Browse files

Add automated applepushserviced patch for OSX

  • Loading branch information...
meeee committed May 12, 2012
1 parent 5a1c1a5 commit a603d9b7109a1155a3e1bf4ea5fa08a1b18f7242
Showing with 59 additions and 2 deletions.
  1. +9 −2
  2. +50 −0 setup/osx/
@@ -45,6 +45,8 @@ You can find the extracted certificates in `certs/device`. Both public and priva
### Extract OS X Certificates
+Note: If you want to connect at least one device via a patched push daemon, you need to patch the push daemon on OS X first.
OS X stores the certificates in the `/Library/Keychains/applepushserviced` keychain.
To ensure only the push certificate is in this keychain, delete the applepushserviced keychain, so it activates and creates a new keychain entry. You may try without this step, but if the keychain has other entries, the following steps may fail.
@@ -107,9 +109,14 @@ You can find instructions on how to do this manually in `doc/
#### OS X applepushserviced patch
-I haven't automated this step yet, but all you have to do is **replacing** all occurrences of `` with your own 14-characters domain name and codesign the binary:
+Like the iOS patch step, this step assumes there is a codesign certificate in your keychain named `iPhone Developer`.
+ cd pushproxy
+ setup/osx/patch-applepushserviced <14-char DNS entry>
+This modifies `/System/Library/PrivateFrameworks/ApplePushService.framework/applepushserviced` and place a backup in the same directory named `applepushserviced.orig`.
- codesign -f -s "iPhone Developer" applepushserviced
+After a restart the `applepushserviced` would request a new certificate from Apple since the binary has a new signature, so Keychain doesn't allow it to access the old certificate. So just do the 'Extract OS X Certificates' step which includes a restart anyway.
## Running
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+BINARY="$(basename $BINARY_PATH)"
+CERT_NAME="iPhone Developer"
+if [[ "$#" != "1" ]]; then
+ echo "Usage: `basename $0` <push host 14 chars long>"
+ echo
+ echo "Warning: This script modifies $BINARY_PATH"
+ echo " It saves a backup in the same directory as $BINARY.orig"
+ exit 64 # EX_USAGE
+set -e
+if [ -e "$BACKUKP_PATH" ]; then
+ echo "Error: $BACKUKP_PATH exists, $BINARY has probably already been patched."
+ echo "Delete it if you are sure its the original, e.g. after an OS X update."
+ exit 1
+sudo cp -av "$BINARY_PATH" "$BACKUKP_PATH"
+TMPDIR=`mktemp -d /tmp/patch-$BINARY.XXXXXX`
+cd "$TMPDIR"
+cp -av "$BINARY_PATH" ./$BINARY
+perl -pi -e "s/$PUSH_HOST/g" "$BINARY"
+codesign -f -s "$CERT_NAME" "$BINARY"
+# delete and create seems to be necessary also on OS X to clear a kernel
+# signature cache
+sudo rm "$BINARY_PATH"
+sudo cp -av "$BINARY" "$BINARY_PATH"
+rm -r "$TMPDIR"
+echo "Done"
+echo "After restarting applepushserviced, you need to extract the"
+echo "push certificate again. The binary has a new signature, so Keychain"
+echo "doesn't allow it to access the old certificate, therefore "
+echo "applepushserviced requests a new one."

0 comments on commit a603d9b

Please sign in to comment.