macho

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 8, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PageSizeBits = 12
	PageSize     = 1 << PageSizeBits
)

Variables

View Source 
var ErrNoCodeDirectory = fmt.Errorf("unable to find code directory")
View Source 
var SigningOrder = binary.BigEndian

Functions

func IsMachoFile added in v0.2.0 

func IsMachoFile(path string) (bool, error)

Types

type Blob 

type Blob struct {
	BlobHeader
	Payload []byte
}

func NewBlob 

func NewBlob(m Magic, p []byte) Blob

func (Blob) Pack 

func (b Blob) Pack() ([]byte, error)

type BlobHeader 

type BlobHeader struct {
	Magic  Magic  // magic number
	Length uint32 // total length of blob
}

type BlobIndex 

type BlobIndex struct {
	Type   SlotType // type of entry
	Offset uint32   // offset of entry (relative to superblob file offset)
}

type CdFlag 

type CdFlag uint32
const (
	// code signing attributes of a process
	None         CdFlag = 0x00000000 // no flags
	Valid        CdFlag = 0x00000001 // dynamically valid
	Adhoc        CdFlag = 0x00000002 // ad hoc signed
	GetTaskAllow CdFlag = 0x00000004 // has get-task-allow entitlement
	Installer    CdFlag = 0x00000008 // has installer entitlement

	ForcedLv       CdFlag = 0x00000010 // Library Validation required by Hardened System Policy
	InvalidAllowed CdFlag = 0x00000020 // (macOS Only) Page invalidation allowed by task port policy

	Hard            CdFlag = 0x00000100 // don't load invalid pages
	Kill            CdFlag = 0x00000200 // kill process if it becomes invalid
	CheckExpiration CdFlag = 0x00000400 // force expiration checking
	Restrict        CdFlag = 0x00000800 // tell dyld to treat restricted

	Enforcement           CdFlag = 0x00001000 // require enforcement
	RequireLv             CdFlag = 0x00002000 // require library validation
	EntitlementsValidated CdFlag = 0x00004000 // code signature permits restricted entitlements
	NvramUnrestricted     CdFlag = 0x00008000 // has com.apple.rootless.restricted-nvram-variables.heritable entitlement

	Runtime CdFlag = 0x00010000 // Apply hardened runtime policies

	LinkerSigned CdFlag = 0x20000 // type property

	AllowedMacho CdFlag = (Adhoc | Hard | Kill | CheckExpiration | Restrict | Enforcement | RequireLv | Runtime)

	ExecSetHard        CdFlag = 0x00100000 // set HARD on any exec'ed process
	ExecSetKill        CdFlag = 0x00200000 // set KILL on any exec'ed process
	ExecSetEnforcement CdFlag = 0x00400000 // set ENFORCEMENT on any exec'ed process
	ExecInheritSIP     CdFlag = 0x00800000 // set INSTALLER on any exec'ed process

	Killed         CdFlag = 0x01000000 // was killed by kernel for invalidity
	DyldPlatform   CdFlag = 0x02000000 // dyld used to load this is a platform binary
	PlatformBinary CdFlag = 0x04000000 // this is a platform binary
	PlatformPath   CdFlag = 0x08000000 // platform binary by the fact of path (osx only)

	Debugged            CdFlag = 0x10000000 // process is currently or has previously been debugged and allowed to run with invalid pages
	Signed              CdFlag = 0x20000000 // process has a signature (may have gone invalid)
	DevCode             CdFlag = 0x40000000 // code is dev signed, cannot be loaded into prod signed code (will go away with rdar://problem/28322552)
	DatavaultController CdFlag = 0x80000000 // has Data Vault controller entitlement

	EntitlementFlags CdFlag = (GetTaskAllow | Installer | DatavaultController | NvramUnrestricted)
)

type CdVersion 

type CdVersion uint32
const (
	EarliestVersion     CdVersion = 0x20001
	SupportsScatter     CdVersion = 0x20100
	SupportsTeamid      CdVersion = 0x20200
	SupportsCodelimit64 CdVersion = 0x20300
	SupportsExecseg     CdVersion = 0x20400
	SupportsRuntime     CdVersion = 0x20500
	SupportsLinkage     CdVersion = 0x20600
	CompatibilityLimit  CdVersion = 0x2F000 // "version 3 with wiggle room"
)

