MachOParse __Text section sha256 doesn't match the sha256 of the same section in file

[mohammedDehairy]

Hi,

i am trying to take advantage of the MachOParse to verify the source code integrity at runtime, but the problem is that when i compare the hash code generated by this class for the __Text section with the hash code of the same section in the generated binary on file of our SDK, they don't match.

this is the command that i use to generate the on file __Text section hash code:

# First get the __Text section offset and size on file
otool -l path/to/binary

this is the output:

Load command 0
      cmd LC_SEGMENT_64
  cmdsize 1752
  segname __TEXT
   vmaddr 0x0000000000000000
   vmsize 0x00000000001a0000
  fileoff 0
 filesize 1703936
  maxprot 0x00000005
 initprot 0x00000005
   nsects 21
    flags 0x0
Section
  sectname __text
   segname __TEXT
      addr 0x0000000000001d98
      size 0x00000000001676e0
    offset 7576
     align 2^2 (4)
    reloff 0
    nreloc 0
     flags 0x80000400
 reserved1 0
 reserved2 0

# then run this command
dd if=path/to/binary skip=7575 count=1472224 | shasum -a 256

but this hash never matches with the one generated by the IOSSecuritySuite at runtime, can you please help me understand whether how i generate the hash is wrong, or if the hash calculation in the IOSSecuritySuite is maybe flawed?

Thanks

[r3ggi]

Hey @mohammedDehairy!

Hmm, please read the https://github.com/securing/IOSSecuritySuite/issues/30 issue where you can find a step-by-step guide on how to calculate this hash. If it doesn't work, please let me know and I'll verify that