MachoStandalone should strip code signatures

[ronaldoussoren]

Original report by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

MachoStandalone changes binaries, which break code signatures. The command should therefore remove code signatures.

[ronaldoussoren]

Original comment by Ronald Oussoren (Bitbucket: ronaldoussoren, GitHub: ronaldoussoren).

---

I've attached a patch that does some of the work. The patch is not complete though, the code signature is stored in the LINKEDIT segment, not just in the macho headers:

#!C
/*
 * The linkedit_data_command contains the offsets and sizes of a blob
 * of data in the __LINKEDIT segment.  
 */
struct linkedit_data_command {
    uint32_t    cmd;            /* LC_CODE_SIGNATURE, LC_SEGMENT_SPLIT_INFO,
                                            LC_FUNCTION_STARTS, LC_DATA_IN_CODE,
                                            or LC_DYLIB_CODE_SIGN_DRS */
    uint32_t    cmdsize;        /* sizeof(struct linkedit_data_command) */
    uint32_t    dataoff;        /* file offset of data in __LINKEDIT segment */
    uint32_t    datasize;       /* file size of data in __LINKEDIT segment  */
};

The patch only removes the linkedit_data load command, but doesn't adjust the LINKEDIT segment and that confuses other tools (like strip(1)).

[HinTak]

Argh, the patch is not included. Anyway, the comment sounds a bit more complicated than it should? AFAIK, the code signature is appended to a binary, so truncating plus a bit of offset adjustments elsewhere should work? Or am I missing something?

If the worst comes to the worst, one can just copy and recreate all the mach-o sections, and dropping the LC_CODE_SIGNATURE part on the way?

I am about to embark on exactly this task. The context is that mono (C# stuff)'s runtime loader has the ability of looking at itself, and loading extract .net dll's appended to the end of it, and one can sign afterwards the result. But this process breaks if the main loader's binary is already signed (which it is, on officially distributed binary); people cross-compiling mono for mac os x from elsewhere does not have this problem since the loader binary would then be unsigned. Anyway, I am going to go ahead to see if I can write a script to strip code signature with machollib.

[HinTak]

I have finished my remove-code-signature script, https://github.com/HinTak/mono-modification/blob/macosx-10.13/remove-code-signature.py , and tested successfully on a signed binary which I already kept the pre-signed version. FYI.

@ronaldoussoren yes, after finishing the script, I realise that your "adjust the LINKEDIT segment" is just my "a bit of offset adjustments elsewhere" :-). Since my script allows me to recover the pre-signed version (which the signing tool was happy to sign), I believe my script is correct and complete. And thanks for the library! It makes these sort of binary manipulation straight-forward.

[ronaldoussoren]

My current plan is to resign binaries using an ad-hoc signature, especially because macOS/arm64 requires code signatures.