type CodeDirectory 

type CodeDirectory struct {
	CodeDirectoryHeader
	// followed by dynamic content as located by offset fields above
	Payload []byte
}

type CodeDirectoryHeader 

type CodeDirectoryHeader struct {
	Version       CdVersion // compatibility version
	Flags         CdFlag    // setup and mode flags
	HashOffset    uint32    // offset of hash slot element at index zero
	IdentOffset   uint32    // offset of identifier string
	NSpecialSlots uint32    // number of special hash slots
	NCodeSlots    uint32    // number of ordinary (code) hash slots
	CodeLimit     uint32    // limit to main image signature range
	HashSize      uint8     // size of each hash in bytes
	HashType      HashType  // type of hash (cdHashType* constants)
	Platform      uint8     // platform identifier zero if not platform binary
	PageSize      uint8     // log2(page size in bytes) 0 => infinite
	Spare2        uint32    // unused (must be zero)

	EndEarliest [0]uint8

	// Version 0x20100
	ScatterOffset  uint32 // offset of optional scatter vector
	EndWithScatter [0]uint8

	// Version 0x20200
	TeamOffset  uint32 // offset of optional team identifier
	EndWithTeam [0]uint8

	// Version 0x20300
	Spare3             uint32 // unused (must be zero)
	CodeLimit64        uint64 // limit to main image signature range, 64 bits
	EndWithCodeLimit64 [0]uint8

	// Version 0x20400
	ExecSegBase  uint64      // offset of executable segment
	ExecSegLimit uint64      // limit of executable segment
	ExecSegFlags ExecSegFlag // exec segment flags

	// Version 0x20500
	Runtime          uint32 // Runtime version encoded as an unsigned int
	PreEncryptOffset uint32 // offset of pre-encrypt hash slots

}

type CodeSigningCommand 

type CodeSigningCommand struct {
	Cmd        LoadCommandType // LcCodeSignature
	Size       uint32          // sizeof this command (16)
	DataOffset uint32          // file offset of data in __LINKEDIT segment
	DataSize   uint32          // file size of data in __LINKEDIT segment
}

CodeSigningCommand is Mach-O LcCodeSignature load command.

type ExecSegFlag 

type ExecSegFlag uint64
const (
	ExecsegMainBinary    ExecSegFlag = 0x1   // executable segment denotes main binary
	ExecsegAllowUnsigned ExecSegFlag = 0x10  // allow unsigned pages (for debugging)
	ExecsegDebugger      ExecSegFlag = 0x20  // main binary is debugger
	ExecsegJit           ExecSegFlag = 0x40  // JIT enabled
	ExecsegSkipLv        ExecSegFlag = 0x80  // OBSOLETE: skip library validation
	ExecsegCanLoadCdhash ExecSegFlag = 0x100 // can bless cdhash for execution
	ExecsegCanExecCdhash ExecSegFlag = 0x200 // can execute blessed cdhash
)

executable segment flags

type File 

type File struct {
	io.ReadSeekCloser
	io.ReaderAt
	io.WriterAt
	*macho.File
	// contains filtered or unexported fields
}

func NewFile 

func NewFile(path string) (*File, error)

func NewReadOnlyFile 

func NewReadOnlyFile(path string) (*File, error)

func (*File) AddEmptyCodeSigningCmd 

func (m *File) AddEmptyCodeSigningCmd() (err error)

func (*File) CDBytes 

func (m *File) CDBytes(order binary.ByteOrder, ith int) (cd []byte, err error)

func (*File) CMSBlobBytes 

func (m *File) CMSBlobBytes(order binary.ByteOrder) (cd []byte, err error)

func (*File) Close 

func (m *File) Close() error

func (*File) CodeSigningCmd 

func (m *File) CodeSigningCmd() (*CodeSigningCommand, uint64, error)

func (*File) HasCodeSigningCmd 

func (m *File) HasCodeSigningCmd() bool

func (*File) HashCD 

func (m *File) HashCD(hasher hash.Hash) (hash []byte, err error)

func (*File) HashPages 

func (m *File) HashPages(hasher hash.Hash) (hashes [][]byte, err error)

func (*File) Patch 

func (m *File) Patch(content []byte, size int, offset uint64) (err error)

