.h>
  
  #include <sys/stat.h>
  
+#include <openssl/sha.h>
+
+#include <plist/plist.h>
+
  struct fat_header {
      uint32_t magic;
      uint32_t nfat_arch;
  struct fat_header {
      uint32_t magic;
      uint32_t nfat_arch;
@@ -83,6 +69,7 @@ struct mach_header {
  
  #define MH_DYLDLINK   0x4
  
  
  #define MH_DYLDLINK   0x4
  
+#define MH_OBJECT     0x1
  #define MH_EXECUTE    0x2
  #define MH_DYLIB      0x6
  #define MH_BUNDLE     0x8
  #define MH_EXECUTE    0x2
  #define MH_DYLIB      0x6
  #define MH_BUNDLE     0x8
@@ -93,14 +80,22 @@ struct load_command {
      uint32_t cmdsize;
  } _packed;
  
      uint32_t cmdsize;
  } _packed;
  
-#define LC_REQ_DYLD  uint32_t(0x80000000)
-
-#define        LC_SEGMENT         uint32_t(0x01)
-#define LC_LOAD_DYLIB      uint32_t(0x0c)
-#define LC_ID_DYLIB        uint32_t(0x0d)
-#define LC_UUID            uint32_t(0x1b)
-#define LC_CODE_SIGNATURE  uint32_t(0x1d)
-#define LC_REEXPORT_DYLIB  uint32_t(0x1f | LC_REQ_DYLD)
+#define LC_REQ_DYLD           uint32_t(0x80000000)
+
+#define LC_SEGMENT            uint32_t(0x01)
+#define LC_SYMTAB             uint32_t(0x02)
+#define LC_DYSYMTAB           uint32_t(0x0b)
+#define LC_LOAD_DYLIB         uint32_t(0x0c)
+#define LC_ID_DYLIB           uint32_t(0x0d)
+#define LC_SEGMENT_64         uint32_t(0x19)
+#define LC_UUID               uint32_t(0x1b)
+#define LC_CODE_SIGNATURE     uint32_t(0x1d)
+#define LC_SEGMENT_SPLIT_INFO uint32_t(0x1e)
+#define LC_REEXPORT_DYLIB     uint32_t(0x1f | LC_REQ_DYLD)
+#define LC_ENCRYPTION_INFO    uint32_t(0x21)
+#define LC_DYLD_INFO          uint32_t(0x22)
+#define LC_DYLD_INFO_ONLY     uint32_t(0x22 | LC_REQ_DYLD)
+#define LC_ENCRYPTION_INFO_64 uint32_t(0x2c)
  
  struct dylib {
      uint32_t name;
  
  struct dylib {
      uint32_t name;
@@ -121,6 +116,100 @@ struct uuid_command {
      uint8_t uuid[16];
  } _packed;
  
      uint8_t uuid[16];
  } _packed;
  
+struct symtab_command {
+    uint32_t cmd;
+    uint32_t cmdsize;
+    uint32_t symoff;
+    uint32_t nsyms;
+    uint32_t stroff;
+    uint32_t strsize;
+} _packed;
+
+struct dyld_info_command {
+    uint32_t cmd;
+    uint32_t cmdsize;
+    uint32_t rebase_off;
+    uint32_t rebase_size;
+    uint32_t bind_off;
+    uint32_t bind_size;
+    uint32_t weak_bind_off;
+    uint32_t weak_bind_size;
+    uint32_t lazy_bind_off;
+    uint32_t lazy_bind_size;
+    uint32_t export_off;
+    uint32_t export_size;
+} _packed;
+
+struct dysymtab_command {
+    uint32_t cmd;
+    uint32_t cmdsize;
+    uint32_t ilocalsym;
+    uint32_t nlocalsym;
+    uint32_t iextdefsym;
+    uint32_t nextdefsym;
+    uint32_t iundefsym;
+    uint32_t nundefsym;
+    uint32_t tocoff;
+    uint32_t ntoc;
+    uint32_t modtaboff;
+    uint32_t nmodtab;
+    uint32_t extrefsymoff;
+    uint32_t nextrefsyms;
+    uint32_t indirectsymoff;
+    uint32_t nindirectsyms;
+    uint32_t extreloff;
+    uint32_t nextrel;
+    uint32_t locreloff;
+    uint32_t nlocrel;
+} _packed;
+
+struct dylib_table_of_contents {
+    uint32_t symbol_index;
+    uint32_t module_index;
+} _packed;
+
+struct dylib_module {
+    uint32_t module_name;
+    uint32_t iextdefsym;
+    uint32_t nextdefsym;
+    uint32_t irefsym;
+    uint32_t nrefsym;
+    uint32_t ilocalsym;
+    uint32_t nlocalsym;
+    uint32_t iextrel;
+    uint32_t nextrel;
+    uint32_t iinit_iterm;
+    uint32_t ninit_nterm;
+    uint32_t objc_module_info_addr;
+    uint32_t objc_module_info_size;
+} _packed;
+
+struct dylib_reference {
+    uint32_t isym:24;
+    uint32_t flags:8;
+} _packed;
+
+struct relocation_info {
+    int32_t r_address;
+    uint32_t r_symbolnum:24;
+    uint32_t r_pcrel:1;
+    uint32_t r_length:2;
+    uint32_t r_extern:1;
+    uint32_t r_type:4;
+} _packed;
+
+struct nlist {
+    union {
+        char *n_name;
+        int32_t n_strx;
+    } n_un;
+
+    uint8_t n_type;
+    uint8_t n_sect;
+    uint8_t n_desc;
+    uint32_t n_value;
+} _packed;
+
  struct segment_command {
      uint32_t cmd;
      uint32_t cmdsize;
  struct segment_command {
      uint32_t cmd;
      uint32_t cmdsize;
@@ -133,7 +222,21 @@ struct segment_command {
      uint32_t initprot;
      uint32_t nsects;
      uint32_t flags;
      uint32_t initprot;
      uint32_t nsects;
      uint32_t flags;
-};
+} _packed;
+
+struct segment_command_64 {
+    uint32_t cmd;
+    uint32_t cmdsize;
+    char segname[16];
+    uint64_t vmaddr;
+    uint64_t vmsize;
+    uint64_t fileoff;
+    uint64_t filesize;
+    uint32_t maxprot;
+    uint32_t initprot;
+    uint32_t nsects;
+    uint32_t flags;
+} _packed;
  
  struct section {
      char sectname[16];
  
  struct section {
      char sectname[16];
@@ -147,7 +250,21 @@ struct section {
      uint32_t flags;
      uint32_t reserved1;
      uint32_t reserved2;
      uint32_t flags;
      uint32_t reserved1;
      uint32_t reserved2;
-};
+} _packed;
+
+struct section_64 {
+    char sectname[16];
+    char segname[16];
+    uint64_t addr;
+    uint64_t size;
+    uint32_t offset;
+    uint32_t align;
+    uint32_t reloff;
+    uint32_t nreloc;
+    uint32_t flags;
+    uint32_t reserved1;
+    uint32_t reserved2;
+} _packed;
  
  struct linkedit_data_command {
      uint32_t cmd;
  
  struct linkedit_data_command {
      uint32_t cmd;
@@ -156,6 +273,38 @@ struct linkedit_data_command {
      uint32_t datasize;
  } _packed;
  
      uint32_t datasize;
  } _packed;
  
+struct encryption_info_command {
+    uint32_t cmd;
+    uint32_t cmdsize;
+    uint32_t cryptoff;
+    uint32_t cryptsize;
+    uint32_t cryptid;
+} _packed;
+
+#define BIND_OPCODE_MASK                             0xf0
+#define BIND_IMMEDIATE_MASK                          0x0f
+#define BIND_OPCODE_DONE                             0x00
+#define BIND_OPCODE_SET_DYLIB_ORDINAL_IMM            0x10
+#define BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB           0x20
+#define BIND_OPCODE_SET_DYLIB_SPECIAL_IMM            0x30
+#define BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM    0x40
+#define BIND_OPCODE_SET_TYPE_IMM                     0x50
+#define BIND_OPCODE_SET_ADDEND_SLEB                  0x60
+#define BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB      0x70
+#define BIND_OPCODE_ADD_ADDR_ULEB                    0x80
+#define BIND_OPCODE_DO_BIND                          0x90
+#define BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB            0xa0
+#define BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED      0xb0
+#define BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB 0xc0
+
+template <typename Type_>
+Type_ Align(Type_ value, size_t align) {
+    value += align - 1;
+    value /= align;
+    value *= align;
+    return value;
+}
+
  uint16_t Swap_(uint16_t value) {
      return
          ((value >>  8) & 0x00ff) |
  uint16_t Swap_(uint16_t value) {
      return
          ((value >>  8) & 0x00ff) |
@@ -170,6 +319,13 @@ uint32_t Swap_(uint32_t value) {
      return value;
  }
  
      return value;
  }
  
+uint64_t Swap_(uint64_t value) {
+    value = (value & 0x00000000ffffffff) << 32 | (value & 0xffffffff00000000) >> 32;
+    value = (value & 0x0000ffff0000ffff) << 16 | (value & 0xffff0000ffff0000) >> 16;
+    value = (value & 0x00ff00ff00ff00ff) << 8  | (value & 0xff00ff00ff00ff00) >> 8;
+    return value;
+}
+
  int16_t Swap_(int16_t value) {
      return Swap_(static_cast<uint16_t>(value));
  }
  int16_t Swap_(int16_t value) {
      return Swap_(static_cast<uint16_t>(value));
  }
@@ -178,6 +334,10 @@ int32_t Swap_(int32_t value) {
      return Swap_(static_cast<uint32_t>(value));
  }
  
      return Swap_(static_cast<uint32_t>(value));
  }
  
+int64_t Swap_(int64_t value) {
+    return Swap_(static_cast<uint64_t>(value));
+}
+
  bool little_(true);
  
  uint16_t Swap(uint16_t value) {
  bool little_(true);
  
  uint16_t Swap(uint16_t value) {
@@ -188,6 +348,10 @@ uint32_t Swap(uint32_t value) {
      return little_ ? Swap_(value) : value;
  }
  
      return little_ ? Swap_(value) : value;
  }
  
+uint64_t Swap(uint64_t value) {
+    return little_ ? Swap_(value) : value;
+}
+
  int16_t Swap(int16_t value) {
      return Swap(static_cast<uint16_t>(value));
  }
  int16_t Swap(int16_t value) {
      return Swap(static_cast<uint16_t>(value));
  }
@@ -196,21 +360,29 @@ int32_t Swap(int32_t value) {
      return Swap(static_cast<uint32_t>(value));
  }
  
      return Swap(static_cast<uint32_t>(value));
  }
  
+int64_t Swap(int64_t value) {
+    return Swap(static_cast<uint64_t>(value));
+}
+
  template <typename Target_>
  class Pointer;
  
  template <typename Target_>
  class Pointer;
  
-class Framework {
+class Data {
    private:
      void *base_;
      size_t size_;
  
    private:
      void *base_;
      size_t size_;
  
-    struct mach_header *mach_header_;
-    struct load_command *load_command_;
-
+  protected:
      bool swapped_;
      bool swapped_;
-    bool bits64_;
  
    public:
  
    public:
+    Data(void *base, size_t size) :
+        base_(base),
+        size_(size),
+        swapped_(false)
+    {
+    }
+
      uint16_t Swap(uint16_t value) const {
          return swapped_ ? Swap_(value) : value;
      }
      uint16_t Swap(uint16_t value) const {
          return swapped_ ? Swap_(value) : value;
      }
@@ -219,6 +391,10 @@ class Framework {
          return swapped_ ? Swap_(value) : value;
      }
  
          return swapped_ ? Swap_(value) : value;
      }
  
+    uint64_t Swap(uint64_t value) const {
+        return swapped_ ? Swap_(value) : value;
+    }
+
      int16_t Swap(int16_t value) const {
          return Swap(static_cast<uint16_t>(value));
      }
      int16_t Swap(int16_t value) const {
          return Swap(static_cast<uint16_t>(value));
      }
@@ -227,32 +403,34 @@ class Framework {
          return Swap(static_cast<uint32_t>(value));
      }
  
          return Swap(static_cast<uint32_t>(value));
      }
  
-    Framework(const char *framework_path) :
-        swapped_(false)
-    {
-        base_ = map(framework_path, 0, _not(size_t), &size_, false);
-        fat_header *fat_header = reinterpret_cast<struct fat_header *>(base_);
+    int64_t Swap(int64_t value) const {
+        return Swap(static_cast<uint64_t>(value));
+    }
  
  
-        if (Swap(fat_header->magic) == FAT_CIGAM) {
-            swapped_ = !swapped_;
-            goto fat;
-        } else if (Swap(fat_header->magic) != FAT_MAGIC)
-            mach_header_ = (mach_header *) base_;
-        else fat: {
-            size_t fat_narch = Swap(fat_header->nfat_arch);
-            fat_arch *fat_arch = reinterpret_cast<struct fat_arch *>(fat_header + 1);
-            size_t arch;
-            for (arch = 0; arch != fat_narch; ++arch) {
-                uint32_t arch_offset = Swap(fat_arch->offset);
-                mach_header_ = (mach_header *) ((uint8_t *) base_ + arch_offset);
-                goto found;
-                ++fat_arch;
-            }
+    void *GetBase() const {
+        return base_;
+    }
  
  
-            _assert(false);
-        }
+    size_t GetSize() const {
+        return size_;
+    }
+};
+
+class MachHeader :
+    public Data
+{
+  private:
+    bool bits64_;
+
+    struct mach_header *mach_header_;
+    struct load_command *load_command_;
+
+  public:
+    MachHeader(void *base, size_t size) :
+        Data(base, size)
+    {
+        mach_header_ = (mach_header *) base;
  
