The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

CERT

From The iPhone Wiki
Jump to: navigation, search

Apple's certificates on IMG2, IMG3, and IMG4 files. Some hardware tags like CHIP and PROD are actually within this section and technically not in the signature checked area, but that does not matter as in parseCertificatesAndSignature(); in iBoot, they are compared against a hardcoded value for whatever they should be set to.

Parsed

  • openssl asn1parse -inform DER -in cert
   0:d=0  hl=4 l=1211 cons: SEQUENCE          
   4:d=1  hl=4 l= 931 cons: SEQUENCE          
   8:d=2  hl=2 l=   3 cons: cont [ 0 ]        
  10:d=3  hl=2 l=   1 prim: INTEGER           :02
  13:d=2  hl=2 l=   1 prim: INTEGER           :02
  16:d=2  hl=2 l=  13 cons: SEQUENCE          
  18:d=3  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  29:d=3  hl=2 l=   0 prim: NULL              
  31:d=2  hl=2 l=  98 cons: SEQUENCE          
  33:d=3  hl=2 l=  11 cons: SET               
  35:d=4  hl=2 l=   9 cons: SEQUENCE          
  37:d=5  hl=2 l=   3 prim: OBJECT            :countryName
  42:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
  46:d=3  hl=2 l=  19 cons: SET               
  48:d=4  hl=2 l=  17 cons: SEQUENCE          
  50:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
  55:d=5  hl=2 l=  10 prim: PRINTABLESTRING   :Apple Inc.
  67:d=3  hl=2 l=  38 cons: SET               
  69:d=4  hl=2 l=  36 cons: SEQUENCE          
  71:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  76:d=5  hl=2 l=  29 prim: PRINTABLESTRING   :Apple Certification Authority
 107:d=3  hl=2 l=  22 cons: SET               
 109:d=4  hl=2 l=  20 cons: SEQUENCE          
 111:d=5  hl=2 l=   3 prim: OBJECT            :commonName
 116:d=5  hl=2 l=  13 prim: PRINTABLESTRING   :Apple Root CA
 131:d=2  hl=2 l=  30 cons: SEQUENCE          
 133:d=3  hl=2 l=  13 prim: UTCTIME           :060425214036Z
 148:d=3  hl=2 l=  13 prim: UTCTIME           :350209214036Z
 163:d=2  hl=2 l=  98 cons: SEQUENCE          
 165:d=3  hl=2 l=  11 cons: SET               
 167:d=4  hl=2 l=   9 cons: SEQUENCE          
 169:d=5  hl=2 l=   3 prim: OBJECT            :countryName
 174:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
 178:d=3  hl=2 l=  19 cons: SET               
 180:d=4  hl=2 l=  17 cons: SEQUENCE          
 182:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
 187:d=5  hl=2 l=  10 prim: PRINTABLESTRING   :Apple Inc.
 199:d=3  hl=2 l=  38 cons: SET               
 201:d=4  hl=2 l=  36 cons: SEQUENCE          
 203:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
 208:d=5  hl=2 l=  29 prim: PRINTABLESTRING   :Apple Certification Authority
 239:d=3  hl=2 l=  22 cons: SET               
 241:d=4  hl=2 l=  20 cons: SEQUENCE          
 243:d=5  hl=2 l=   3 prim: OBJECT            :commonName
 248:d=5  hl=2 l=  13 prim: PRINTABLESTRING   :Apple Root CA
 263:d=2  hl=4 l= 290 cons: SEQUENCE          
 267:d=3  hl=2 l=  13 cons: SEQUENCE          
 269:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
 280:d=4  hl=2 l=   0 prim: NULL              
 282:d=3  hl=4 l= 271 prim: BIT STRING        
 557:d=2  hl=4 l= 378 cons: cont [ 3 ]        
 561:d=3  hl=4 l= 374 cons: SEQUENCE          
 565:d=4  hl=2 l=  14 cons: SEQUENCE          
 567:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
 572:d=5  hl=2 l=   1 prim: BOOLEAN           :255
 575:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020106
 581:d=4  hl=2 l=  15 cons: SEQUENCE          
 583:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
 588:d=5  hl=2 l=   1 prim: BOOLEAN           :255
 591:d=5  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
 598:d=4  hl=2 l=  29 cons: SEQUENCE          
 600:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
 605:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:04142BD06947947609FEF46B8D2E40A6F7474D7F085E
 629:d=4  hl=2 l=  31 cons: SEQUENCE          
 631:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
 636:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:301680142BD06947947609FEF46B8D2E40A6F7474D7F085E
 662:d=4  hl=4 l= 273 cons: SEQUENCE          
 666:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
 671:d=5  hl=4 l= 264 prim: OCTET STRING      [HEX DUMP]:308201043082010006092A864886F7636405013081F2302A06082B0601050507
                                                         0201161E68747470733A2F2F7777772E6170706C652E636F6D2F6170706C6563
                                                         612F3081C306082B060105050702023081B61A81B352656C69616E6365206F6E
                                                         207468697320636572746966696361746520627920616E792070617274792061
                                                         7373756D657320616363657074616E6365206F6620746865207468656E206170
                                                         706C696361626C65207374616E64617264207465726D7320616E6420636F6E64
                                                         6974696F6E73206F66207573652C20636572746966696361746520706F6C6963
                                                         7920616E642063657274696669636174696F6E20707261637469636520737461
                                                         74656D656E74732E
 939:d=1  hl=2 l=  13 cons: SEQUENCE          
 941:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
 952:d=2  hl=2 l=   0 prim: NULL              
 954:d=1  hl=4 l= 257 prim: BIT STRING        
1215:d=0  hl=4 l=1016 cons: SEQUENCE          
1219:d=1  hl=4 l= 736 cons: SEQUENCE          
1223:d=2  hl=2 l=   3 cons: cont [ 0 ]        
1225:d=3  hl=2 l=   1 prim: INTEGER           :02
1228:d=2  hl=2 l=   1 prim: INTEGER           :10
1231:d=2  hl=2 l=  13 cons: SEQUENCE          
1233:d=3  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
1244:d=3  hl=2 l=   0 prim: NULL              
1246:d=2  hl=2 l=  98 cons: SEQUENCE          
1248:d=3  hl=2 l=  11 cons: SET               
1250:d=4  hl=2 l=   9 cons: SEQUENCE          
1252:d=5  hl=2 l=   3 prim: OBJECT            :countryName
1257:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
1261:d=3  hl=2 l=  19 cons: SET               
1263:d=4  hl=2 l=  17 cons: SEQUENCE          
1265:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
1270:d=5  hl=2 l=  10 prim: PRINTABLESTRING   :Apple Inc.
1282:d=3  hl=2 l=  38 cons: SET               
1284:d=4  hl=2 l=  36 cons: SEQUENCE          
1286:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
1291:d=5  hl=2 l=  29 prim: PRINTABLESTRING   :Apple Certification Authority
1322:d=3  hl=2 l=  22 cons: SET               
1324:d=4  hl=2 l=  20 cons: SEQUENCE          
1326:d=5  hl=2 l=   3 prim: OBJECT            :commonName
1331:d=5  hl=2 l=  13 prim: PRINTABLESTRING   :Apple Root CA
1346:d=2  hl=2 l=  30 cons: SEQUENCE          
1348:d=3  hl=2 l=  13 prim: UTCTIME           :070105192159Z
1363:d=3  hl=2 l=  13 prim: UTCTIME           :220105192159Z
1378:d=2  hl=2 l= 126 cons: SEQUENCE          
1380:d=3  hl=2 l=  11 cons: SET               
1382:d=4  hl=2 l=   9 cons: SEQUENCE          
1384:d=5  hl=2 l=   3 prim: OBJECT            :countryName
1389:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
1393:d=3  hl=2 l=  19 cons: SET               
1395:d=4  hl=2 l=  17 cons: SEQUENCE          
1397:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
1402:d=5  hl=2 l=  10 prim: PRINTABLESTRING   :Apple Inc.
1414:d=3  hl=2 l=  38 cons: SET               
1416:d=4  hl=2 l=  36 cons: SEQUENCE          
1418:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
1423:d=5  hl=2 l=  29 prim: PRINTABLESTRING   :Apple Certification Authority
1454:d=3  hl=2 l=  50 cons: SET               
1456:d=4  hl=2 l=  48 cons: SEQUENCE          
1458:d=5  hl=2 l=   3 prim: OBJECT            :commonName
1463:d=5  hl=2 l=  41 prim: PRINTABLESTRING   :Apple Secure Boot Certification Authority
1506:d=2  hl=4 l= 290 cons: SEQUENCE          
1510:d=3  hl=2 l=  13 cons: SEQUENCE          
1512:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
1523:d=4  hl=2 l=   0 prim: NULL              
1525:d=3  hl=4 l= 271 prim: BIT STRING        
1800:d=2  hl=3 l= 156 cons: cont [ 3 ]        
1803:d=3  hl=3 l= 153 cons: SEQUENCE          
1806:d=4  hl=2 l=  14 cons: SEQUENCE          
1808:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
1813:d=5  hl=2 l=   1 prim: BOOLEAN           :255
1816:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020186
1822:d=4  hl=2 l=  15 cons: SEQUENCE          
1824:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
1829:d=5  hl=2 l=   1 prim: BOOLEAN           :255
1832:d=5  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
1839:d=4  hl=2 l=  29 cons: SEQUENCE          
1841:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
1846:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414493D3653C9D715E186614EACABAB1856635DC3C6
1870:d=4  hl=2 l=  31 cons: SEQUENCE          
1872:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
1877:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:301680142BD06947947609FEF46B8D2E40A6F7474D7F085E
