checking codesign sig while running

It seems that a fairly effective way of check my app’s integrity is to check the codesign signature when it’s running and warn / quit if it fails.

Has anyone tried this? It seems it would be a different challenge depending on the platform:

Mac: I have no idea if the codesign command line tool is available for all users or only xcoders?

Win: I suspect we’d have to bundle a code signing / verifying tool in order to verify?

But this does beg the question, are these tools available in the OS via an API call? They’re in there somewhere, otherwise the OS couldn’t verify the signature…

If the integrity of you app was compromised, it wouldn’t run at all I’d think…

Apparently that’s not the case. Assembly-level hacking to overcome licensing doesn’t render the app unusable, unfortunately.

Also, I’m not certain what’s required to remove the bits that mark an app as signed but it might not be too tough. It seems that creating an internal check might make a cracker’s life a little more difficult.

For macOS:

Yes, a broken code signed app can still be launched (even without a warning).

With declares you can use this code to check Codesigning. You can use this as an extra protection.

[quote]
Declare Function SecCodeCopySelf Lib “Security” (flags as integer, byref proc as ptr) As Integer
Declare Function SecStaticCodeCheckValidity Lib “Security” (code as ptr, flags as integer, requirement as ptr) As Integer
dim Ppoint as ptr
dim cs As integer
cs=SecCodeCopySelf(0,Ppoint)
cs=cs+SecStaticCodeCheckValidity(Ppoint,0,nil)
if cs<>0 then
msgbox “Codesign is broken”
end if[/quote]

For Windows:
It is possible but very hard to get it right. In the end I would not do this.

[quote=331292:@Christoph De Vocht]Declare Function SecCodeCopySelf Lib “Security” (flags as integer, byref proc as ptr) As Integer
Declare Function SecStaticCodeCheckValidity Lib “Security” (code as ptr, flags as integer, requirement as ptr) As Integer
dim Ppoint as ptr
dim cs As integer
cs=SecCodeCopySelf(0,Ppoint)
cs=cs+SecStaticCodeCheckValidity(Ppoint,0,nil)
if cs<>0 then
msgbox “Codesign is broken”
end if[/quote]

that’s great stuff, thanks!

[quote]For Windows:
It is possible but very hard to get it right. In the end I would not do this.[/quote]

Do you mind expanding on the problems involved? I expect it’s the platform that is at higher risk for such things…

I wrote an article on Application Integrity checking in an issues of xDev, I’m sorry but I don’t recall what edition it was. Lemme go look it up for you.

Edit: It’s edition 14.3 http://gum.co/DQFIB

Thanks Sam, I just (apparently re-) read it.

Good stuff.

I do hope we can do something for Windows as well…

Bunch of things:

  1. You should release the secCode object once you’ve finished.
  2. By adding in the following flags, you’re now doing exactly the same job as Gate Keeper when validating the certificate.
  3. While you’re validating that the application has a valid code signature, you’re not checking to make sure it’s one of your code signatures.

[code]Declare Function SecCodeCopySelf Lib “Security” (flags as integer, byref proc as ptr) As Integer
Declare Function SecStaticCodeCheckValidity Lib “Security” (code as ptr, flags as integer, requirement as ptr) As Integer
dim Ppoint as ptr

if secCodeCopySelf( 0, pPoint ) <> 0 then
MsgBox “Failed to get a code sign object”
return
end if

Const kSecCSCheckGatekeeperArchitectures as integer = 64
Const kSecCSStrictValidate as integer = 16
Const kSecCSRestrictSymlinks as integer = 128
Const kSecCSNoNetworkAccess as integer = 536870912

if secStaticCodeCheckValidity( pPoint, kSecCSCheckGatekeeperArchitectures + kSecCSStrictValidate + kSecCSNoNetworkAccess + kSecCSRestrictSymlinks, nil ) <> 0 then _
MsgBox “Codesign is broken”

declare sub release lib “Cocoa” selector “release” ( objInstance as ptr )
release pPoint[/code]

Is there a specific reason to release the secCode?

avoid a memory leak?

Any Apple API that includes create, copy or init needs to have the object released when you’re done with it (or with NSObjects marked as AutoRelease).

Hope this helps.