This article continues another basic knowledge point of reverse preparation? Applying re-signature. First introduce the relevant concepts, and then use tools and script automation to perform a re-signing process with examples.
The previous article 09-Application Signature introduced the entire process of signing in detail. In short, signature is a security mechanism of Apple. The APP will only be allowed to execute by the iOS system if the signature is valid. .
Re-signing means replacing the original signature with the existing signature on the basis of the original APP.
codesign is available after installing Xcode, and Xcode also uses this tool to complete the signing process. Does the file with the signature change include?
Before using the codesign tool to re-sign, let’s first learn about some terminal commands about signatures?
1. View the signature information
< p> 2. List the certificates that can be signed in the keychain3. otool analyzes the macho file information and exports it to the specified file
Among them, cryptid is 0, which means no encryption algorithm is used ( That is, unpacked), others represent encryption.
Can you also directly filter to see if the shell is broken?
4. Forcibly replace the signature
5. Add permissions to the file
6. View the description file
7. macho signature
8. Compress the input file into an output file
Here is the shelled WeChat (7.0.8). For example, use a free developer account to re-sign WeChat and then install it on a non-jailbroken phone. (WeChat (7.0.8) ipa package will be attached at the end of the article)
Sign the frameworks in the Frameworks directory one by one (use your own free certificate)?
Create an empty project and use it Free account & real machine compilation, execution and description files.
Then copy the obtained description file into the WeChat app package.
Find WeChat’s info.plist and modify the BundleId to generate the BundleId of the description file for us?
Find the corresponding permissions Entitlements?
Then create an Entitlements.plist file , paste the permission content into it?
Copy the permission file (Entitlements.plist) to the same directory as WeChat.app in the Payload?
Check the signature information of WeChat.app again. Has it been replaced?
At this time, install the WeChat.app package to the phone through Xcode. It should be installed normally?
Then use debug->attach to process->WeChat. Have you debugged WeChat?
What are the above steps to re-sign?
You’re done! ?
The above is to debug WeChat through attach to process. Can we directly debug and jointly debug it like we usually develop? Of course! Please see the following steps?
The shell is a special interactive tool that provides users with a way to start programs, manage files in the file system, and processes running on the system. Shell generally refers to a command line tool. It allows you to enter text commands, which are then interpreted and executed in the kernel.
Shell script is a script file that is pre-placed into a text file with various commands for one-time execution.
What are the most commonly used related commands?
First create a new shell script file shell.sh, and enter the terminal command in it?
As can be seen from the above picture?
Just now we used chmod +x to modify the permissions of shell.sh, so let's take a look at the specific concept of permissions.
Both Unix and Linux are multi-user and multi-task systems, so such systems have the concepts of users and groups. Then the permissions of the same file also have the corresponding user and group.
Different from windows, unix, linux, and macOS are all multi-user systems?
In the Mac system, you can use the ls -l command to view all files in the current file directory. Attributes, for example?
The leftmost red box is the permissions, and to the right are the group to which the link owner belongs, the file size, the last modified date, and the file name.
There are 10 digits for permissions?
In the picture above?
Comparison of each permission number: r: 4 (0100) w: 2 (0010) x: 1 (0001). The advantage of this design is that it can be bitwise ORed. The same is true for the displacement enumeration we are developing.
Example
If a file permission is [!–rwxr-xr-x], then the corresponding ?
User ? 4+2+1 = 7< /p>
Group ? 4+1 = 5
Other ? 4+1 = 5
Then the command is? chmod 755 file name
What is the correspondence table between numbers and permissions?
For example?
The script implementation logic is the same as the codesign logic. The complete script is as follows?
Use a jailbroken phone to dump the ipa package?
After smashing the shell, since it is a genuine package dumped on the jailbroken phone, you need to dump the supported device information in info.plist ( UISupportedDevices) deleted.
Of course it can be written in a script?
After deletion, save and repackage the ipa?
Application re-signing can be said to be the first step of reverse preparation. I hope everyone can follow the steps of this article. In order, do it in practice. It is said that practice is the only criterion for testing truth. This is very important!