fix: ipsw macho sign apple agility hashes

2026-05-08 12:22:26 +00:00 · 2023-01-10 12:52:30 -07:00
parent dbdd8bb8bd
commit c17b3003fb
2 changed files with 27 additions and 29 deletions
@@ -51,7 +51,7 @@ func init() {
 	machoSignCmd.Flags().StringP("pw", "p", "", "p12 cert password")
 	machoSignCmd.Flags().StringP("ent", "e", "", "entitlements.plist file")
 	machoSignCmd.Flags().BoolP("ts", "t", false, "timestamp signature")
-	machoSignCmd.Flags().String("timestamp-url", "http://timestamp.apple.com/ts01", "timeserver URL")
+	machoSignCmd.Flags().String("timeserver", "http://timestamp.apple.com/ts01", "timeserver URL")
 	machoSignCmd.Flags().String("proxy", "", "HTTP/HTTPS proxy")
 	machoSignCmd.Flags().Bool("insecure", false, "do not verify ssl certs")
 	machoSignCmd.Flags().BoolP("overwrite", "f", false, "Overwrite file")
@@ -62,7 +62,7 @@ func init() {
 	viper.BindPFlag("macho.sign.pw", machoSignCmd.Flags().Lookup("pw"))
 	viper.BindPFlag("macho.sign.ent", machoSignCmd.Flags().Lookup("ent"))
 	viper.BindPFlag("macho.sign.ts", machoSignCmd.Flags().Lookup("ts"))
-	viper.BindPFlag("macho.sign.timestamp-url", machoSignCmd.Flags().Lookup("timestamp-url"))
+	viper.BindPFlag("macho.sign.timeserver", machoSignCmd.Flags().Lookup("timeserver"))
 	viper.BindPFlag("macho.sign.proxy", machoSignCmd.Flags().Lookup("proxy"))
 	viper.BindPFlag("macho.sign.insecure", machoSignCmd.Flags().Lookup("insecure"))
 	viper.BindPFlag("macho.sign.overwrite", machoSignCmd.Flags().Lookup("overwrite"))
@@ -79,7 +79,6 @@ var machoSignCmd = &cobra.Command{
 	Args:          cobra.ExactArgs(1),
 	SilenceUsage:  true,
 	SilenceErrors: true,
-	Hidden:        true,
 	RunE: func(cmd *cobra.Command, args []string) error {

 		var err error
@@ -180,7 +179,7 @@ var machoSignCmd = &cobra.Command{
 								CertChain:    certs,
 								PrivateKey:   privateKey,
 								Timestamp:    viper.GetBool("macho.sign.ts"),
-								TimestampURL: viper.GetString("macho.sign.timestamp-url"),
+								TimestampURL: viper.GetString("macho.sign.timeserver"),
 								Proxy:        viper.GetString("macho.sign.proxy"),
 								Insecure:     viper.GetBool("macho.sign.insecure"),
 							})
@@ -15,7 +15,7 @@ import (
 	"sort"
 	"time"

-	// "github.com/blacktop/go-plist"
+	"github.com/blacktop/go-plist"
 	"github.com/blacktop/ipsw/internal/codesign/cms/oid"
 )

@@ -299,12 +299,12 @@ func (sd *SignedData) Sign(chain []*x509.Certificate, privateKey any) error {
 	if _, err = md.Write(content); err != nil {
 		return err
 	}
-	// pldata, err := plist.Marshal(CDHash{
-	// 	CDHashes: [][]byte{md.Sum(nil)[:20]},
-	// }, plist.XMLFormat)
-	// if err != nil {
-	// 	return err
-	// }
+	pldata, err := plist.MarshalIndent(CDHash{
+		CDHashes: [][]byte{md.Sum(nil)[:20]},
+	}, plist.XMLFormat, "\t")
+	if err != nil {
+		return err
+	}

 	// Build our SignedAttributes
 	stAttr, err := NewAttribute(oid.AttributeSigningTime, time.Now().UTC())
@@ -319,26 +319,25 @@ func (sd *SignedData) Sign(chain []*x509.Certificate, privateKey any) error {
 	if err != nil {
 		return err
 	}
-	// hvAttr, err := NewAttribute(oid.AttributeAppleHashAgilityV1, AppleHashAgility{
-	// 	Type: oid.DigestAlgorithmSHA256,
-	// 	Content: asn1.RawValue{
-	// 		Class:      asn1.ClassUniversal,
-	// 		Tag:        asn1.TagOctetString,
-	// 		Bytes:      md.Sum(nil),
-	// 		IsCompound: false,
-	// 	},
-	// })
-	// if err != nil {
-	// 	return err
-	// }
-	// hv2Attr, err := NewAttribute(oid.AttributeAppleHashAgilityV2, pldata)
-	// if err != nil {
-	// 	return err
-	// }
+	hvAttr, err := NewAttribute(oid.AttributeAppleHashAgilityV1, pldata)
+	if err != nil {
+		return err
+	}
+	hv2Attr, err := NewAttribute(oid.AttributeAppleHashAgilityV2, AppleHashAgility{
+		Type: oid.DigestAlgorithmSHA256,
+		Content: asn1.RawValue{
+			Class:      asn1.ClassUniversal,
+			Tag:        asn1.TagOctetString,
+			Bytes:      md.Sum(nil),
+			IsCompound: false,
+		},
+	})
+	if err != nil {
+		return err
+	}

 	// sort attributes to match required order in marshaled form
-	// si.SignedAttrs, err = sortAttributes(stAttr, mdAttr, ctAttr, hvAttr, hv2Attr)
-	si.SignedAttrs, err = sortAttributes(stAttr, mdAttr, ctAttr)
+	si.SignedAttrs, err = sortAttributes(stAttr, mdAttr, ctAttr, hvAttr, hv2Attr)
 	if err != nil {
 		return err
 	}