SUMMARY: BUILD | 19D50 | Entitlement Issues

[xsscx]

It has been found that the signature for simple-shell example code is rejected by AMFI Research when using SRT 21C39 on iPhone 11 + iPhone 12 with 19D50, and possibly other version, due to unsuitable CT policy.

Source

https://github.com/apple/security-research-device/tree/main/example-cryptex/src/simple-shell

iPhone 11

uname -a

SRD0009 21.3.0 Darwin Kernel Version 21.3.0: Wed Jan  5 21:44:45 PST 2022; root:xnu-8019.80.24~23/RELEASE_ARM64_T8030 iPhone12,1 Toybox

Console Log

default 09:50:01.225928-0500    cryptexd    AMSupportPlatformCreateBufferFromNativeFilePath: open failed: No such file or directory
default 09:50:01.226183-0500    cryptexd    <private>
default 09:50:01.226283-0500    cryptexd    <private>
default 09:50:01.226376-0500    cryptexd    <private>
default 09:50:01.226468-0500    cryptexd    <private>
default 09:50:01.227339-0500    cryptexd    AMSupportPlatformCreateBufferFromNativeFilePath: open failed: No such file or directory
default 09:50:01.227597-0500    cryptexd    <private>
default 09:50:01.227696-0500    cryptexd    <private>
default 09:50:01.227761-0500    cryptexd    <private>
default 09:50:01.227792-0500    cryptexd    <private>
default 09:50:01.227961-0500    cryptexd    AMSupportPlatformCreateBufferFromNativeFilePath: open failed: No such file or directory
default 09:50:01.228029-0500    cryptexd    <private>
default 09:50:01.228064-0500    cryptexd    <private>
default 09:50:01.228095-0500    cryptexd    <private>
default 09:50:01.228127-0500    cryptexd    <private>
default 09:50:01.228316-0500    cryptexd    AMSupportPlatformCreateBufferFromNativeFilePath: open failed: No such file or directory
default 09:50:01.228435-0500    cryptexd    <private>
default 09:50:01.228477-0500    cryptexd    <private>
default 09:50:01.228512-0500    cryptexd    [anonymous]: tss request = <private>
default 09:50:01.286221-0500    kernel  hfs: mounted com.example.cryptex.dstroot on device disk3s1
error   09:50:01.289122-0500    cryptexd    missing label
error   09:50:01.289161-0500    cryptexd    failed to frob plist: <xpc object>: [22: Invalid argument]
error   09:50:01.289216-0500    cryptexd    <private>: failed to bootstrap service: <private>: [22: Invalid argument]
default 09:50:01.298893-0500    MobileStorageMounter    cryptex mount point = <private>
default 09:50:01.299624-0500    MobileStorageMounter    Posting notification: com.apple.mobile.cryptex_mounted
default 09:50:01.301723-0500    installd    0x16b3ff000 main_block_invoke_2: event: <OS_xpc_dictionary: <dictionary: 0x105f052b0> { count = 4, transaction: 0, voucher = 0x105f04a20, contents =
    "UserInfo" => <dictionary: 0x105f040a0> { count = 2, transaction: 0, voucher = 0x0, contents =
        "DiskImageType" => <string: 0x105f05030> { length = 7, contents = "Cryptex" }
        "DiskImageMountPath" => <string: 0x105f04bb0> { length = 75, contents = "/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY" }
    }
    "Name" => <string: 0x105f04f20> { length = 35, contents = "com.apple.mobile.disk_image_mounted" }
    "Object" => <string: 0x105f04f50> { length = 20, contents = "MobileStorageMounter" }
    "XPCEventName" => <string: 0x105f055c0> { length = 35, contents = "com.apple.mobile.disk_image_mounted" }
}>
default 09:50:01.315119-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell' is adhoc signed.
default 09:50:01.315145-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell': unsuitable CT policy 0 for this platform/device, rejecting signature.
default 09:50:01.329533-0500    installd    0x16b3ff000 -[MIDeveloperDiskImageTracker imageMounted:]: received notification: file:///private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/Applications/
default 09:50:01.329827-0500    installd    0x16b3ff000 -[MIDeveloperDiskImageTracker checkMountPoint:]_block_invoke: /private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/Applications is not present now or before
error   09:50:01.392422-0500    kernel  Sandbox: mobile_storage_p(269) deny(1) file-read-metadata /private/var/run/com.apple.security.cryptexd/codex.system/live/com.example.cryptex/cpxd
error   09:50:01.490565-0500    simple-server   Hello! I'm simple-server from the example cryptex!
error   09:50:01.490709-0500    simple-server   I'm about to bind to 0.0.0.0:7777
error   09:50:01.490952-0500    simple-server   I'm about to listen on fd: 3
error   09:50:01.491127-0500    simple-server   Waiting for a client to connect...
error   09:50:01.511826-0500    dropbear    send failed: Invalid argument
error   09:50:01.511933-0500    dropbear    send failed: Invalid argument
error   09:50:01.511970-0500    dropbear    send failed: Invalid argument
default 09:50:11.176348-0500    dropbear    Password auth succeeded for 'root' from 192.168.3.83:57440
default 09:50:11.203689-0500    dropbear    CRYPTEX_SHELL specified. User shell is now '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/sh'
default 09:50:11.206820-0500    dropbear    Setting PATH to '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/sbin:/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/bin:/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin:/sbin:/bin:/usr/bin'
default 09:50:11.209203-0500    dropbear    Starting shell: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/sh'
default 09:50:11.326214-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell' is adhoc signed.
default 09:50:11.326399-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell': unsuitable CT policy 0 for this platform/device, rejecting signature.
error   09:50:11.996740-0500    kernel  1 duplicate report for Sandbox: mobile_storage_p(269) deny(1) file-read-metadata /private/var/run/com.apple.security.cryptexd/codex.system/live/com.example.cryptex/cpxd
default 09:50:21.340920-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell' is adhoc signed.
default 09:50:21.341113-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell': unsuitable CT policy 0 for this platform/device, rejecting signature.
default 09:50:31.350737-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell' is adhoc signed.
default 09:50:31.350843-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell': unsuitable CT policy 0 for this platform/device, rejecting signature.
default 09:50:41.474349-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell' is adhoc signed.
default 09:50:41.474395-0500    kernel  AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.SaodjY/usr/bin/simple-shell': unsuitable CT policy 0 for this platform/device, rejecting signature.

Status

simple-shell, Service Exited, unsuitable CT policy, Recently Identified, AMFI Research, Hardcoded

Reported: https://github.com/apple/security-research-device/issues/43

[xsscx]

Update to 21E5196i and srd_tools-24.100.3 and Retest https://github.com/apple/security-research-device/pull/42

[xsscx]

Summary

See https://github.com/xsscx/srd/issues/17

[xsscx]

Prior Fix

• https://github.com/apple/security-research-device/pull/48

  Knowledgebase

• https://github.com/apple/security-research-device/issues/27
• https://github.com/apple/security-research-device/issues/43
• https://github.com/apple/security-research-device/issues/44
• https://github.com/apple/security-research-device/issues/46
• https://github.com/apple/security-research-device/issues/47