Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add automated applepushserviced patch for OSX

  • Loading branch information...
commit a603d9b7109a1155a3e1bf4ea5fa08a1b18f7242 1 parent 5a1c1a5
@meeee authored
Showing with 59 additions and 2 deletions.
  1. +9 −2 README.md
  2. +50 −0 setup/osx/patch-applepushserviced.sh
View
11 README.md
@@ -45,6 +45,8 @@ You can find the extracted certificates in `certs/device`. Both public and priva
### Extract OS X Certificates
+Note: If you want to connect at least one device via a patched push daemon, you need to patch the push daemon on OS X first.
+
OS X stores the certificates in the `/Library/Keychains/applepushserviced` keychain.
To ensure only the push certificate is in this keychain, delete the applepushserviced keychain, so it activates and creates a new keychain entry. You may try without this step, but if the keychain has other entries, the following steps may fail.
@@ -107,9 +109,14 @@ You can find instructions on how to do this manually in `doc/howto-patch-apsd.md
#### OS X applepushserviced patch
-I haven't automated this step yet, but all you have to do is **replacing** all occurrences of `push.apple.com` with your own 14-characters domain name and codesign the binary:
+Like the iOS patch step, this step assumes there is a codesign certificate in your keychain named `iPhone Developer`.
+
+ cd pushproxy
+ setup/osx/patch-applepushserviced <14-char DNS entry>
+
+This modifies `/System/Library/PrivateFrameworks/ApplePushService.framework/applepushserviced` and place a backup in the same directory named `applepushserviced.orig`.
- codesign -f -s "iPhone Developer" applepushserviced
+After a restart the `applepushserviced` would request a new certificate from Apple since the binary has a new signature, so Keychain doesn't allow it to access the old certificate. So just do the 'Extract OS X Certificates' step which includes a restart anyway.
## Running
View
50 setup/osx/patch-applepushserviced.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+BINARY_PATH="/System/Library/PrivateFrameworks/ApplePushService.framework/applepushserviced"
+BINARY="$(basename $BINARY_PATH)"
+BACKUP_SUFFIX=".orig"
+CERT_NAME="iPhone Developer"
+
+if [[ "$#" != "1" ]]; then
+ echo "Usage: `basename $0` <push host 14 chars long>"
+ echo
+ echo "Warning: This script modifies $BINARY_PATH"
+ echo " It saves a backup in the same directory as $BINARY.orig"
+ exit 64 # EX_USAGE
+fi
+
+set -e
+PUSH_HOST="$1"
+
+BACKUKP_PATH="$BINARY_PATH$BACKUP_SUFFIX"
+
+FRAMEWORK_PATH="/System/Library/PrivateFrameworks/ApplePushService.framework"
+if [ -e "$BACKUKP_PATH" ]; then
+ echo "Error: $BACKUKP_PATH exists, $BINARY has probably already been patched."
+ echo "Delete it if you are sure its the original, e.g. after an OS X update."
+ exit 1
+fi
+
+sudo cp -av "$BINARY_PATH" "$BACKUKP_PATH"
+
+TMPDIR=`mktemp -d /tmp/patch-$BINARY.XXXXXX`
+cd "$TMPDIR"
+
+cp -av "$BINARY_PATH" ./$BINARY
+
+perl -pi -e "s/push.apple.com/$PUSH_HOST/g" "$BINARY"
+
+codesign -f -s "$CERT_NAME" "$BINARY"
+
+# delete and create seems to be necessary also on OS X to clear a kernel
+# signature cache
+sudo rm "$BINARY_PATH"
+sudo cp -av "$BINARY" "$BINARY_PATH"
+
+rm -r "$TMPDIR"
+echo "Done"
+
+echo "After restarting applepushserviced, you need to extract the"
+echo "push certificate again. The binary has a new signature, so Keychain"
+echo "doesn't allow it to access the old certificate, therefore "
+echo "applepushserviced requests a new one."
Please sign in to comment.
Something went wrong with that request. Please try again.