  
-      found:
          switch (Swap(mach_header_->magic)) {
              case MH_CIGAM:
                  swapped_ = !swapped_;
          switch (Swap(mach_header_->magic)) {
              case MH_CIGAM:
                  swapped_ = !swapped_;
@@ -286,23 +464,23 @@ class Framework {
          return mach_header_;
      }
  
          return mach_header_;
      }
  
-    void *GetBase() {
-        return base_;
-    }
-
-    size_t GetSize() const {
-        return size_;
+    operator struct mach_header *() const {
+        return mach_header_;
      }
  
      uint32_t GetCPUType() const {
          return Swap(mach_header_->cputype);
      }
  
      }
  
      uint32_t GetCPUType() const {
          return Swap(mach_header_->cputype);
      }
  
-    uint16_t GetCPUSubtype() const {
+    uint32_t GetCPUSubtype() const {
          return Swap(mach_header_->cpusubtype) & 0xff;
      }
  
          return Swap(mach_header_->cpusubtype) & 0xff;
      }
  
-    std::vector<struct load_command *> GetLoadCommands() {
+    struct load_command *GetLoadCommand() const {
+        return load_command_;
+    }
+
+    std::vector<struct load_command *> GetLoadCommands() const {
          std::vector<struct load_command *> load_commands;
  
          struct load_command *load_command = load_command_;
          std::vector<struct load_command *> load_commands;
  
          struct load_command *load_command = load_command_;
@@ -314,27 +492,42 @@ class Framework {
          return load_commands;
      }
  
          return load_commands;
      }
  
-    std::vector<segment_command *> GetSegments(const char *segment_name) {
+    std::vector<segment_command *> GetSegments(const char *segment_name) const {
          std::vector<struct segment_command *> segment_commands;
  
          std::vector<struct segment_command *> segment_commands;
  
-        _foreach (load_command, GetLoadCommands())
-            if (Swap((*load_command)->cmd) == LC_SEGMENT) {
-                segment_command *segment_command = reinterpret_cast<struct segment_command *>(*load_command);
+        _foreach (load_command, GetLoadCommands()) {
+            if (Swap(load_command->cmd) == LC_SEGMENT) {
+                segment_command *segment_command = reinterpret_cast<struct segment_command *>(load_command);
                  if (strncmp(segment_command->segname, segment_name, 16) == 0)
                      segment_commands.push_back(segment_command);
              }
                  if (strncmp(segment_command->segname, segment_name, 16) == 0)
                      segment_commands.push_back(segment_command);
              }
+        }
  
          return segment_commands;
      }
  
  
          return segment_commands;
      }
  
-    std::vector<section *> GetSections(const char *segment_name, const char *section_name) {
+    std::vector<segment_command_64 *> GetSegments64(const char *segment_name) const {
+        std::vector<struct segment_command_64 *> segment_commands;
+
+        _foreach (load_command, GetLoadCommands()) {
+            if (Swap(load_command->cmd) == LC_SEGMENT_64) {
+                segment_command_64 *segment_command = reinterpret_cast<struct segment_command_64 *>(load_command);
+                if (strncmp(segment_command->segname, segment_name, 16) == 0)
+                    segment_commands.push_back(segment_command);
+            }
+        }
+
+        return segment_commands;
+    }
+
+    std::vector<section *> GetSections(const char *segment_name, const char *section_name) const {
          std::vector<section *> sections;
  
          _foreach (segment, GetSegments(segment_name)) {
          std::vector<section *> sections;
  
          _foreach (segment, GetSegments(segment_name)) {
-            section *section = (struct section *) (*segment + 1);
+            section *section = (struct section *) (segment + 1);
  
              uint32_t sect;
  
              uint32_t sect;
-            for (sect = 0; sect != Swap((*segment)->nsects); ++sect) {
+            for (sect = 0; sect != Swap(segment->nsects); ++sect) {
                  if (strncmp(section->sectname, section_name, 16) == 0)
                      sections.push_back(section);
                  ++section;
                  if (strncmp(section->sectname, section_name, 16) == 0)
                      sections.push_back(section);
                  ++section;
@@ -345,7 +538,7 @@ class Framework {
      }
  
      template <typename Target_>
      }
  
      template <typename Target_>
-    Pointer<Target_> GetPointer(uint32_t address, const char *segment_name = NULL) {
+    Pointer<Target_> GetPointer(uint32_t address, const char *segment_name = NULL) const {
          load_command *load_command = (struct load_command *) (mach_header_ + 1);
          uint32_t cmd;
  
          load_command *load_command = (struct load_command *) (mach_header_ + 1);
          uint32_t cmd;
  
@@ -381,14 +574,81 @@ class Framework {
      }
  };
  
      }
  };
  
+class FatMachHeader :
+    public MachHeader
+{
+  private:
+    fat_arch *fat_arch_;
+
+  public:
+    FatMachHeader(void *base, size_t size, fat_arch *fat_arch) :
+        MachHeader(base, size),
+        fat_arch_(fat_arch)
+    {
+    }
+
+    fat_arch *GetFatArch() const {
+        return fat_arch_;
+    }
+};
+
+class FatHeader :
+    public Data
+{
+  private:
+    fat_header *fat_header_;
+    std::vector<FatMachHeader> mach_headers_;
+
+  public:
+    FatHeader(void *base, size_t size) :
+        Data(base, size)
+    {
+        fat_header_ = reinterpret_cast<struct fat_header *>(base);
+
+        if (Swap(fat_header_->magic) == FAT_CIGAM) {
+            swapped_ = !swapped_;
+            goto fat;
+        } else if (Swap(fat_header_->magic) != FAT_MAGIC) {
+            fat_header_ = NULL;
+            mach_headers_.push_back(FatMachHeader(base, size, NULL));
+        } else fat: {
+            size_t fat_narch = Swap(fat_header_->nfat_arch);
+            fat_arch *fat_arch = reinterpret_cast<struct fat_arch *>(fat_header_ + 1);
+            size_t arch;
+            for (arch = 0; arch != fat_narch; ++arch) {
+                uint32_t arch_offset = Swap(fat_arch->offset);
+                uint32_t arch_size = Swap(fat_arch->size);
+                mach_headers_.push_back(FatMachHeader((uint8_t *) base + arch_offset, arch_size, fat_arch));
+                ++fat_arch;
+            }
+        }
+    }
+
+    std::vector<FatMachHeader> &GetMachHeaders() {
+        return mach_headers_;
+    }
+
+    bool IsFat() const {
+        return fat_header_ != NULL;
+    }
+
+    struct fat_header *operator ->() const {
+        return fat_header_;
+    }
+
+    operator struct fat_header *() const {
+        return fat_header_;
+    }
+};
+
  template <typename Target_>
  class Pointer {
    private:
  template <typename Target_>
  class Pointer {
    private:
-    const Framework *framework_;
+    const MachHeader *framework_;
      const Target_ *pointer_;
  
    public:
      const Target_ *pointer_;
  
    public:
-    Pointer(const Framework *framework = NULL, const Target_ *pointer = NULL) :
+    Pointer(const MachHeader *framework = NULL, const Target_ *pointer = NULL) :
          framework_(framework),
          pointer_(pointer)
      {
          framework_(framework),
          pointer_(pointer)
      {
@@ -455,308 +715,285 @@ struct CodeDirectory {
  
  extern "C" uint32_t hash(uint8_t *k, uint32_t length, uint32_t initval);
  
  
  extern "C" uint32_t hash(uint8_t *k, uint32_t length, uint32_t initval);
  
