layout | title | date | tag | site | catalog | author | subtitle |
---|---|---|---|---|---|---|---|
post |
security |
2018-07-01 |
iosre |
true |
kunnan |
Command line interface to keychains and Security framework |
Usage
Usage: security [-h][-i] [-l][-p prompt] [-q][-v] [command][opt ...]
-i Run in interactive mode.
-l Run /usr/bin/leaks -nocontext before exiting.
-p Set the prompt to "prompt" (implies -i).
-q Be less verbose.
-v Be more verbose about what's going on.
security commands are:
help Show all commands, or show usage for a command.
find-identity
security find-identity -v -p codesigning
- 包含:app ID(AppIDName )、授权文件(Entitlements )、包含公钥的开发证书(DeveloperCertificates )、ProvisionedDevices (可安装设备列表)的签名证书
查看开发配置文件
security cms -D -i filepath
security cms -D -i /Users/devzkn/Downloads/my/IOS开发任务总结/真机调试/xx.mobileprovision
手动完成Xcode签名
- security find-identity -v -p codesigning
列出了哪些行为会被允许,哪些行为会被拒绝。在签名的时候,Xcode会将这个文件作为 --entitlements 参数的内容传递给codesign.
xcode 的
capabilities
选项卡上进行的相应权限操作,相关条目也会添加到授权文件。查询一个应用的授权文件
➜ provision git:(master) ✗ codesign -d --entitlements - /Users/devzkn/decrypted/WeChat6.6.0/Payload/WeChat.app Executable=/Users/devzkn/decrypted/WeChat6.6.0/Payload/WeChat.app/WeChat ??qqh<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.siri</key> <true/> <key>com.apple.developer.team-identifier</key> <string>88L2Q4487U</string> <key>com.apple.developer.healthkit</key> <true/> <key>application-identifier</key> <string>532LCLCWL8.com.tencent.xin</string> <key>com.apple.developer.networking.HotspotHelper</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> </array> <key>aps-environment</key> <string>production</string> <key>com.apple.developer.networking.HotspotConfiguration</key> <true/> <key>com.apple.developer.associated-domains</key> <array> <string>applinks:help.wechat.com</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.tencent.xin</string> </array> </dict> </plist>%
获取profile.plist
security cms -D -i /Users/devzkn/Library/Developer/Xcode/DerivedData/2018wxrobot-eenymyxpjytdqfhdejnwlypbodwy/Build/Products/Debug-iphoneos/2018wxrobot.app/embedded.mobileprovision > profile.plist
使用plistBuddy 从profile.plist 提取Entitlements
/usr/libexec/plistBuddy -x -c 'print :Entitlements' profile.plist > entitlements.plist
对.app 目录下的所有动态库、插件、watch目录下的extension进行签名
codesign -f -s 0B3D26F0E551CC07F2iPhoneDeveloperkey xxx.dylib
对整个app目录进行签名
codesign -f -s 0B3D26F0E551CC07F2iPhoneDeveloperkey --entitlements entitlements.plist target.app
mkdir -p Payload
cp -a Target.app ./Payload
zip -qr Target.ipa ./Payload
- 列出可签名证书
security find-identity -v -p codesigning
- 为dumpecrypted.dylib签名
codesign --force --verify --verbose --sign "iPhone Developer: xxx xxxx (xxxxxxxxxx)" dumpdecrypted.dylib
plistBuddy
➜ ~ /usr/libexec/plistBuddy Usage: plistBuddy [-cxh] <file.plist> -c "<command>" execute command, otherwise run in interactive mode -x output will be in the form of an xml plist where appropriate -h print the complete help info, with command guide
/Users/devzkn/bin//knpost security Command line interface to keychains and Security framework -t iosre
> #原来""的参数,需要自己加上""