public static AbstractBlob CreateFromStream(ReadingContext SR)
{
// Read the magic and length (common to all blobs)
UInt32 Magic = SR.ReadUInt32();
UInt32 Length = SR.ReadUInt32();
AbstractBlob Result;
switch (Magic)
{
case CSMAGIC_CODEDIRECTORY:
Result = new CodeDirectoryBlob();
break;
case CSMAGIC_CODEDIR_SIGNATURE:
Result = new CodeDirectorySignatureBlob();
break;
case CSMAGIC_ENTITLEMENTS:
Result = new EntitlementsBlob();
break;
case CSMAGIC_REQUIREMENTS_TABLE:
Result = new RequirementsBlob();
break;
case CSMAGIC_EMBEDDED_SIGNATURE:
Result = new CodeSigningTableBlob();
break;
case CSMAGIC_REQUIREMENT:
default:
Result = new OpaqueBlob();
break;
}
Result.MyMagic = Magic;
Result.UnpackageData(SR, Length);
if (Config.bCodeSignVerbose)
{
Console.WriteLine("[Read blob with magic 0x{0:X} and length={1}]\n{2}", Magic, Length, Result.ToString());
}
return Result;
}
static public ExpressionOp ReadOperand(ReadingContext SR)
{
UInt32 OpVal = SR.ReadUInt32();
ExpressionOp Op = null;
switch (OpVal)
{
case kOpAnd:
Op = new AndOp();
break;
case kOpIdent:
Op = new IdentOp();
break;
case kOpGenericAnchor:
Op = new ExpressionOp(OpVal);
break;
case kOpCertField:
Op = new CertFieldOp();
break;
case kOpCertGeneric:
Op = new CertGenericOp();
break;
case kOpAnchorHash:
Op = new AnchorHashOp();
break;
default:
throw new Exception("Unknown Expression Operand: " + OpVal.ToString());
}
Op.ReadData(SR);
return Op;
}
protected override void UnpackageData(ReadingContext SR, int CommandSize)
{
// Read the segment
SegmentName = SR.ReadFixedASCII(16);
VirtualAddress = SR.ReadUInt(AddressSize);
VirtualSize = SR.ReadUInt(AddressSize);
FileOffset = SR.ReadUInt(AddressSize);
FileSize = SR.ReadUInt(AddressSize);
MaxProt = SR.ReadUInt32();
InitProt = SR.ReadUInt32();
UInt32 SectionCount = SR.ReadUInt32();
Flags = SR.ReadUInt32();
// Read the segment data
//SR.PushPositionAndJump(FileOffset);
//FileData = SR.ReadBytes(FileSize);
//SR.PopPosition();
// Read the sections belonging to the segment
for (int SectionIndex = 0; SectionIndex < SectionCount; ++SectionIndex)
{
MachSection Section = new MachSection(AddressSize);
Section.Read(SR);
Sections.Add(Section);
}
}
protected override void UnpackageData(ReadingContext SR, int CommandSize)
{
int DataSize = (int)CommandSize - (2 * sizeof(UInt32));
Debug.Assert(DataSize >= 0);
MyCommandData = SR.ReadBytes(DataSize);
}
protected abstract void UnpackageData(ReadingContext SR, int CommandSize);
public void LoadFromBytes(byte[] Data)
{
MemoryStream Stream = new MemoryStream(Data, false);
BinaryReader SR = new BinaryReader(Stream);
ReadingContext Context = new ReadingContext(SR);
Read(Context);
SR.Close();
}
public const UInt32 FAT_CIGAM = 0xBEBAFECA; // For little Endian.
protected void Read(ReadingContext SR)
{
// Read the header to see if it is a FAT Binary or not.
