All geek questions in one place

OS X bad code application still running without warning

My OS X application has been fixed by modifying the main executable. It was signed with a valid developer identifier.

I was expecting some warnings when starting this hacked version when installing OS X by default, as the code is no longer valid. I am surprised that it still starts without any problems with the default GateKeeper rule "Application store or only tested only for developers"

Why is OS X still launching this invalid application without warning, for example, “This application is corrupted”? Are there any changes I need to make in my code so that users at least change the GateKeeper rule to “Everywhere” when this crack is run?

$ spctl -a -t exec -vv CrackedApp.app/ CrackedApp.app/: invalid signature (code or signature have been modified) $ codesign --verify --deep --verbose=4 CrackedApp.app/ CrackedApp.app/: invalid signature (code or signature have been modified) In architecture: x86_64
+6
source share
1 answer

Remember that GateKeeper only takes effect when you start the file with the quarantine attribute. Files directly downloaded through Safari, Mail, Messages, and other Apple software automatically set the quarantine attribute. As soon as you click "Are you sure you want to open it?" alert, the quarantine flag is cleared, and GateKeeper is no longer requested. If you want the GateKeeper validation equivalent to be executed every time your application starts, you will need to do your own static verification of the code using an API like SecStaticCodeCheckValidity . Of course, if people are already modifying your executable, then they can simply modify it to get around this extra code signing verification.

+1
source

Source: https://habr.com/ru/post/979717/

More articles:


All Articles