The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

AMFID code signing evasion

From The iPhone Wiki

Revision as of 22:31, 30 December 2013 by Http (talk | contribs) (here it has also changed)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

By creating a dylib without code, just redefining the signed code verification function with a "return ok" method from another signed library and using lazy binding, the entire code signing requirement gets circumvented. This method has been used by developers for a long time now.

In evasi0n, the amfi.dylib redefines these functions:

_kMISValidationOptionValidateSignatureOnly (_kCFUserNotificationTokenKey from CoreFoundation)
_kMISValidationOptionExpectedHash (_kCFUserNotificationTimeoutKey from CoreFoundation)
_MISValidateSignature (_CFEqual from CoreFoundation)

TODO: some more detailed description missing here.

Contents

1 Usage
2 See Also
3 Credit
4 References

Usage

evasi0n jailbreak

See Also

Overlapping Segment Attack

Credit

KennyTM~
maybe others too

References

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=AMFID_code_signing_evasion&oldid=38425"

Exploits