Page 1 of 1

What algorithm is used for hashing iOS binaries?

PostPosted: Tue Sep 30, 2014 9:32 am
by duhanebel
The signature lives in the binary under the field CDHash, which is the signed binary hash. CD is a collection of hashes for different part of the binary. What algorithm does codesign use to compute the CDs hashes? Peering inside libsecurity_codesigning shows me SHA1 as the default choice but I can't be sure if that's changed at runtime by the codesign binary.

Re: What algorithm is used for hashing iOS binaries?

PostPosted: Tue Sep 30, 2014 3:17 pm
by morpheus
The latest version of JTool has -v on --sig, so you can validate the hashes and see for yourself. The hashes are in "slots", one for each page of memory in the mach-o (including linkedit, up to the code signature itself), and a few "special" slots for bound resources, info.plist, etc. For example:

Code: Select all
morpheus@Zephyr (~/Documents/Book) % jtool -v --sig /bin/ls                                                                       11:01
Blob at offset: 29232 (5488 bytes) is an embedded signature of 4549 bytes, and 3 blobs
   Blob 0: Type: 0 @36: Code Directory (261 bytes)
      Version:     20100
      Flags:       none (0x0)
      CDHash:        e8e766ea872cf682d5a5da3176f57ed140dfa75f
      # of Hashes: 8 code + 2 special
      Hashes @101 size: 20 Type: SHA-1
         Requirements blob:   34a9b54a874a8a0992f450a4d9a13f6bf3ee9edf (OK)
         Bound Info.plist:   Not Bound
         Slot   0: 75e0c5f20a84694cde3247b56ee1103a931d286a (OK)
         Slot   1: ad20db05d1744ea7746baabb4da1d516ff91ae30 (OK)
         Slot   2: f74b63f857ba9a44172352a146f8c213ea55afc9 (OK)
         Slot   3: 532f0362c18af792becd2447aad5fef07a05109f (OK)
         Slot   4: 234b0c4fc286483a73eed2aff135ea1696ad5371 (OK)
         Slot   5: 1de73e5f3b2587afd89ce3d14c90f6e40f0eb173 (OK)
         Slot   6: b0c138b5d7dffc104edb223cb4494759fb447898 (OK)
         Slot   7: 6300feb2aa97d8956596264a64f047cad3c2f638 (OK)
   Blob 1: Type: 2 @297: Requirement Set (180 bytes) with 2 requirements:
      0: Designated Requirement (@28): Ident() AND Apple Anchor
      1: Library Requirement (@68): Ident() AND Apple Anchor OR Ident() AND Apple Anchor OR Ident() AND Apple Anchor
   Blob 2: Type: 10000 @477: Blob Wrapper (4072 bytes) (0x10000 is CMS (RFC3852) signature)
   Superblob ends @36

The hashes are Type SHA-1 by default: This is what JTool recognized (Constants are from libsecurity_codesigning)

Code: Select all
        kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1

        switch (Type)
                case kSecCodeSignatureNoHash: return "No Hash";
                case kSecCodeSignatureHashSHA1: return "SHA-1";
                case kSecCodeSignatureHashSHA256: return "SHA-256";
                case kSecCodeSignatureHashPrestandardSkein160x256 : return "Skein 160x256";
                case kSecCodeSignatureHashPrestandardSkein256x512 : return "Skein 256x512";
                default: return "Unknown";

I'll have a very detailed writeup on this soon, and also painstaking detail in the 2nd edition