-#define CODESIGN_ALLOCATE "arm-apple-darwin9-codesign_allocate"
-
  void sha1(uint8_t *hash, uint8_t *data, size_t size) {
  void sha1(uint8_t *hash, uint8_t *data, size_t size) {
-    SHA1Context context;
-    SHA1Reset(&context);
-    SHA1Input(&context, data, size);
-    SHA1Result(&context, hash);
+    SHA1(data, size, hash);
  }
  
  }
  
-int main(int argc, const char *argv[]) {
-    union {
-        uint16_t word;
-        uint8_t byte[2];
-    } endian = {1};
+struct CodesignAllocation {
+    FatMachHeader mach_header_;
+    uint32_t offset_;
+    uint32_t size_;
+    uint32_t alloc_;
+    uint32_t align_;
+
+    CodesignAllocation(FatMachHeader mach_header, size_t offset, size_t size, size_t alloc, size_t align) :
+        mach_header_(mach_header),
+        offset_(offset),
+        size_(size),
+        alloc_(alloc),
+        align_(align)
+    {
+    }
+};
  
  
-    little_ = endian.byte[0];
+class File {
+  private:
+    int file_;
  
  
-    bool flag_R(false);
-    bool flag_t(false);
-    bool flag_p(false);
-    bool flag_u(false);
-    bool flag_e(false);
+  public:
+    File() :
+        file_(-1)
+    {
+    }
  
  
-    bool flag_T(false);
+    ~File() {
+        if (file_ != -1)
+            _syscall(close(file_));
+    }
  
  
-    bool flag_S(false);
-    bool flag_s(false);
+    void open(const char *path, int flags) {
+        _assert(file_ == -1);
+        _syscall(file_ = ::open(path, flags));
+    }
  
  
-    bool timeh(false);
-    uint32_t timev(0);
+    int file() const {
+        return file_;
+    }
+};
  
  
-    const void *xmld(NULL);
-    size_t xmls(0);
+class Map {
+  private:
+    File file_;
+    void *data_;
+    size_t size_;
  
  
-    uintptr_t noffset(_not(uintptr_t));
-    uintptr_t woffset(_not(uintptr_t));
+    void clear() {
+        if (data_ == NULL)
+            return;
+        _syscall(munmap(data_, size_));
+        data_ = NULL;
+        size_ = 0;
+    }
  
  
-    std::vector<std::string> files;
+  public:
+    Map() :
+        data_(NULL),
+        size_(0)
+    {
+    }
  
  
-    if (argc == 1) {
-        fprintf(stderr, "usage: %s -S[entitlements.xml] <binary>\n", argv[0]);
-        fprintf(stderr, "   %s -e MobileSafari\n", argv[0]);
-        fprintf(stderr, "   %s -S cat\n", argv[0]);
-        fprintf(stderr, "   %s -Stfp.xml gdb\n", argv[0]);
-        exit(0);
+    Map(const char *path, int oflag, int pflag, int mflag) :
+        Map()
+    {
+        open(path, oflag, pflag, mflag);
      }
  
      }
  
-    for (int argi(1); argi != argc; ++argi)
-        if (argv[argi][0] != '-')
-            files.push_back(argv[argi]);
-        else switch (argv[argi][1]) {
-            case 'R': flag_R = true; break;
-            case 't': flag_t = true; break;
-            case 'u': flag_u = true; break;
-            case 'p': flag_p = true; break;
-            case 'e': flag_e = true; break;
+    Map(const char *path, bool edit) :
+        Map()
+    {
+        open(path, edit);
+    }
  
  
-            case 's':
-                _assert(!flag_S);
-                flag_s = true;
-            break;
+    ~Map() {
+        clear();
+    }
  
  
-            case 'S':
-                _assert(!flag_s);
-                flag_S = true;
-                if (argv[argi][2] != '\0') {
-                    const char *xml = argv[argi] + 2;
-                    xmld = map(xml, 0, _not(size_t), &xmls, true);
-                }
-            break;
+    void open(const char *path, int oflag, int pflag, int mflag) {
+        clear();
  
  
-            case 'T': {
-                flag_T = true;
-                if (argv[argi][2] == '-')
-                    timeh = true;
-                else {
-                    char *arge;
-                    timev = strtoul(argv[argi] + 2, &arge, 0);
-                    _assert(arge == argv[argi] + strlen(argv[argi]));
-                }
-            } break;
+        file_.open(path, oflag);
+        int file(file_.file());
  
  
-            case 'n': {
-                char *arge;
-                noffset = strtoul(argv[argi] + 2, &arge, 0);
-                _assert(arge == argv[argi] + strlen(argv[argi]));
-            } break;
+        struct stat stat;
+        _syscall(fstat(file, &stat));
+        size_ = stat.st_size;
  
  
-            case 'w': {
-                char *arge;
-                woffset = strtoul(argv[argi] + 2, &arge, 0);
-                _assert(arge == argv[argi] + strlen(argv[argi]));
-            } break;
+        _syscall(data_ = mmap(NULL, size_, pflag, mflag, file, 0));
+    }
  
  
-            default:
-                goto usage;
-            break;
-        }
+    void open(const char *path, bool edit) {
+        if (edit)
+            open(path, O_RDWR, PROT_READ | PROT_WRITE, MAP_SHARED);
+        else
+            open(path, O_RDONLY, PROT_READ, MAP_PRIVATE);
+    }
  
  
-    if (files.empty()) usage: {
-        exit(0);
+    void *data() const {
+        return data_;
      }
  
      }
  
-    size_t filei(0), filee(0);
-    _foreach (file, files) try {
-        const char *path(file->c_str());
-        const char *base = strrchr(path, '/');
-        char *temp(NULL), *dir;
+    size_t size() const {
+        return size_;
+    }
  
  
-        if (base != NULL)
-            dir = strndup_(path, base++ - path + 1);
-        else {
-            dir = strdup("");
-            base = path;
-        }
+    operator std::string() const {
+        return std::string(static_cast<char *>(data_), size_);
+    }
+};
  
