-
Notifications
You must be signed in to change notification settings - Fork 316
isign failing on newer IPA's - LC_CODE_SIGNATURE #120
Comments
I've done more research, and I think I have found the root cause. Looking at macho_cs.py, we see that the construct Switch on line 173 has no default action. However, there is a default in the enum above. One of the magic numbers is CSMAGIC_ENTITLEMENT=0xfade7171 which relates to an entitlements plist. By examining new IPA files, we see a new magic number 0xfade7172. By manually examining the data in this part of the signing object, we see what appears to be a binary plist that contains the same data that is in the xml plist stored in CSMAGIC_ENTITLEMENT. Next action: We need to create something in macho_cs.py that will parse and emit this object, and update other parts of isign where/as required to manipulate the data. |
By adding the two lines shown below to macho_cs.py, isign now completely parses these new IPA's without error. However, there are errors when "emitting". This proves my theory that the parsing is getting an exception due to a missing magic number for this new data type. However, my python skills are fairly limited. I could use some help from someone with some python skills that are interested in solving this issue.
|
What happens if you change the name to |
I wish it were that simple. The newer IPA's have both the old 7171 magic number as well as the 7172 magic number. Also, the 7171 data is an xml plist of entitlements. The new 7172 data appears to be a binary encoded entitlement plist. If we just swap, it will throw exceptions because of the missing 7171 magic in the inbound stream. |
Did anyone find a solution to this? Saucelabs must have a solution if they're still using this tool for re-codesigning in their device cloud. I'm reading the source code for Apple's codesign to see what's going on. In terms of the difference between
and a comment:
|
I have played with iSign for a while now. Newer IPA's since about September last year are failing. The problem appears to be a failure parsing the LC_CODE_SIGNATURE LoadCommand in a decrypted IPA. There are no available forks with any fixes to this problem. But, older IPA's work just fine.
A traceback is available below showing 78 of 79 LoadCommand entries parsed.
The text was updated successfully, but these errors were encountered: