Skip to content

Commit

Permalink
Implement sideloader trollsign, a port of ct_bypass
Browse files Browse the repository at this point in the history
  • Loading branch information
Dadoum committed Sep 23, 2024
1 parent e4e525a commit 8fbe0a2
Show file tree
Hide file tree
Showing 6 changed files with 3,270 additions and 5 deletions.
2 changes: 1 addition & 1 deletion dub.selections.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
"intel-intrinsics": "1.11.15",
"isfreedesktop": "0.1.1",
"keyring": {"path":"../../keyring/"},
"memutils": "1.0.9",
"memutils": "1.0.10",
"mir-core": "1.6.0",
"plist": "~master",
"plist-d": {"version":"30d152e88767611e10048b25777ecb5f9075f87c","repository":"git+https://github.com/Dadoum/libplist-d.git"},
Expand Down
3 changes: 2 additions & 1 deletion frontends/cli/source/cli_frontend.d
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,7 @@ int entryPoint(Commands commands)
(CertificateCommand cmd) => cmd(),
(InstallCommand cmd) => cmd(),
(SignCommand cmd) => cmd(),
(TrollsignCommand cmd) => cmd(),
(TeamCommand cmd) => cmd(),
(ToolCommand cmd) => cmd(),
(VersionCommand cmd) => cmd(),
Expand All @@ -258,7 +259,7 @@ struct Commands
uint threadCount = uint.max;

@SubCommands
SumType!(AppIdCommand, CertificateCommand, InstallCommand, SignCommand, TeamCommand, ToolCommand, VersionCommand) cmd;
SumType!(AppIdCommand, CertificateCommand, InstallCommand, SignCommand, TrollsignCommand, TeamCommand, ToolCommand, VersionCommand) cmd;
}

mixin CLI!Commands.main!entryPoint;
Expand Down
25 changes: 25 additions & 0 deletions frontends/cli/source/sign.d
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,28 @@ struct SignCommand
return 0;
}
}

@(Command("trollsign").Description("Bypass Core-Trust with TrollStore2 method (CVE-2023-41991)."))
struct TrollsignCommand
{
@(PositionalArgument(0, "macho").Description("Mach-O executable path."))
string executablePath;

int opCall()
{
auto log = getLogger();
log.infoF!"Trollsigning %s"(executablePath);

import file = std.file;
import sideload.ct_bypass;
import sideload.macho;
MachO[] machOs = MachO.parse(cast(ubyte[]) file.read(executablePath));
foreach (ref machO; machOs) {
machO.bypassCoreTrust();
}
file.write(executablePath, makeMachO(machOs));
log.info("Done.");

return 0;
}
}
Loading

0 comments on commit 8fbe0a2

Please sign in to comment.