+void sha1(uint8_t *hash, const void *data, size_t size) {
+ SHA1(static_cast<const uint8_t *>(data), size, hash);
+}
+
+struct CodesignAllocation {
+ FatMachHeader mach_header_;
+ uint32_t offset_;
+ uint32_t size_;
+ uint32_t limit_;
+ uint32_t alloc_;
+ uint32_t align_;
+
+ CodesignAllocation(FatMachHeader mach_header, size_t offset, size_t size, size_t limit, size_t alloc, size_t align) :
+ mach_header_(mach_header),
+ offset_(offset),
+ size_(size),
+ limit_(limit),
+ alloc_(alloc),
+ align_(align)
+ {
+ }
+};
+
+class File {
+ private:
+ int file_;
+
+ public:
+ File() :
+ file_(-1)
+ {
+ }
+
+ ~File() {
+ if (file_ != -1)
+ _syscall(close(file_));
+ }
+
+ void open(const char *path, int flags) {
+ _assert(file_ == -1);
+ _syscall(file_ = ::open(path, flags));
+ }
+
+ int file() const {
+ return file_;
+ }
+};
+
+class Map {
+ private:
+ File file_;
+ void *data_;
+ size_t size_;
+
+ void clear() {
+ if (data_ == NULL)
+ return;
+ _syscall(munmap(data_, size_));
+ data_ = NULL;
+ size_ = 0;
+ }
+
+ public:
+ Map() :
+ data_(NULL),
+ size_(0)
+ {
+ }
+
+ Map(const char *path, int oflag, int pflag, int mflag) :
+ Map()
+ {
+ open(path, oflag, pflag, mflag);
+ }
+
+ Map(const char *path, bool edit) :
+ Map()
+ {
+ open(path, edit);
+ }
+
+ ~Map() {
+ clear();
+ }
+
+ void open(const char *path, int oflag, int pflag, int mflag) {
+ clear();
+
+ file_.open(path, oflag);
+ int file(file_.file());
+
+ struct stat stat;
+ _syscall(fstat(file, &stat));
+ size_ = stat.st_size;
+
+ _syscall(data_ = mmap(NULL, size_, pflag, mflag, file, 0));
+ }
+
+ void open(const char *path, bool edit) {
+ if (edit)
+ open(path, O_RDWR, PROT_READ | PROT_WRITE, MAP_SHARED);
+ else
+ open(path, O_RDONLY, PROT_READ, MAP_PRIVATE);
+ }
+
+ void *data() const {
+ return data_;
+ }
+
+ size_t size() const {
+ return size_;
+ }
+
+ operator std::string() const {
+ return std::string(static_cast<char *>(data_), size_);
+ }
+};
+
+// I wish Apple cared about providing quality toolchains :/
+
+template <typename Function_>
+class Functor;
+
+template <typename Type_, typename... Args_>
+class Functor<Type_ (Args_...)> {
+ public:
+ virtual Type_ operator ()(Args_... args) const = 0;
+ virtual operator bool() const = 0;
+};
+
+template <typename Function_>
+class FunctorImpl;
+
+template <typename Value_, typename Type_, typename... Args_>
+class FunctorImpl<Type_ (Value_::*)(Args_...) const> :
+ public Functor<Type_ (Args_...)>
+{
+ private:
+ const Value_ *value_;
+
+ public:
+ FunctorImpl() :
+ value_(NULL)
+ {
+ }
+
+ FunctorImpl(const Value_ &value) :
+ value_(&value)
+ {
+ }
+
+ virtual Type_ operator ()(Args_... args) const {
+ return (*value_)(args...);
+ }
+};
+
+template <typename Function_>
+FunctorImpl<decltype(&Function_::operator())> fun(const Function_ &value) {
+ return value;
+}
+
+void resign(void *idata, size_t isize, std::streambuf &output, const Functor<size_t (size_t)> &allocate, const Functor<size_t (std::streambuf &output, size_t, const std::string &, const char *)> &save) {
+ FatHeader source(idata, isize);
+
+ size_t offset(0);
+ if (source.IsFat())
+ offset += sizeof(fat_header) + sizeof(fat_arch) * source.Swap(source->nfat_arch);
+
+ std::vector<CodesignAllocation> allocations;
+ _foreach (mach_header, source.GetMachHeaders()) {
+ struct linkedit_data_command *signature(NULL);
+ struct symtab_command *symtab(NULL);
+
+ _foreach (load_command, mach_header.GetLoadCommands()) {
+ uint32_t cmd(mach_header.Swap(load_command->cmd));
+ if (false);
+ else if (cmd == LC_CODE_SIGNATURE)
+ signature = reinterpret_cast<struct linkedit_data_command *>(load_command);
+ else if (cmd == LC_SYMTAB)
+ symtab = reinterpret_cast<struct symtab_command *>(load_command);
+ }
+
+ size_t size;
+ if (signature == NULL)
+ size = mach_header.GetSize();
+ else {
+ size = mach_header.Swap(signature->dataoff);
+ _assert(size <= mach_header.GetSize());
+ }
+
+ if (symtab != NULL) {
+ auto end(mach_header.Swap(symtab->stroff) + mach_header.Swap(symtab->strsize));
+ _assert(end <= size);
+ _assert(end >= size - 0x10);
+ size = end;
+ }
+
+ size_t alloc(allocate(size));
+
+ auto *fat_arch(mach_header.GetFatArch());
+ uint32_t align(fat_arch == NULL ? 0 : source.Swap(fat_arch->align));
+ offset = Align(offset, 1 << align);
+
+ uint32_t limit(size);
+ if (alloc != 0)
+ limit = Align(limit, 0x10);
+
+ allocations.push_back(CodesignAllocation(mach_header, offset, size, limit, alloc, align));
+ offset += size + alloc;
+ offset = Align(offset, 16);
+ }
+
+ size_t position(0);
+
+ if (source.IsFat()) {
+ fat_header fat_header;
+ fat_header.magic = Swap(FAT_MAGIC);
+ fat_header.nfat_arch = Swap(uint32_t(allocations.size()));
+ put(output, &fat_header, sizeof(fat_header));
+ position += sizeof(fat_header);
+
+ _foreach (allocation, allocations) {
+ auto &mach_header(allocation.mach_header_);
+
+ fat_arch fat_arch;
+ fat_arch.cputype = Swap(mach_header->cputype);
+ fat_arch.cpusubtype = Swap(mach_header->cpusubtype);
+ fat_arch.offset = Swap(allocation.offset_);
+ fat_arch.size = Swap(allocation.limit_ + allocation.alloc_);
+ fat_arch.align = Swap(allocation.align_);
+ put(output, &fat_arch, sizeof(fat_arch));
+ position += sizeof(fat_arch);
+ }
+ }
+
+ _foreach (allocation, allocations) {
+ auto &mach_header(allocation.mach_header_);
+
+ pad(output, allocation.offset_ - position);
+ position = allocation.offset_;
+
+ std::vector<std::string> commands;
+
+ _foreach (load_command, mach_header.GetLoadCommands()) {
+ std::string copy(reinterpret_cast<const char *>(load_command), load_command->cmdsize);
+
+ switch (uint32_t cmd = mach_header.Swap(load_command->cmd)) {
+ case LC_CODE_SIGNATURE:
+ continue;
+ break;
+
+ case LC_SEGMENT: {
+ auto segment_command(reinterpret_cast<struct segment_command *>(©[0]));
+ if (strncmp(segment_command->segname, "__LINKEDIT", 16) != 0)
+ break;
+ size_t size(mach_header.Swap(allocation.limit_ + allocation.alloc_ - mach_header.Swap(segment_command->fileoff)));
+ segment_command->filesize = size;
+ segment_command->vmsize = Align(size, 0x1000);
+ } break;
+
+ case LC_SEGMENT_64: {
+ auto segment_command(reinterpret_cast<struct segment_command_64 *>(©[0]));
+ if (strncmp(segment_command->segname, "__LINKEDIT", 16) != 0)
+ break;
