ProcursusTeam / ldid

Link Identity Editor. Put real or fake signatures in a Mach-O.
GNU Affero General Public License v3.0
189 stars 45 forks source link

Ldid signs with 3 identical entitlements plist when signing bundle's frameworks #21

Closed superrnovae closed 2 years ago

superrnovae commented 2 years ago

Command:

ldid -e 'YouTube.app/Frameworks/CydiaSubstrate.framework/CydiaSubstrate'

Expected result:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.iokit-user-client-class</key>
    <array>
        <string>IOUserClient</string>
    </array>
    <key>platform-application</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>keychain-access-groups</key>
    <array>
        <string>com.google.ios.youtube</string>
    </array>
    <key>application-identifier</key>
    <string>com.google.ios.youtube</string>
    <key>aps-environment</key>
    <string>production</string>
    <key>com.apple.developer.usernotifications.time-sensitive</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
        <string>group.com.google.ios.youtube</string>
    </array>
</dict>
</plist>

Actual result:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.iokit-user-client-class</key>
    <array>
        <string>IOUserClient</string>
    </array>
    <key>platform-application</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>keychain-access-groups</key>
    <array>
        <string>com.google.ios.youtube</string>
    </array>
    <key>application-identifier</key>
    <string>com.google.ios.youtube</string>
    <key>aps-environment</key>
    <string>production</string>
    <key>com.apple.developer.usernotifications.time-sensitive</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
        <string>group.com.google.ios.youtube</string>
    </array>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.iokit-user-client-class</key>
    <array>
        <string>IOUserClient</string>
    </array>
    <key>platform-application</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>keychain-access-groups</key>
    <array>
        <string>com.google.ios.youtube</string>
    </array>
    <key>application-identifier</key>
    <string>com.google.ios.youtube</string>
    <key>aps-environment</key>
    <string>production</string>
    <key>com.apple.developer.usernotifications.time-sensitive</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
        <string>group.com.google.ios.youtube</string>
    </array>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.iokit-user-client-class</key>
    <array>
        <string>IOUserClient</string>
    </array>
    <key>platform-application</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>keychain-access-groups</key>
    <array>
        <string>com.google.ios.youtube</string>
    </array>
    <key>application-identifier</key>
    <string>com.google.ios.youtube</string>
    <key>aps-environment</key>
    <string>production</string>
    <key>com.apple.developer.usernotifications.time-sensitive</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <array>
        <string>group.com.google.ios.youtube</string>
    </array>
</dict>
</plist>

PlugIns and the main executable don't have this issue.

CRKatri commented 2 years ago

The entitlements from each slice of the FAT binary are listed, if you only want to see one, use ldid -arch arm64 -e.