|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
At 12:00 -0800 02/03/08, email@hidden wrote: >Date: Sun, 2 Mar 2008 13:04:38 +0000 >From: "David Simpson" <email@hidden> >Message-ID: > <email@hidden> > >I'm somewhat confused about application code signing. My goal is not >getting keychain access or any privileged API but to make our application >more hacker and tamper resistance. > >I already have a Verisign issued certificate that I can use to successfully >sign our application bundle. I am also setting the kill flag like this : > >codesign -s 'Our Name' -o kill OurApp.app > >If I touch anything inside the application executable (or modify the >Info.plist) codesign correctly reports it has been modified. > >However, the application will still launch. From reading the man page of >codesign, I would expect it not to run? I also tried modifying the >application while it was still running, and the application didn't >immediately exit. Try also setting the "hard" flag like this: codesign -s 'Our Name' -o kill,hard OurApp.app at least, for me, that gives a load error when a modified binary is run. It doesn't check other resources (not sure about the Info.plist). >Date: Sun, 2 Mar 2008 10:54:19 -0800 >From: Jens Alfke <email@hidden> > >On 2 Mar '08, at 5:04 AM, David Simpson wrote: > > could someone point me to some code that would allow me to check the >> validity of the application inside our own code? > >Checking your own validity doesn't seem very useful for hack- >resistance, since any hacker patching the binary can just delete the >code that runs the check. Well, if your main binary is tamper-resistant with -kill,hard and you implement some sort of checking for the other resources inside that, producing a modified (but still signed) app becomes, at the very least, extremely hard. I can't see any API for that but libsecurity_codesigning in the Darwin source looks, from a quick read, like it would do that. This leads me to a complementary question. I have a self-signed certificate and I sign my code with that. Running codesign -d -vvvv on my app just yields the information that it's signed by "Rainer Brockerhoff". Anybody could strip off my signature, modify my app, and resign it with another self-signed certificate generated in my name... ...so I want to publish some sort of public key, or file (.der?) on my website that can be used to cross-check the signature using Apple tools - at least the user can be sure the app matches the site. Can't find any docs on that. Is there a recommended procedure for such? TIA, -- Rainer Brockerhoff <email@hidden> Belo Horizonte, Brazil "In the affairs of others even fools are wise In their own business even sages err." Weblog: http://www.brockerhoff.net/bb/viewtopic.php _______________________________________________ Do not post admin requests to the list. They will be ignored. Apple-cdsa mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.