+ size_t size(mach_header.Swap(allocation.limit_ + allocation.alloc_ - mach_header.Swap(segment_command->fileoff)));
+ segment_command->filesize = size;
+ segment_command->vmsize = Align(size, 0x1000);
+ } break;
+ }
+
+ commands.push_back(copy);
+ }
+
+ if (allocation.alloc_ != 0) {
+ linkedit_data_command signature;
+ signature.cmd = mach_header.Swap(LC_CODE_SIGNATURE);
+ signature.cmdsize = mach_header.Swap(uint32_t(sizeof(signature)));
+ signature.dataoff = mach_header.Swap(allocation.limit_);
+ signature.datasize = mach_header.Swap(allocation.alloc_);
+ commands.push_back(std::string(reinterpret_cast<const char *>(&signature), sizeof(signature)));
+ }
+
+ size_t begin(position);
+
+ uint32_t after(0);
+ _foreach(command, commands)
+ after += command.size();
+
+ std::stringbuf altern;
+
+ struct mach_header header(*mach_header);
+ header.ncmds = mach_header.Swap(uint32_t(commands.size()));
+ header.sizeofcmds = mach_header.Swap(after);
+ put(output, &header, sizeof(header));
+ put(altern, &header, sizeof(header));
+ position += sizeof(header);
+
+ if (mach_header.Bits64()) {
+ auto pad(mach_header.Swap(uint32_t(0)));
+ put(output, &pad, sizeof(pad));
+ put(altern, &pad, sizeof(pad));
+ position += sizeof(pad);
+ }
+
+ _foreach(command, commands) {
+ put(output, command.data(), command.size());
+ put(altern, command.data(), command.size());
+ position += command.size();
+ }
+
+ uint32_t before(mach_header.Swap(mach_header->sizeofcmds));
+ if (before > after) {
+ pad(output, before - after);
+ pad(altern, before - after);
+ position += before - after;
+ }
+
+ auto top(reinterpret_cast<char *>(mach_header.GetBase()));
+
+ std::string overlap(altern.str());
+ overlap.append(top + overlap.size(), Align(overlap.size(), 0x1000) - overlap.size());
+
+ put(output, top + (position - begin), allocation.size_ - (position - begin));
+ position = begin + allocation.size_;
+
+ pad(output, allocation.limit_ - allocation.size_);
+ position += allocation.limit_ - allocation.size_;
+
+ size_t saved(save(output, allocation.limit_, overlap, top));
+ if (allocation.alloc_ > saved)
+ pad(output, allocation.alloc_ - saved);
+ position += allocation.alloc_;
+ }
+}
+
+void resign(void *idata, size_t isize, std::streambuf &output, const char *name, const std::string &entitlements) {
+ uint8_t pageshift(0x0c);
+ uint32_t pagesize(1 << pageshift);
+
+ resign(idata, isize, output, fun([&](size_t size) -> size_t {
+ size_t alloc(sizeof(struct SuperBlob));
+
+ uint32_t special(0);
+
+ special = std::max(special, CSSLOT_REQUIREMENTS);
+ alloc += sizeof(struct BlobIndex);
+ alloc += 0xc;
+
+ if (entitlements.size() != 0) {
+ special = std::max(special, CSSLOT_ENTITLEMENTS);
+ alloc += sizeof(struct BlobIndex);
+ alloc += sizeof(struct Blob);
+ alloc += entitlements.size();
+ }
+
+ special = std::max(special, CSSLOT_CODEDIRECTORY);
+ alloc += sizeof(struct BlobIndex);
+ alloc += sizeof(struct Blob);
+ alloc += sizeof(struct CodeDirectory);
+ alloc += strlen(name) + 1;
+
+ uint32_t normal((size + pagesize - 1) / pagesize);
+ alloc = Align(alloc + (special + normal) * SHA_DIGEST_LENGTH, 16);
+ return alloc;
+ }), fun([&](std::streambuf &output, size_t limit, const std::string &overlap, const char *top) -> size_t {
+ std::map<uint32_t, std::string> blobs;
+
+ if (true) {
+ std::stringbuf data;
+
+ Blob blob;
+ blob.magic = Swap(CSMAGIC_REQUIREMENTS);
+ blob.length = Swap(uint32_t(sizeof(Blob) + sizeof(uint32_t)));
+ put(data, &blob, sizeof(blob));
+
+ uint32_t requirements;
+ requirements = Swap(0);
+ put(data, &requirements, sizeof(requirements));
+
+ blobs.insert(std::make_pair(CSSLOT_REQUIREMENTS, data.str()));
+ }
+
+ if (entitlements.size() != 0) {
+ std::stringbuf data;
+
+ Blob blob;
+ blob.magic = Swap(CSMAGIC_EMBEDDED_ENTITLEMENTS);
+ blob.length = Swap(uint32_t(sizeof(blob) + entitlements.size()));
+ put(data, &blob, sizeof(blob));
+
+ put(data, entitlements.data(), entitlements.size());
+
+ blobs.insert(std::make_pair(CSSLOT_ENTITLEMENTS, data.str()));
+ }
+
+ if (true) {
+ std::stringbuf data;
+
+ uint32_t special(0);
+ _foreach (blob, blobs)
+ special = std::max(special, blob.first);
+ uint32_t normal((limit + pagesize - 1) / pagesize);
+
+ Blob blob;
+ blob.magic = Swap(CSMAGIC_CODEDIRECTORY);
+ blob.length = Swap(uint32_t(sizeof(blob) + sizeof(CodeDirectory) + strlen(name) + 1 + SHA_DIGEST_LENGTH * (special + normal)));
+ put(data, &blob, sizeof(blob));
+
+ CodeDirectory directory;
+ directory.version = Swap(uint32_t(0x00020001));
+ directory.flags = Swap(uint32_t(0));
+ directory.hashOffset = Swap(uint32_t(sizeof(blob) + sizeof(CodeDirectory) + strlen(name) + 1 + SHA_DIGEST_LENGTH * special));
+ directory.identOffset = Swap(uint32_t(sizeof(blob) + sizeof(CodeDirectory)));
+ directory.nSpecialSlots = Swap(special);
+ directory.codeLimit = Swap(uint32_t(limit));
+ directory.nCodeSlots = Swap(normal);
+ directory.hashSize = SHA_DIGEST_LENGTH;
+ directory.hashType = CS_HASHTYPE_SHA1;
+ directory.spare1 = 0x00;
+ directory.pageSize = pageshift;
+ directory.spare2 = Swap(uint32_t(0));
+ put(data, &directory, sizeof(directory));
+
+ put(data, name, strlen(name) + 1);
+
+ uint8_t storage[special + normal][SHA_DIGEST_LENGTH];
+ uint8_t (*hashes)[SHA_DIGEST_LENGTH] = storage + special;
+
+ memset(storage, 0, sizeof(*storage) * special);
+
+ _foreach (blob, blobs) {
+ auto local(reinterpret_cast<const Blob *>(&blob.second[0]));
+ sha1((uint8_t *) (hashes - blob.first), local, Swap(local->length));
+ }
+
+ if (normal != 1)
+ for (size_t i = 0; i != normal - 1; ++i)
+ sha1(hashes[i], (pagesize * i < overlap.size() ? overlap.data() : top) + pagesize * i, pagesize);
+ if (normal != 0)
+ sha1(hashes[normal - 1], top + pagesize * (normal - 1), ((limit - 1) % pagesize) + 1);
+
+ put(data, storage, sizeof(storage));
+
+ blobs.insert(std::make_pair(CSSLOT_CODEDIRECTORY, data.str()));
+ }
+
+ size_t total(0);
+ _foreach (blob, blobs)
+ total += blob.second.size();
+
+ struct SuperBlob super;
+ super.blob.magic = Swap(CSMAGIC_EMBEDDED_SIGNATURE);
+ super.blob.length = Swap(uint32_t(sizeof(SuperBlob) + blobs.size() * sizeof(BlobIndex) + total));
+ super.count = Swap(uint32_t(blobs.size()));
+ put(output, &super, sizeof(super));
+
+ size_t offset(sizeof(SuperBlob) + sizeof(BlobIndex) * blobs.size());
projects / ldid.git / blobdiff