SR.bStreamLittleEndian = false;
Magic = SR.ReadUInt32();
bIsFatBinary = (Magic == FAT_MAGIC);
if (bIsFatBinary)
{
Archs = new List<FatBinaryArch>();
NumArchs = SR.ReadUInt32();
for (int ArchIdx = 0; ArchIdx < NumArchs; ArchIdx++)
{
SR.bStreamLittleEndian = false;
FatBinaryArch Arch = new FatBinaryArch();
Arch.CpuType = SR.ReadUInt32();
Arch.CpuSubType = SR.ReadUInt32();
Arch.Offset = SR.ReadUInt32();
Arch.Size = SR.ReadUInt32();
Arch.Align = SR.ReadUInt32();
Archs.Add(Arch);
MachObjectFile Exe = new MachObjectFile();
SR.bStreamLittleEndian = true;
SR.OpenFatArchiveAt(Arch.Offset);
Exe.Read(SR);
SR.CloseFatArchive();
MachObjectFiles.Add(Exe);
}
SR.bStreamLittleEndian = true;
}
else
{
SR.bStreamLittleEndian = true;
MachObjectFile Exe = new MachObjectFile();
SR.Position = 0;
Exe.Read(SR);
MachObjectFiles.Add(Exe);
}
}
protected override void UnpackageData(ReadingContext SR, UInt32 Length)
{
long StartOfBlob = SR.Position - sizeof(UInt32) * 2;
Version = SR.ReadUInt32();
Flags = SR.ReadUInt32();
UInt32 HashOffset = SR.ReadUInt32();
UInt32 IdentifierStringOffset = SR.ReadUInt32();
SpecialSlotCount = SR.ReadUInt32();
CodeSlotCount = SR.ReadUInt32();
MainImageSignatureLimit = SR.ReadUInt32();
BytesPerHash = SR.ReadByte();
HashType = SR.ReadByte();
Spare1 = SR.ReadByte();
LogPageSize = SR.ReadByte();
Spare2 = SR.ReadUInt32();
ScatterCount = SR.ReadUInt32();
// Read the identifier string
SR.PushPositionAndJump(StartOfBlob + IdentifierStringOffset);
Identifier = SR.ReadASCIIZ();
SR.PopPosition();
// Read the hashes
long TotalNumHashes = SpecialSlotCount + CodeSlotCount;
Hashes = new byte[TotalNumHashes * BytesPerHash];
SR.PushPositionAndJump(StartOfBlob + HashOffset - BytesPerHash * SpecialSlotCount);
for (long i = 0; i < TotalNumHashes; ++i)
{
byte[] Hash = SR.ReadBytes(BytesPerHash);
Array.Copy(Hash, 0, Hashes, i * BytesPerHash, BytesPerHash);
}
SR.PopPosition();
if (Config.bCodeSignVerbose)
{
PrintHash("Info:", cdSlotMax - cdInfoSlot);
PrintHash("Requirements:", cdSlotMax - cdRequirementsSlot);
PrintHash("ResourceDir:", cdSlotMax - cdResourceDirSlot);
PrintHash("Application:", cdSlotMax - cdApplicationSlot);
PrintHash("Entitlements:", cdSlotMax - cdEntitlementSlot);
}
}
protected override void UnpackageData(ReadingContext SR, UInt32 Length)
{
if (Length > 0)
{
UInt32 ExpressionVal = SR.ReadUInt32();
if (ExpressionVal == kReqExpression)
{
Expression = ExpressionOp.ReadOperand(SR);
}
}
}
public override void ReadData(ReadingContext SR)
{
CertificateIndex = (int)SR.ReadUInt32();
UInt32 Count = SR.ReadUInt32();
Hash = SR.ReadBytes((int)Count);
Count = 4 - Count % 4;
if (Count > 0 && Count < 4)
SR.ReadBytes(Count);
}
public override void ReadData(ReadingContext SR)
{
OIDIndex = (int)SR.ReadUInt32(); // index of the OID value (always 1)
UInt32 Count = SR.ReadUInt32();
OID = SR.ReadBytes((int)Count);
Count = 4 - Count % 4;
if (Count > 0 && Count < 4)
SR.ReadBytes(Count);
MatchOp.MatchOp = SR.ReadUInt32(); // OID must exist
}
public override void ReadData(ReadingContext SR)
{
CertificateIndex = (int)SR.ReadUInt32(); // index in the mobile provision certificate list (always 0 for now)
UInt32 Count = SR.ReadUInt32();
FieldName = SR.ReadFixedASCII((int)Count);
Count = 4 - Count % 4;
if (Count > 0 && Count < 4)
SR.ReadBytes(Count);
MatchOp = new MatchSuffix();
MatchOp.MatchOp = SR.ReadUInt32(); // must equal
Count = SR.ReadUInt32();
MatchOp.CertificateName = SR.ReadFixedASCII((int)Count);
Count = 4 - Count % 4;
if (Count > 0 && Count < 4)
SR.ReadBytes(Count);
}
public override void ReadData(ReadingContext SR)
{
UInt32 Count = SR.ReadUInt32();
BundleIdentifier = SR.ReadFixedASCII((int)Count);
Count = 4 - Count % 4;
if (Count > 0 && Count < 4)
SR.ReadBytes(Count);
}
public override void ReadData(ReadingContext SR)
{
Op1 = ExpressionOp.ReadOperand(SR);
Op2 = ExpressionOp.ReadOperand(SR);
}
/// <summary>
/// Reads in a data blob, preserving the stream read pointer (Offset is relative to the start of the underlying stream)
/// </summary>
AbstractBlob ReadBlob(ReadingContext SR, long Offset)
{
SR.PushPositionAndJump(Offset);
AbstractBlob Result = AbstractBlob.CreateFromStream(SR);
SR.PopPosition();
return Result;
}
public void Read(ReadingContext SR)
{
long BaseOffset = SR.Position - (2 * sizeof(UInt32));
UInt32 SlotCount = SR.ReadUInt32();
for (UInt32 i = 0; i < SlotCount; ++i)
{
// Read a slot
UInt32 Key = SR.ReadUInt32();
UInt32 Offset = SR.ReadUInt32();
// Read it's associated blob
AbstractBlob Blob = ReadBlob(SR, BaseOffset + Offset);
// Add it to the slot table
Slots.Add(new KeyValuePair<UInt32, AbstractBlob>(Key, Blob));
}
}
protected override void UnpackageData(ReadingContext SR, int CommandSize)
{
EncryptedFileOffset = SR.ReadUInt32();
EncryptedFileSize = SR.ReadUInt32();
EncryptionMode = SR.ReadUInt32();
}
protected override void UnpackageData(ReadingContext SR, int CommandSize)
{
base.UnpackageData(SR, CommandSize);
SR.PushPositionAndJump(BlobFileOffset);
SR.bStreamLittleEndian = false;
long SavedPosition = SR.Position;
// Parse the blob
Payload = AbstractBlob.CreateFromStream(SR) as CodeSigningTableBlob;
if (Config.bCodeSignVerbose)
{
Console.WriteLine(Payload.ToString());
}
//SR.VerifyStreamPosition(SavedPosition, BlobFileSize);
SR.PopPosition();
SR.bStreamLittleEndian = true;
}
protected override void UnpackageData(ReadingContext SR, int CommandSize)
{
for (int i = 0; i < Payload.Length; ++i)
{
Payload[i] = SR.ReadUInt32();
}
}
public void LoadFromFile(string Filename)
{
BinaryReader SR = new BinaryReader(File.OpenRead(Filename));
ReadingContext Context = new ReadingContext(SR);
Read(Context);
SR.Close();
}
public void Read(ReadingContext SR)
{
long ExpectedStreamPosition = 0;
int NumInt = 7;
// Read the header
Magic = SR.ReadUInt32();
CpuType = SR.ReadUInt32();
CpuSubType = SR.ReadUInt32();
FileType = SR.ReadUInt32();
UInt32 NumCommands = SR.ReadUInt32();
UInt32 SizeOfCommands = SR.ReadUInt32();
Flags = SR.ReadUInt32();
if (Magic == MH_MAGIC_64)
{
Reserved64 = SR.ReadUInt32();
NumInt++;
}
SR.VerifyStreamPosition(ref ExpectedStreamPosition, NumInt * sizeof(UInt32));
// Read the commands
Commands.Clear();
for (int LoadCommandIndex = 0; LoadCommandIndex < NumCommands; ++LoadCommandIndex)
{
MachLoadCommand Command = MachLoadCommand.CreateFromStream(SR);
Commands.Add(Command);
if (Config.bCodeSignVerbose)
{
Console.WriteLine(" Read command: {0}", Command.ToString());
}
}
SR.VerifyStreamPosition(ref ExpectedStreamPosition, SizeOfCommands);
}
public void Read(ReadingContext SR)
{
SectionName = SR.ReadFixedASCII(16);
