Re-signing Apple apps under Windows – increasing use of SHA-256

Until recently, most code signature “superblobs” typically contained four “blobs” (CODEDIRECTORY, REQUIREMENTS, ENTITLEMENTS and SIGNATURE), but now code signatures with five or more blobs (including two CODEDIRECTORY blobs) are sometimes seen.

 

The two CODEDIRECTORY blobs differ in the following respects: 

• The superblob index type for one CODEDIRECTORY blob is cdCodeDirectorySlot (0) and the index type for the other blob is 4096 (no symbolic name known).
• The hashType of the “legacy” CODEDIRECTORY is cdHashTypeSHA1 (1) and the hashType of the “new” blob is cdHashTypeSHA256 (2).
• The hash related information in each CODEDIRECTORY blob corresponds to the hashType (e.g. the hashSize information and the hashes in the tables of code and special hashes). 

The integrity of the “legacy” CODEDIRECTORY is assured by the SIGNATURE blob which contains a PKCS #7 signed data “detached signature”, signing the contents of the CODEDIRECTORY blob. The integrity of the “new” CODEDIRECTORY is assured by a different mechanism – an additional signed attribute in the PKCS #7 SignerInfos with OID 1.2.840.113635.100.9.1 and plist content similar to the following:

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
     <key>cdhashes</key>
     <array>
           <data>
           JgHMg3GqvtZUvY3pnROMbKJ2kgo=
           </data>
           <data>
           rSlwo1k7/H14Mv/Q/sYwjFz0It4=
           </data>
     </array>
</dict>
</plist>

 

The first base64 encoded hash in the array of “cdhashes” is an SHA-1 hash of the legacy CODEDIRECTORY; the second base64 encoded hash in the array is the first 20 bytes of the SHA-256 hash of the new CODEDIRECTORY.

 

The following OID definitions are known but, at the time of writing, no names for “{ appleDataSecurity 9 }” and its descendants can be found.

 

apple OBJECT IDENTIFIER ::= { iso(1) member-body(2) US(840) 113635 }

appleDataSecurity OBJECT IDENTIFIER ::= { apple 100 }

 

Corresponding extensions to CodeResources

 

The mechanisms above protect the core data structures with SHA-256 strength hashes, but additions to the format of the CodeResources file are needed to protect other content in the application bundle. Previously, entries in the “files2” section of CodeResources were either “simple” (base64 encoded SHA-1 hash) values or “dictionaries” with a value named “hash” (an SHA-1 hash) and other named values:

 

                             <key>icon.png</key>
           <data>
           OjXVVA9dws7I7sB3ivQa9oVq1eU=
           </data>
           <key>icon2.png</key>
           <dict>
                <key>hash</key>
                <data>
                Z9iDVp4SnvkVuXHCtUMcYOfhReI=
                </data>
                <key>optional</key>
                <true/>
           </dict>

 

Now, entries like the following can be seen:

 

                             <key>icon.png</key>
           <dict>
                <key>hash</key>
                <data>
                OjXVVA9dws7I7sB3ivQa9oVq1eU=
                </data>
                <key>hash2</key>
                <data>
                x3Wj/BjxGPLpf6OAh/qnZCbfYgbmIuaxEHyoyoP5r04=
                </data>
           </dict>

 

The “dictionary” format is always used with at least two named values: “hash” (containing the SHA-1 hash of the file) and “hash2” (containing the SHA-256 hash of the file).