Skip to content
/ mach_o_unsign Public

Remove signature from Mach-O executable. Optionally in-place. Optionally creating backup copy before.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jonbho/mach_o_unsign

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
endian.c
endian.c
 
 
endian.h
endian.h
 
 
unsign.c
unsign.c
 
 

Repository files navigation

mach_o_unsign -- Remove code signature from Mach-O executable

BUILDING

  • git clone https://github.com/jonbho/mach_o_unsign.git
  • cd mach_o_unsign
  • make

The Makefile uses just gcc to compile and link.

USAGE

Invoke as unsign original_executable_filename [output_executable_filename [backup_executable_filename]], where:

  • original_executable_filename is the file you want to modify
  • output_executable_filename is the optional output file name (if not given, it defaults to writing the output with the same path and name of the original with .unsigned appended)
  • backup_executable_filename is an optional path where the tool will make a copy of the original before attempting any modification for backup purposes. If a file with the backup_executable_filename name already exists, no backup is generated.

DESCRIPTION

The code processes the input Mach-O executable load commands, copying things verbatim to the output, until it finds an LC_CODE_SIGNATURE one, and removes it. It also zeroes out the signature in the __LINKEDIT section. It does this for all the architectures included in a 'fat' (multi-architecture) binary. The executable should keep working exactly the same after the modification.

NOTE

If you want to unsign a root-owned executable in an OS X environment (for example, an executable inside an application bundle in /Applications), you will need to grant unsign admin rights. You can use either sudo to invoke it from the command line, or you can use a utility I wrote, run_authorized_osx, which will bring up the OS X standard admin-password prompt (see https://github.com/jonbho/run_authorized_osx).

ATTRIBUTION

Based on the ISC-licensed unsign code at http://www.woodmann.com/collaborative/tools/index.php/Unsign, which is suitably unsigned by the author (the code includes a notice saying "Copyright (c) 2010", but not the name of the author). I needed to add a third optional parameter to save a backup copy of the original unmodified executable. There were two previous imports of this code into github (https://github.com/daqiang430/unsign and https://github.com/steakknife/unsign), but I felt a more-completely documented github repo was necessary, and it seemed a better idea to base this repo on the original version of the code.

LEGAL

Portions (c) August 2016 Jon Beltran de Heredia (jonbho). Licensed under the MIT license.

About

Remove signature from Mach-O executable. Optionally in-place. Optionally creating backup copy before.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages