1.0.1

theevilbit · Feb 18, 2021 · 91940d9 · 91940d9
1 parent 984354d
commit 91940d9
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 16 deletions.
diff --git a/Extension/ShieldMonitor.m b/Extension/ShieldMonitor.m
@@ -136,6 +136,10 @@ - (BOOL) monitor
             case ES_EVENT_TYPE_AUTH_MMAP:
             {
                 es_auth_result_t authResult = ES_AUTH_RESULT_ALLOW;
+                //variables for code signing
+                SecRequirementRef requirementRef = NULL;
+                SecStaticCodeRef staticCode = NULL;
+                CFURLRef cfurl = NULL;
                 bool set_cache = false;
                 //check if we care about dylib hijack
                 if([[preferences.preferences objectForKey:PREF_DYLIB] boolValue] == YES) {
@@ -151,30 +155,30 @@ - (BOOL) monitor
                     NSString *ext = [path pathExtension];
                     if ([ext isEqualToString:@"dylib"]) {
                         os_log_debug(log_handle,"checking dylib for process %@, dylib: %@",process.path, path);
-                        //variables for code signing
-                        SecStaticCodeRef staticCode = NULL;
-                        SecRequirementRef requirementRef = NULL;
                         //hold status
                         OSStatus status = !noErr;
 
                         //create static code ref from path
-                        CFURLRef cfurl = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (const UInt8*)[path cStringUsingEncoding:NSUTF8StringEncoding], path.length, false);
+                        cfurl = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (const UInt8*)[path cStringUsingEncoding:NSUTF8StringEncoding], path.length, false);
                         //conversion successful
                         if(cfurl) {
                             status = SecStaticCodeCreateWithPath(cfurl, kSecCSDefaultFlags, &staticCode);
                             os_log_debug(log_handle,"SecStaticCodeCreateWithPath error: 0x%x",status);
                             if (status == noErr) {
                                 //create req string
                                 //set req string, teamid = of the process
-                               NSString *requirementString = [NSString stringWithFormat:@"(anchor apple) or (anchor apple generic and certificate leaf[subject.OU] = \"%@\")", process.teamID];
+                                //anchor apple = apple's own binary - safe
+                                //anchor apple generic and certificate leaf [subject.CN] = \"Apple Mac OS Application Signing\" - app store, assume safe
+                                //anchor apple generic and certificate leaf[subject.OU] = \"%@\" - match dev teamid
+                               NSString *requirementString = [NSString stringWithFormat:@"(anchor apple) or (anchor apple generic and certificate leaf [subject.CN] = \"Apple Mac OS Application Signing\") or (anchor apple generic and certificate leaf[subject.OU] = \"%@\")", process.teamID];
                                 os_log_debug(log_handle,"Req string: %@", requirementString);
 
                                 status = SecRequirementCreateWithString((__bridge CFStringRef _Nonnull)(requirementString), kSecCSDefaultFlags, &requirementRef);
-                                os_log_debug(log_handle,"SecRequirementCreateWithString error: 0x%x",status);
+                                os_log_debug(log_handle,"SecRequirementCreateWithString error: %d",status);
                                 if (status == noErr) {
                                     //check code validity
                                     status = SecStaticCodeCheckValidity(staticCode, kSecCSCheckAllArchitectures, requirementRef);
-                                    os_log_debug(log_handle,"SecStaticCodeCheckValidity error: 0x%x",status);
+                                    os_log_debug(log_handle,"SecStaticCodeCheckValidity error: %d",status);
                                    if (status != noErr) {
                                         notification[NOTIFICATION_TYPE] = @"Dylib hijacking";
                                         notification[NOTIFICATION_DYLIB_PATH] = path;
@@ -203,6 +207,28 @@ - (BOOL) monitor
                         }
                     }
                 }
+                //free static code
+                if(staticCode != NULL)
+                {
+                    //free
+                    CFRelease(staticCode);
+
+                    //unset
+                    staticCode = NULL;
+                }
+                if(requirementRef != NULL) {
+                    //free
+                    CFRelease(requirementRef);
+                    //unset
+                    requirementRef = NULL;
+                }
+                if(cfurl != NULL) {
+                    //free
+                    CFRelease(cfurl);
+
+                    //unset
+                    cfurl = NULL;
+                }
                 //set cache to true
                 res = es_respond_auth_result(client, message, authResult, set_cache);
 

diff --git a/ShieldProject.xcodeproj/project.pbxproj b/ShieldProject.xcodeproj/project.pbxproj
@@ -680,7 +680,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 1.0;
+				MARKETING_VERSION = 1.0.1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.csaba.fitzl.shield;
 				PRODUCT_NAME = Shield;
 			};
@@ -702,7 +702,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 1.0;
+				MARKETING_VERSION = 1.0.1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.csaba.fitzl.shield;
 				PRODUCT_NAME = Shield;
 			};
@@ -715,7 +715,7 @@
 				CODE_SIGN_IDENTITY = "Mac Developer";
 				CODE_SIGN_STYLE = Manual;
 				CREATE_INFOPLIST_SECTION_IN_BINARY = YES;
-				CURRENT_PROJECT_VERSION = 69;
+				CURRENT_PROJECT_VERSION = 70;
 				DEVELOPMENT_TEAM = 33YRLYRBYV;
 				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = Extension/Info.plist;
@@ -725,7 +725,7 @@
 					"@executable_path/../../../../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 10.15;
-				MARKETING_VERSION = 1.0;
+				MARKETING_VERSION = 1.0.1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.csaba.fitzl.shield.Extension;
 				PRODUCT_NAME = "$(inherited)";
 				PROVISIONING_PROFILE_SPECIFIER = mac.shield.extension.dev;
@@ -740,7 +740,7 @@
 				CODE_SIGN_IDENTITY = "Mac Developer";
 				CODE_SIGN_STYLE = Manual;
 				CREATE_INFOPLIST_SECTION_IN_BINARY = YES;
-				CURRENT_PROJECT_VERSION = 69;
+				CURRENT_PROJECT_VERSION = 70;
 				DEVELOPMENT_TEAM = 33YRLYRBYV;
 				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = Extension/Info.plist;
@@ -750,7 +750,7 @@
 					"@executable_path/../../../../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 10.15;
-				MARKETING_VERSION = 1.0;
+				MARKETING_VERSION = 1.0.1;
 				PRODUCT_BUNDLE_IDENTIFIER = com.csaba.fitzl.shield.Extension;
 				PRODUCT_NAME = "$(inherited)";
 				PROVISIONING_PROFILE_SPECIFIER = mac.shield.extension.dev;

diff --git a/...xcodeproj/project.xcworkspace/xcuserdata/csaby.xcuserdatad/UserInterfaceState.xcuserstate b/...xcodeproj/project.xcworkspace/xcuserdata/csaby.xcuserdatad/UserInterfaceState.xcuserstate
diff --git a/ShieldProject.xcodeproj/xcuserdata/csaby.xcuserdatad/xcschemes/xcschememanagement.plist b/ShieldProject.xcodeproj/xcuserdata/csaby.xcuserdatad/xcschemes/xcschememanagement.plist
@@ -17,17 +17,17 @@
 		<key>Shield System Extension.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>2</integer>
+			<integer>1</integer>
 		</dict>
 		<key>Shield.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>0</integer>
+			<integer>2</integer>
 		</dict>
 		<key>ShieldHelper.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>1</integer>
+			<integer>0</integer>
 		</dict>
 		<key>menuBar.xcscheme_^#shared#^_</key>
 		<dict>