  
-        if (flag_S) {
-            asprintf(&temp, "%s.%s.cs", dir, base);
-            const char *allocate = getenv("CODESIGN_ALLOCATE");
-            if (allocate == NULL)
-                allocate = "codesign_allocate";
-
-            size_t size = _not(size_t);
-            const char *arch; {
-                Framework framework(path);
-                framework->flags |= MH_DYLDLINK;
-
-                _foreach (load_command, framework.GetLoadCommands()) {
-                    uint32_t cmd(framework.Swap((*load_command)->cmd));
-                    if (cmd == LC_CODE_SIGNATURE) {
-                        struct linkedit_data_command *signature = reinterpret_cast<struct linkedit_data_command *>(*load_command);
-                        size = framework.Swap(signature->dataoff);
-                        _assert(size < framework.GetSize());
-                        break;
-                    }
-                }
+void resign(const char *path, const char *temp, const char *name, const std::string &xml) {
+    Map input(path, O_RDONLY, PROT_READ | PROT_WRITE, MAP_PRIVATE);
+    FatHeader source(input.data(), input.size());
  
  
-                if (size == _not(size_t))
-                    size = framework.GetSize();
-
-                switch (framework.GetCPUType()) {
-                    case 7: switch (framework.GetCPUSubtype()) {
-                        case 3: arch = "i386"; break;
-                        default: arch = NULL; break;
-                    } break;
-
-                    case 12: switch (framework.GetCPUSubtype()) {
-                        case 0: arch = "arm"; break;
-                        case 6: arch = "armv6"; break;
-                        case 9: arch = "armv7"; break;
-                        default: arch = NULL; break;
-                    } break;
-
-                    case 18: switch (framework.GetCPUSubtype()) {
-                        case 10: arch = "ppc7400"; break;
-                        default: arch = NULL; break;
-                    } break;
-
-                    case 16777223: switch (framework.GetCPUSubtype()) {
-                        case 3: arch = "x86_64"; break;
-                        default: arch = NULL; break;
-                    } break;
-
-                    case 16777234: switch (framework.GetCPUSubtype()) {
-                        case 0: arch = "ppc64"; break;
-                        default: arch = NULL; break;
-                    } break;
-
-                    default: arch = NULL; break;
-                }
-            }
+    size_t offset(0);
+    if (source.IsFat())
+        offset += sizeof(fat_header) + sizeof(fat_arch) * source.Swap(source->nfat_arch);
  
  
-            _assert(arch != NULL);
+    std::vector<CodesignAllocation> allocations;
+    _foreach (mach_header, source.GetMachHeaders()) {
+        struct linkedit_data_command *signature(NULL);
+        struct symtab_command *symtab(NULL);
  
  
-            pid_t pid = fork();
-            _syscall(pid);
-            if (pid == 0) {
-                char *ssize;
-                asprintf(&ssize, "%u", (sizeof(struct SuperBlob) + 2 * sizeof(struct BlobIndex) + sizeof(struct CodeDirectory) + strlen(base) + 1 + ((xmld == NULL ? CSSLOT_REQUIREMENTS : CSSLOT_ENTITLEMENTS) + (size + 0x1000 - 1) / 0x1000) * 0x14 + 0xc + (xmld == NULL ? 0 : 0x10 + xmls) + 15) / 16 * 16);
-                //printf("%s -i %s -a %s %s -o %s\n", allocate, path, arch, ssize, temp);
-                execlp(allocate, allocate, "-i", path, "-a", arch, ssize, "-o", temp, NULL);
-                _assert(false);
-            }
+        _foreach (load_command, mach_header.GetLoadCommands()) {
+            uint32_t cmd(mach_header.Swap(load_command->cmd));
+            if (false);
+            else if (cmd == LC_CODE_SIGNATURE)
+                signature = reinterpret_cast<struct linkedit_data_command *>(load_command);
+            else if (cmd == LC_SYMTAB)
+                symtab = reinterpret_cast<struct symtab_command *>(load_command);
+        }
  
  
-            int status;
-            _syscall(waitpid(pid, &status, 0));
-            _assert(WIFEXITED(status));
-            _assert(WEXITSTATUS(status) == 0);
+        size_t size;
+        if (signature == NULL)
+            size = mach_header.GetSize();
+        else {
+            size = mach_header.Swap(signature->dataoff);
+            _assert(size <= mach_header.GetSize());
          }
  
          }
  
-        Framework framework(temp == NULL ? path : temp);
-        struct linkedit_data_command *signature(NULL);
+        if (symtab != NULL) {
+            auto end(mach_header.Swap(symtab->stroff) + mach_header.Swap(symtab->strsize));
+            _assert(end <= size);
+            _assert(end >= size - 0x10);
+            size = end;
+        }
  
  
-        if (flag_p)
-            printf("path%zu='%s'\n", filei, file->c_str());
+        size_t alloc(0);
+        if (name != NULL) {
+            alloc += sizeof(struct SuperBlob);
+            uint32_t special(0);
+
+            special = std::max(special, CSSLOT_CODEDIRECTORY);
+            alloc += sizeof(struct BlobIndex);
+            alloc += sizeof(struct CodeDirectory);
+            alloc += strlen(name) + 1;
+
+            special = std::max(special, CSSLOT_REQUIREMENTS);
+            alloc += sizeof(struct BlobIndex);
+            alloc += 0xc;
+
+            if (xml.size() != 0) {
+                special = std::max(special, CSSLOT_ENTITLEMENTS);
+                alloc += sizeof(struct BlobIndex);
+                alloc += sizeof(struct Blob);
+                alloc += xml.size();
+            }
  
  
-        if (woffset != _not(uintptr_t)) {
-            Pointer<uint32_t> wvalue(framework.GetPointer<uint32_t>(woffset));
-            if (wvalue == NULL)
-                printf("(null) %p\n", reinterpret_cast<void *>(woffset));
-            else
-                printf("0x%.08x\n", *wvalue);
+            size_t normal((size + 0x1000 - 1) / 0x1000);
+            alloc = Align(alloc + (special + normal) * 0x14, 16);
          }
  
          }
  
-        if (noffset != _not(uintptr_t))
-            printf("%s\n", &*framework.GetPointer<char>(noffset));
-
-        _foreach (load_command, framework.GetLoadCommands()) {
-            uint32_t cmd(framework.Swap((*load_command)->cmd));
+        auto *fat_arch(mach_header.GetFatArch());
+        uint32_t align(fat_arch == NULL ? 0 : source.Swap(fat_arch->align));
+        offset = Align(offset, 1 << align);
  