SegmentName = SR.ReadFixedASCII(16);
Addr = SR.ReadUInt(AddressSize);
Size = SR.ReadUInt(AddressSize);
UInt32 FileOffset = SR.ReadUInt32();
LogAlignment = SR.ReadUInt32();
RelocationOffset = SR.ReadUInt32();
NumRelocations = SR.ReadUInt32();
Flags = (int)SR.ReadUInt32();
Reserved1 = SR.ReadUInt32();
Reserved2 = SR.ReadUInt32();
if (AddressSize == Bits.Num._64)
Reserved3 = SR.ReadUInt32();
if ((SectionType == S_ZEROFILL) || (SectionType == S_GB_ZEROFILL))
{
Debug.Assert(FileOffset == 0);
SectionData = null;
}
else
{
SR.PushPositionAndJump((long)FileOffset);
SectionData = SR.ReadBytes((int)Size);
SR.PopPosition();
}
if (Config.bCodeSignVerbose)
{
Console.WriteLine(" v Read Section '{0}' in segment '{1}' with size {2} and offset 0x{3:X} and align {4} and flags {5:X}", SectionName, SegmentName, Size, FileOffset, 1 << (byte)LogAlignment, Flags);
}
}
protected abstract void UnpackageData(ReadingContext SR, UInt32 Length);
public static MachLoadCommand CreateFromStream(ReadingContext SR)
{
long StartingStreamPosition = SR.Position;
// Read the code and size (common to all commands)
UInt32 CommandCode = SR.ReadUInt32();
UInt32 CommandSize = SR.ReadUInt32();
UInt32 EffectiveCommand = CommandCode & ~(1 << 31);
MachLoadCommand Result;
switch (EffectiveCommand)
{
case LC_SEGMENT:
Result = new MachLoadCommandSegment(Bits.Num._32);
break;
case LC_SEGMENT_64:
Result = new MachLoadCommandSegment(Bits.Num._64);
break;
case LC_SYMTAB:
Result = new MachLoadCommandSymbolTable();
break;
case LC_THREAD:
case LC_UNIXTHREAD:
Result = new MachLoadCommandMainThreadInfo();
break;
case LC_DYSYMTAB:
Result = new MachLoadCommandDynamicSymbolTable();
break;
case LC_LOAD_DYLIB:
case LC_LOAD_WEAK_DYLIB:
case LC_ID_DYLIB:
Result = new MachLoadCommandDylib();
break;
case LC_LOAD_DYLINKER:
case LC_ID_DYLINKER:
Result = new MachLoadCommandDynamicLinkerName();
break;
case LC_UUID:
Result = new MachLoadCommandUUID();
break;
case LC_CODE_SIGNATURE:
Result = new MachLoadCommandCodeSignature();
break;
case LC_ENCRYPTION_INFO:
Result = new MachLoadCommandEncryptedSegmentInfo();
break;
case LC_DYLD_INFO:
Result = new MachLoadCommandDynamicLoaderInfo();
break;
default:
Result = new MachLoadCommandOpaque();
break;
}
// MSB of CommandCode is LC_REQ_DYLD or 0, indicating if the command can (theoretically) be ignored
// or is critical to loading
Result.StartingLoadOffset = StartingStreamPosition;
Result.Command = EffectiveCommand;
Result.RequiredForDynamicLoad = (CommandCode >> 31) != 0;
Result.UnpackageData(SR, (int)CommandSize);
SR.VerifyStreamPosition(StartingStreamPosition, CommandSize);
return Result;
}
protected override void UnpackageData(ReadingContext SR, UInt32 Length)
{
MyData = SR.ReadBytes(Length - (2 * sizeof(UInt32)));
}
protected override void UnpackageData(ReadingContext SR, int CommandSize)
{
BlobFileOffset = SR.ReadUInt32();
BlobFileSize = SR.ReadUInt32();
}
protected override void UnpackageData(ReadingContext SR, uint Length)
{
Table.Read(SR);
}
protected override void UnpackageData(ReadingContext SR, int CommandSize)
{
SymbolTableOffset = SR.ReadUInt32();
SymbolCount = SR.ReadUInt32();
StringTableOffset = SR.ReadUInt32();
StringTableSize = SR.ReadUInt32();
}
public virtual void ReadData(ReadingContext SR)
{ }