func (*File) RemoveSigningContent 

func (m *File) RemoveSigningContent() error

func (*File) UpdateCodeSigningCmdDataSize 

func (m *File) UpdateCodeSigningCmdDataSize(newSize int) (err error)

func (*File) UpdateSegmentHeader 

func (m *File) UpdateSegmentHeader(h macho.SegmentHeader) (err error)

type HashType 

type HashType uint8
const (
	HashTypeNohash          HashType = 0
	HashTypeSha1            HashType = 1
	HashTypeSha256          HashType = 2
	HashTypeSha256Truncated HashType = 3
	HashTypeSha384          HashType = 4
	HashTypeSha512          HashType = 5
)

type LoadCommandType 

type LoadCommandType uint32
const LcCodeSignature LoadCommandType = 0x1d

type Magic 

type Magic uint32
const (
	// Magic numbers used by Code Signing
	MagicRequirement             Magic = 0xfade0c00 // single Requirement blob
	MagicRequirements            Magic = 0xfade0c01 // Requirements vector (internal requirements)
	MagicCodedirectory           Magic = 0xfade0c02 // CodeDirectory blob
	MagicEmbeddedSignature       Magic = 0xfade0cc0 // embedded form of signature data
	MagicEmbeddedSignatureOld    Magic = 0xfade0b02 /* XXX */
	MagicLibraryDependencyBlob   Magic = 0xfade0c05
	MagicEmbeddedEntitlements    Magic = 0xfade7171 /* embedded entitlements */
	MagicEmbeddedEntitlementsDer Magic = 0xfade7172 /* embedded entitlements */
	MagicDetachedSignature       Magic = 0xfade0cc1 // multi-arch collection of embedded signatures
	MagicBlobwrapper             Magic = 0xfade0b01 // used for the cms blob
)

type RequirementType 

type RequirementType uint32
const (
	HostRequirementType       RequirementType = 1 /* what hosts may run us */
	GuestRequirementType      RequirementType = 2 /* what guests we may run */
	DesignatedRequirementType RequirementType = 3 /* designated requirement */ // this is the only supported type
	LibraryRequirementType    RequirementType = 4 /* what libraries we may link against */
	PluginRequirementType     RequirementType = 5 /* what plug-ins we may load */
)

type Requirements 

type Requirements struct {
	RequirementsHeader
	// followed by dynamic content as located by offset fields above
	Payload []byte
}

type RequirementsHeader 

type RequirementsHeader struct {
	Count  uint32 // TODO: what is this field?? ("count" is inferred)
	Type   RequirementType
	Offset uint32
}

type SlotType 

type SlotType uint32
const (
	CsSlotCodedirectory               SlotType = 0
	CsSlotInfoslot                    SlotType = 1 // Info.plist
	CsSlotRequirements                SlotType = 2 // internal requirements
	CsSlotResourcedir                 SlotType = 3 // resource directory
	CsSlotApplication                 SlotType = 4 // Application specific slot/Top-level directory list
	CsSlotEntitlements                SlotType = 5 // embedded entitlement configuration
	CsSlotRepSpecific                 SlotType = 6 // for use by disk rep
	CsSlotEntitlementsDer             SlotType = 7 // DER representation of entitlements
	CsSlotAlternateCodedirectories    SlotType = 0x1000
	CsSlotAlternateCodedirectoryMax            = 5
	CsSlotAlternateCodedirectoryLimit          = CsSlotAlternateCodedirectories + CsSlotAlternateCodedirectoryMax
	CsSlotCmsSignature                SlotType = 0x10000
	CsSlotIdentificationslot          SlotType = 0x10001
	CsSlotTicketslot                  SlotType = 0x10002
)

type SuperBlob 

type SuperBlob struct {
	SuperBlobHeader
	Index []BlobIndex // (count) entries
	Blobs []Blob      // payload
	Pad   []byte
}

func NewSuperBlob 

func NewSuperBlob(magic Magic) SuperBlob

func (*SuperBlob) Add 

func (s *SuperBlob) Add(t SlotType, b *Blob)

func (*SuperBlob) Finalize 

func (s *SuperBlob) Finalize(paddingTarget int)

type SuperBlobHeader 

type SuperBlobHeader struct {
	Magic  Magic  // magic number
	Length uint32 // total length of SuperBlob
	Count  uint32 // number of index entries following
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.