  
-            if (flag_R && cmd == LC_REEXPORT_DYLIB)
-                (*load_command)->cmd = framework.Swap(LC_LOAD_DYLIB);
-            else if (cmd == LC_CODE_SIGNATURE)
-                signature = reinterpret_cast<struct linkedit_data_command *>(*load_command);
-            else if (cmd == LC_UUID) {
-                volatile struct uuid_command *uuid_command(reinterpret_cast<struct uuid_command *>(*load_command));
-
-                if (flag_u) {
-                    printf("uuid%zu=%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x\n", filei,
-                        uuid_command->uuid[ 0], uuid_command->uuid[ 1], uuid_command->uuid[ 2], uuid_command->uuid[ 3],
-                        uuid_command->uuid[ 4], uuid_command->uuid[ 5], uuid_command->uuid[ 6], uuid_command->uuid[ 7],
-                        uuid_command->uuid[ 8], uuid_command->uuid[ 9], uuid_command->uuid[10], uuid_command->uuid[11],
-                        uuid_command->uuid[12], uuid_command->uuid[13], uuid_command->uuid[14], uuid_command->uuid[15]
-                    );
-                }
-            } else if (cmd == LC_ID_DYLIB) {
-                volatile struct dylib_command *dylib_command(reinterpret_cast<struct dylib_command *>(*load_command));
+        allocations.push_back(CodesignAllocation(mach_header, offset, size, alloc, align));
+        offset += size + alloc;
+        offset = Align(offset, 16);
+    }
  
  
-                if (flag_t)
-                    printf("time%zu=0x%.8x\n", filei, framework.Swap(dylib_command->dylib.timestamp));
+    fclose(fopen(temp, "w+"));
+    _syscall(truncate(temp, offset));
+
+    Map output(temp, O_RDWR, PROT_READ | PROT_WRITE, MAP_SHARED);
+    _assert(output.size() == offset);
+    void *file(output.data());
+    memset(file, 0, offset);
+
+    fat_arch *fat_arch;
+    if (!source.IsFat())
+        fat_arch = NULL;
+    else {
+        auto *fat_header(reinterpret_cast<struct fat_header *>(file));
+        fat_header->magic = Swap(FAT_MAGIC);
+        fat_header->nfat_arch = Swap(source.Swap(source->nfat_arch));
+        fat_arch = reinterpret_cast<struct fat_arch *>(fat_header + 1);
+    }
  
  
-                if (flag_T) {
-                    uint32_t timed;
+    _foreach (allocation, allocations) {
+        auto &source(allocation.mach_header_);
  
  
-                    if (!timeh)
-                        timed = timev;
-                    else {
-                        dylib_command->dylib.timestamp = 0;
-                        timed = hash(reinterpret_cast<uint8_t *>(framework.GetBase()), framework.GetSize(), timev);
-                    }
+        uint32_t align(allocation.size_);
+        if (allocation.alloc_ != 0)
+            align = Align(align, 0x10);
  
  
-                    dylib_command->dylib.timestamp = framework.Swap(timed);
-                }
-            }
+        if (fat_arch != NULL) {
+            fat_arch->cputype = Swap(source->cputype);
+            fat_arch->cpusubtype = Swap(source->cpusubtype);
+            fat_arch->offset = Swap(allocation.offset_);
+            fat_arch->size = Swap(align + allocation.alloc_);
+            fat_arch->align = Swap(allocation.align_);
+            ++fat_arch;
          }
  
          }
  
-        if (flag_e) {
-            _assert(signature != NULL);
-
-            uint32_t data = framework.Swap(signature->dataoff);
-            uint32_t size = framework.Swap(signature->datasize);
+        void *target(reinterpret_cast<uint8_t *>(file) + allocation.offset_);
+        memcpy(target, source, allocation.size_);
+        MachHeader mach_header(target, align + allocation.alloc_);
  
  
-            uint8_t *top = reinterpret_cast<uint8_t *>(framework.GetBase());
-            uint8_t *blob = top + data;
-            struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob);
-
-            for (size_t index(0); index != Swap(super->count); ++index)
-                if (Swap(super->index[index].type) == CSSLOT_ENTITLEMENTS) {
-                    uint32_t begin = Swap(super->index[index].offset);
-                    struct Blob *entitlements = reinterpret_cast<struct Blob *>(blob + begin);
-                    fwrite(entitlements + 1, 1, Swap(entitlements->length) - sizeof(struct Blob), stdout);
-                }
+        struct linkedit_data_command *signature(NULL);
+        _foreach (load_command, mach_header.GetLoadCommands()) {
+            uint32_t cmd(mach_header.Swap(load_command->cmd));
+            if (cmd != LC_CODE_SIGNATURE)
+                continue;
+            signature = reinterpret_cast<struct linkedit_data_command *>(load_command);
+            break;
          }
  
          }
  
-        if (flag_s) {
-            _assert(signature != NULL);
-
-            uint32_t data = framework.Swap(signature->dataoff);
-            uint32_t size = framework.Swap(signature->datasize);
-
-            uint8_t *top = reinterpret_cast<uint8_t *>(framework.GetBase());
-            uint8_t *blob = top + data;
-            struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob);
-
-            for (size_t index(0); index != Swap(super->count); ++index)
-                if (Swap(super->index[index].type) == CSSLOT_CODEDIRECTORY) {
-                    uint32_t begin = Swap(super->index[index].offset);
-                    struct CodeDirectory *directory = reinterpret_cast<struct CodeDirectory *>(blob + begin);
+        _foreach (segment, mach_header.GetSegments("__LINKEDIT")) {
+            size_t size(mach_header.Swap(align + allocation.alloc_ - mach_header.Swap(segment->fileoff)));
+            segment->filesize = size;
+            segment->vmsize = Align(size, 0x1000);
+        }
  
  
-                    uint8_t (*hashes)[20] = reinterpret_cast<uint8_t (*)[20]>(blob + begin + Swap(directory->hashOffset));
-                    uint32_t pages = Swap(directory->nCodeSlots);
+        _foreach (segment, mach_header.GetSegments64("__LINKEDIT")) {
+            size_t size(mach_header.Swap(align + allocation.alloc_ - mach_header.Swap(segment->fileoff)));
+            segment->filesize = size;
+            segment->vmsize = Align(size, 0x1000);
+        }
  
  
-                    if (pages != 1)
-                        for (size_t i = 0; i != pages - 1; ++i)
-                            sha1(hashes[i], top + 0x1000 * i, 0x1000);
-                    if (pages != 0)
-                        sha1(hashes[pages - 1], top + 0x1000 * (pages - 1), ((data - 1) % 0x1000) + 1);
-                }
+        if (name == NULL && signature != NULL) {
+            auto before(reinterpret_cast<uint8_t *>(mach_header.GetLoadCommand()));
+            auto after(reinterpret_cast<uint8_t *>(signature));
+            auto next(mach_header.Swap(signature->cmdsize));
+            auto total(mach_header.Swap(mach_header->sizeofcmds));
+            memmove(signature, after + next, before + total - after - next);
+            memset(before + total - next, 0, next);
+            mach_header->ncmds = mach_header.Swap(mach_header.Swap(mach_header->ncmds) - 1);
+            mach_header->sizeofcmds = mach_header.Swap(total - next);
+            signature = NULL;
          }
  
