Page 1 of 1

Signing problem after changing a Mach-O image

PostPosted: Mon May 25, 2015 7:04 am
by pmon
I'm doing modifications on a Mach-O executable (which was signed before) and I'm trying to resign it with codesign. As far as changing things in place in the image my mechanisms are working (in other words length of the image is the same after the changes as it was before).

But when I'm trying to append data to it codesign command fails. It seems that even if I'm adding a single byte to the Mach-O image at the end it breaks the ability of singing the image. From IDA and jtool perspective the image seems to be valid, only the signing is failing.

Do you have any clue what the problem can be?

Re: Signing problem after changing a Mach-O image

PostPosted: Wed Jun 10, 2015 11:39 pm
by morpheus
Easiest way out of this:

- Strip the LC_CODE_SIGNATURE (e.g. jtool -r or another Mach-O editor)
- re-sign

codesign isn't known to be the most resilient of programs in terms of its tolerance for errors. If internal offsets are wrong, or if you're trying to sign something that already has a signature, it refuses. Providing signing capabilities to jtool is one thing that's high on the list (but currently unstable so it won't be out for a while)