1903:d=4  hl=2 l=  54 cons: SEQUENCE          
1905:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
1910:d=5  hl=2 l=  47 prim: OCTET STRING      [HEX DUMP]:302D302BA029A0278625687474703A2F2F7777772E6170706C652E636F6D2F61
                                                         70706C6563612F726F6F742E63726C
1959:d=1  hl=2 l=  13 cons: SEQUENCE          
1961:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
1972:d=2  hl=2 l=   0 prim: NULL              
1974:d=1  hl=4 l= 257 prim: BIT STRING        
2235:d=0  hl=4 l= 927 cons: SEQUENCE          
2239:d=1  hl=4 l= 563 cons: SEQUENCE          
2243:d=2  hl=2 l=   3 cons: cont [ 0 ]        
2245:d=3  hl=2 l=   1 prim: INTEGER           :02
2248:d=2  hl=2 l=   9 prim: INTEGER           :FB01FB0000000001
2259:d=2  hl=2 l=  13 cons: SEQUENCE          
2261:d=3  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
2272:d=3  hl=2 l=   0 prim: NULL              
2274:d=2  hl=2 l= 126 cons: SEQUENCE          
2276:d=3  hl=2 l=  11 cons: SET               
2278:d=4  hl=2 l=   9 cons: SEQUENCE          
2280:d=5  hl=2 l=   3 prim: OBJECT            :countryName
2285:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
2289:d=3  hl=2 l=  19 cons: SET               
2291:d=4  hl=2 l=  17 cons: SEQUENCE          
2293:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
2298:d=5  hl=2 l=  10 prim: PRINTABLESTRING   :Apple Inc.
2310:d=3  hl=2 l=  38 cons: SET               
2312:d=4  hl=2 l=  36 cons: SEQUENCE          
2314:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
2319:d=5  hl=2 l=  29 prim: PRINTABLESTRING   :Apple Certification Authority
2350:d=3  hl=2 l=  50 cons: SET               
2352:d=4  hl=2 l=  48 cons: SEQUENCE          
2354:d=5  hl=2 l=   3 prim: OBJECT            :commonName
2359:d=5  hl=2 l=  41 prim: PRINTABLESTRING   :Apple Secure Boot Certification Authority
2402:d=2  hl=2 l=  30 cons: SEQUENCE          
2404:d=3  hl=2 l=  13 prim: UTCTIME           :070106052052Z
2419:d=3  hl=2 l=  13 prim: UTCTIME           :170106052052Z
2434:d=2  hl=2 l= 116 cons: SEQUENCE          
2436:d=3  hl=2 l=  11 cons: SET               
2438:d=4  hl=2 l=   9 cons: SEQUENCE          
2440:d=5  hl=2 l=   3 prim: OBJECT            :countryName
2445:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
2449:d=3  hl=2 l=  19 cons: SET               
2451:d=4  hl=2 l=  17 cons: SEQUENCE          
2453:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
2458:d=5  hl=2 l=  10 prim: PRINTABLESTRING   :Apple Inc.
2470:d=3  hl=2 l=  50 cons: SET               
2472:d=4  hl=2 l=  48 cons: SEQUENCE          
2474:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
2479:d=5  hl=2 l=  41 prim: PRINTABLESTRING   :Apple Secure Boot Certification Authority
2522:d=3  hl=2 l=  28 cons: SET               
2524:d=4  hl=2 l=  26 cons: SEQUENCE          
2526:d=5  hl=2 l=   3 prim: OBJECT            :commonName
2531:d=5  hl=2 l=  19 prim: PRINTABLESTRING   :S5L8900 Secure Boot
2552:d=2  hl=3 l= 159 cons: SEQUENCE          
2555:d=3  hl=2 l=  13 cons: SEQUENCE          
2557:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
2568:d=4  hl=2 l=   0 prim: NULL              
2570:d=3  hl=3 l= 141 prim: BIT STRING        
2714:d=2  hl=2 l=  90 cons: cont [ 3 ]        
2716:d=3  hl=2 l=  88 cons: SEQUENCE          
2718:d=4  hl=2 l=  11 cons: SEQUENCE          
2720:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
2725:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020780
2731:d=4  hl=2 l=   9 cons: SEQUENCE          
2733:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
2738:d=5  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
2742:d=4  hl=2 l=  29 cons: SEQUENCE          
2744:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
2749:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:041419DFD743A6C35716ED8642DDB29408A16AEDDFDE
2773:d=4  hl=2 l=  31 cons: SEQUENCE          
2775:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
2780:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014493D3653C9D715E186614EACABAB1856635DC3C6
2806:d=1  hl=2 l=  13 cons: SEQUENCE          
2808:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
2819:d=2  hl=2 l=   0 prim: NULL              
2821:d=1  hl=4 l= 341 prim: BIT STRING

GUI

CERT

Instead of parsing the data, you can also just save the IMG3 CERT part to a file with .cer file extension on a Windows system and can graphically look through the certificate details.

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=CERT&oldid=53795"