          }
  
-        if (flag_S) {
-            _assert(signature != NULL);
+        if (name != NULL) {
+            if (signature == NULL) {
+                signature = reinterpret_cast<struct linkedit_data_command *>(reinterpret_cast<uint8_t *>(mach_header.GetLoadCommand()) + mach_header.Swap(mach_header->sizeofcmds));
+                signature->cmd = mach_header.Swap(LC_CODE_SIGNATURE);
+                signature->cmdsize = mach_header.Swap(uint32_t(sizeof(*signature)));
+                mach_header->ncmds = mach_header.Swap(mach_header.Swap(mach_header->ncmds) + 1);
+                mach_header->sizeofcmds = mach_header.Swap(mach_header.Swap(mach_header->sizeofcmds) + uint32_t(sizeof(*signature)));
+            }
  
  
-            uint32_t data = framework.Swap(signature->dataoff);
-            uint32_t size = framework.Swap(signature->datasize);
+            signature->dataoff = mach_header.Swap(align);
+            signature->datasize = mach_header.Swap(allocation.alloc_);
  
  
-            uint8_t *top = reinterpret_cast<uint8_t *>(framework.GetBase());
+            uint32_t data = mach_header.Swap(signature->dataoff);
+            uint32_t size = mach_header.Swap(signature->datasize);
+
+            uint8_t *top = reinterpret_cast<uint8_t *>(mach_header.GetBase());
              uint8_t *blob = top + data;
              struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob);
              super->blob.magic = Swap(CSMAGIC_EMBEDDED_SIGNATURE);
  
              uint8_t *blob = top + data;
              struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob);
              super->blob.magic = Swap(CSMAGIC_EMBEDDED_SIGNATURE);
  
-            uint32_t count = xmld == NULL ? 2 : 3;
+            uint32_t count = xml.size() == 0 ? 2 : 3;
              uint32_t offset = sizeof(struct SuperBlob) + count * sizeof(struct BlobIndex);
  
              super->index[0].type = Swap(CSSLOT_CODEDIRECTORY);
              uint32_t offset = sizeof(struct SuperBlob) + count * sizeof(struct BlobIndex);
  
              super->index[0].type = Swap(CSSLOT_CODEDIRECTORY);
@@ -777,10 +1014,10 @@ int main(int argc, const char *argv[]) {
              directory->spare2 = Swap(uint32_t(0));
  
              directory->identOffset = Swap(offset - begin);
              directory->spare2 = Swap(uint32_t(0));
  
              directory->identOffset = Swap(offset - begin);
-            strcpy(reinterpret_cast<char *>(blob + offset), base);
-            offset += strlen(base) + 1;
+            strcpy(reinterpret_cast<char *>(blob + offset), name);
+            offset += strlen(name) + 1;
  
  
-            uint32_t special = xmld == NULL ? CSSLOT_REQUIREMENTS : CSSLOT_ENTITLEMENTS;
+            uint32_t special = xml.size() == 0 ? CSSLOT_REQUIREMENTS : CSSLOT_ENTITLEMENTS;
              directory->nSpecialSlots = Swap(special);
  
              uint8_t (*hashes)[20] = reinterpret_cast<uint8_t (*)[20]>(blob + offset);
              directory->nSpecialSlots = Swap(special);
  
              uint8_t (*hashes)[20] = reinterpret_cast<uint8_t (*)[20]>(blob + offset);
@@ -808,7 +1045,7 @@ int main(int argc, const char *argv[]) {
              memcpy(blob + offset, "\xfa\xde\x0c\x01\x00\x00\x00\x0c\x00\x00\x00\x00", 0xc);
              offset += 0xc;
  
              memcpy(blob + offset, "\xfa\xde\x0c\x01\x00\x00\x00\x0c\x00\x00\x00\x00", 0xc);
              offset += 0xc;
  
-            if (xmld != NULL) {
+            if (xml.size() != 0) {
                  super->index[2].type = Swap(CSSLOT_ENTITLEMENTS);
                  super->index[2].offset = Swap(offset);
  
                  super->index[2].type = Swap(CSSLOT_ENTITLEMENTS);
                  super->index[2].offset = Swap(offset);
  
@@ -816,8 +1053,8 @@ int main(int argc, const char *argv[]) {
                  struct Blob *entitlements = reinterpret_cast<struct Blob *>(blob + begin);
                  offset += sizeof(struct Blob);
  
                  struct Blob *entitlements = reinterpret_cast<struct Blob *>(blob + begin);
                  offset += sizeof(struct Blob);
  
-                memcpy(blob + offset, xmld, xmls);
-                offset += xmls;
+                memcpy(blob + offset, xml.data(), xml.size());
+                offset += xml.size();
  
                  entitlements->magic = Swap(CSMAGIC_ENTITLEMENTS);
                  entitlements->length = Swap(offset - begin);
  
                  entitlements->magic = Swap(CSMAGIC_ENTITLEMENTS);
                  entitlements->length = Swap(offset - begin);
@@ -842,24 +1079,226 @@ int main(int argc, const char *argv[]) {
  
              memset(blob + offset, 0, size - offset);
          }
  
              memset(blob + offset, 0, size - offset);
          }
+    }
+}
  
  
-        if (flag_S) {
-            uint8_t *top = reinterpret_cast<uint8_t *>(framework.GetBase());
-            size_t size = framework.GetSize();
+int main(int argc, const char *argv[]) {
+    union {
+        uint16_t word;
+        uint8_t byte[2];
+    } endian = {1};
  
  
-            char *copy;
-            asprintf(&copy, "%s.%s.cp", dir, base);
-            FILE *file = fopen(copy, "w+");
-            size_t writ = fwrite(top, 1, size, file);
-            _assert(writ == size);
-            fclose(file);
+    little_ = endian.byte[0];
  
  
-            _syscall(unlink(temp));
-            free(temp);
-            temp = copy;
+    bool flag_r(false);
+    bool flag_e(false);
+
+    bool flag_T(false);
+
+    bool flag_S(false);
+    bool flag_s(false);
+
+    bool flag_D(false);
+
+    bool flag_A(false);
+    bool flag_a(false);
+
+    uint32_t flag_CPUType(_not(uint32_t));
+    uint32_t flag_CPUSubtype(_not(uint32_t));
+
+    const char *flag_I(NULL);
+
+    bool timeh(false);
+    uint32_t timev(0);
+
+    Map xmlm;
+
+    std::vector<std::string> files;
+
+    if (argc == 1) {
+        fprintf(stderr, "usage: %s -S[entitlements.xml] <binary>\n", argv[0]);
+        fprintf(stderr, "   %s -e MobileSafari\n", argv[0]);
+        fprintf(stderr, "   %s -S cat\n", argv[0]);
+        fprintf(stderr, "   %s -Stfp.xml gdb\n", argv[0]);
+        exit(0);
+    }
+
+    for (int argi(1); argi != argc; ++argi)
+        if (argv[argi][0] != '-')
+            files.push_back(argv[argi]);
+        else switch (argv[argi][1]) {
+            case 'r': flag_r = true; break;
+            case 'e': flag_e = true; break;
+
+            case 'D': flag_D = true; break;
+
+            case 'a': flag_a = true; break;
+
+            case 'A':
+                flag_A = true;
+                if (argv[argi][2] != '\0') {
+                    const char *cpu = argv[argi] + 2;
+                    const char *colon = strchr(cpu, ':');
+                    _assert(colon != NULL);
+                    char *arge;
+                    flag_CPUType = strtoul(cpu, &arge, 0);
+                    _assert(arge == colon);
+                    flag_CPUSubtype = strtoul(colon + 1, &arge, 0);
+                    _assert(arge == argv[argi] + strlen(argv[argi]));
+                }
+            break;
+
+            case 's':
+                _assert(!flag_S);
+                flag_s = true;
+            break;
+
+            case 'S':
+                _assert(!flag_s);
+                flag_S = true;
+                if (argv[argi][2] != '\0') {
+                    const char *xml = argv[argi] + 2;
+                    xmlm.open(xml, O_RDONLY, PROT_READ, MAP_PRIVATE);
+                }
+            break;
+
+            case 'T': {
+                flag_T = true;
+                if (argv[argi][2] == '-')
+                    timeh = true;
+                else {
+                    char *arge;
+                    timev = strtoul(argv[argi] + 2, &arge, 0);
+                    _assert(arge == argv[argi] + strlen(argv[argi]));
+                }
+            } break;
+
+            case 'I': {
+                flag_I = argv[argi] + 2;
+            } break;
+
+            default:
+                goto usage;
+            break;
+        }
+
+    _assert(!flag_S || !flag_r);
+
+    if (files.empty()) usage: {
+        exit(0);
+    }
+
+    size_t filei(0), filee(0);
+    _foreach (file, files) try {
+        const char *path(file.c_str());
+        const char *base = strrchr(path, '/');
+
+        std::string dir;
+        if (base != NULL)
+            dir.assign(path, base++ - path + 1);
+        else
+            base = path;
+
+        const char *name(flag_I ?: base);
+        char *temp(NULL);
+
+        if (flag_S || flag_r) {
+            asprintf(&temp, "%s.%s.cs", dir.c_str(), base);
+            resign(path, temp, flag_S ? name : NULL, xmlm);
+        }
+
+        Map mapping(temp ?: path, flag_T || flag_s);
+        FatHeader fat_header(mapping.data(), mapping.size());
+
+        _foreach (mach_header, fat_header.GetMachHeaders()) {
+            struct linkedit_data_command *signature(NULL);
+            struct encryption_info_command *encryption(NULL);
+
+            if (flag_A) {
+                if (mach_header.GetCPUType() != flag_CPUType)
+                    continue;
+                if (mach_header.GetCPUSubtype() != flag_CPUSubtype)
+                    continue;
+            }
+
+            if (flag_a)
+                printf("cpu=0x%x:0x%x\n", mach_header.GetCPUType(), mach_header.GetCPUSubtype());
+
+            _foreach (load_command, mach_header.GetLoadCommands()) {
+                uint32_t cmd(mach_header.Swap(load_command->cmd));
+
+                if (false);
+                else if (cmd == LC_CODE_SIGNATURE)
+                    signature = reinterpret_cast<struct linkedit_data_command *>(load_command);
+                else if (cmd == LC_ENCRYPTION_INFO || cmd == LC_ENCRYPTION_INFO_64)
+                    encryption = reinterpret_cast<struct encryption_info_command *>(load_command);
+                else if (cmd == LC_ID_DYLIB) {
+                    volatile struct dylib_command *dylib_command(reinterpret_cast<struct dylib_command *>(load_command));
+
+                    if (flag_T) {
+                        uint32_t timed;
+
+                        if (!timeh)
+                            timed = timev;
+                        else {
+                            dylib_command->dylib.timestamp = 0;
+                            timed = hash(reinterpret_cast<uint8_t *>(mach_header.GetBase()), mach_header.GetSize(), timev);
+                        }
+
+                        dylib_command->dylib.timestamp = mach_header.Swap(timed);
+                    }
+                }
+            }
+
+            if (flag_D) {
+                _assert(encryption != NULL);
+                encryption->cryptid = mach_header.Swap(0);
+            }
+
+            if (flag_e) {
+                _assert(signature != NULL);
+
+                uint32_t data = mach_header.Swap(signature->dataoff);
+
+                uint8_t *top = reinterpret_cast<uint8_t *>(mach_header.GetBase());
+                uint8_t *blob = top + data;
+                struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob);
+
+                for (size_t index(0); index != Swap(super->count); ++index)
+                    if (Swap(super->index[index].type) == CSSLOT_ENTITLEMENTS) {
+                        uint32_t begin = Swap(super->index[index].offset);
+                        struct Blob *entitlements = reinterpret_cast<struct Blob *>(blob + begin);
+                        fwrite(entitlements + 1, 1, Swap(entitlements->length) - sizeof(struct Blob), stdout);
+                    }
+            }
+
+            if (flag_s) {
+                _assert(signature != NULL);
+
+                uint32_t data = mach_header.Swap(signature->dataoff);
+
+                uint8_t *top = reinterpret_cast<uint8_t *>(mach_header.GetBase());
+                uint8_t *blob = top + data;
+                struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob);
+
+                for (size_t index(0); index != Swap(super->count); ++index)
+                    if (Swap(super->index[index].type) == CSSLOT_CODEDIRECTORY) {
+                        uint32_t begin = Swap(super->index[index].offset);
+                        struct CodeDirectory *directory = reinterpret_cast<struct CodeDirectory *>(blob + begin);
+
+                        uint8_t (*hashes)[20] = reinterpret_cast<uint8_t (*)[20]>(blob + begin + Swap(directory->hashOffset));
+                        uint32_t pages = Swap(directory->nCodeSlots);
+
+                        if (pages != 1)
+                            for (size_t i = 0; i != pages - 1; ++i)
+                                sha1(hashes[i], top + 0x1000 * i, 0x1000);
+                        if (pages != 0)
+                            sha1(hashes[pages - 1], top + 0x1000 * (pages - 1), ((data - 1) % 0x1000) + 1);
+                    }
+            }
          }
  
          }
  
-        if (temp) {
+        if (temp != NULL) {
              struct stat info;
              _syscall(stat(path, &info));
              _syscall(chown(temp, info.st_uid, info.st_gid));
              struct stat info;
              _syscall(stat(path, &info));
              _syscall(chown(temp, info.st_uid, info.st_gid));
@@ -869,7 +1308,6 @@ int main(int argc, const char *argv[]) {
              free(temp);
          }
  
              free(temp);
          }
  
-        free(dir);
          ++filei;
      } catch (const char *) {
          ++filee;
          ++filei;
      } catch (const char *) {
          ++filee;