You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It has been found that as of MON 10 JAN 2022 that cryptexctl for SRT 21C39 with cryptexctl from libcryptex_executables-169.80.2~9 generates TSS Signing Requests that are being Declined.
Version Info
cryptexctl version
Darwin Cryptex Management Interface Version 2.0.0: Sun Dec 19 22:28:12 PST 2021; root:libcryptex_executables-169.80.2~9/cryptexctl/WEN_ETA_X86_64
Kernel
21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 PST 2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64
HTTP/1.1 200 OK
Server: Apple
Date: Mon, 10 Jan 2022 15:42:37 GMT
Content-Type: text/html
Content-Length: 69
Connection: close
Host: gs.apple.com
Strict-Transport-Security: max-age=31536000; includeSubdomains
X-Frame-Options: SAMEORIGIN
STATUS=94&MESSAGE=This device isn't eligible for the requested build.
Issue
It appears that cryptexctl on X86_64 makes an HTTP Request that does not contain the Key for CryptexDMG perhaps causing the Authentication Error from libcryptex:
TSS Signing for cryptex personalizations are not impacted from M1 T8101 or X86_64 when using 20G314 with SRT 20C80, aka macOS 11.6.2 for iPhone 11 or iPhone 12 Devices.
Analysis
It was found that the HTTP Request generated by cryptexctl contains the key:
<key>PersonalizedDMG</key>
and when changed to:
<key>CryptexDMG</key>
Then, The HTTP Response contains the Signing for the Cryptex Personalization.
21C52 | 21C39 | X86_64 | libcryptex_executables-169.80.2~9 | TSS | Cryptex | Signing | Declined | iPhone 11 | iPhone 12 | CryptexManager Working
It has been found that as of MON 10 JAN 2022 that cryptexctl for SRT 21C39 with cryptexctl from libcryptex_executables-169.80.2~9 generates TSS Signing Requests that are being Declined.
Version Info
Kernel
shasum
Codesign
CLI
HTTP Response
Issue
It appears that cryptexctl on X86_64 makes an HTTP Request that does not contain the Key for CryptexDMG perhaps causing the Authentication Error from libcryptex:
Whereas it has been found that CryptexManager generates an HTTP Request containing the proper syntax:
Personalization Request from CryptexManager with cryptex installation success
macOS 11.x Unimpacted for M1 T8101 or X86_64
TSS Signing for cryptex personalizations are not impacted from M1 T8101 or X86_64 when using 20G314 with SRT 20C80, aka macOS 11.6.2 for iPhone 11 or iPhone 12 Devices.
Analysis
It was found that the HTTP Request generated by cryptexctl contains the key:
and when changed to:
Then, The HTTP Response contains the Signing for the Cryptex Personalization.
Reference
Requirements: https://github.com/xsscx/srd/blob/main/SecurityResearchTools_21C39/example-cryptex/README.md
TSS cryptex personalization Signings as of MON 10 JAN 2022 at 1200 EST
macOS 11.x
macOS 12.x
The text was updated successfully, but these errors were encountered: