iOS Code Signing Best Practices
Article Summary
Minyoung Sim from LINE breaks down iOS code signing in forensic detail, revealing how Apple's security mechanism validates every app before execution. This isn't your typical overview.
This deep technical dive from LINE's AIR ARMOR team explains how iOS code signing works under the hood, from provisioning profiles to Mach-O binary structures. The article walks through the complete verification chain that prevents tampered apps from running on iOS devices.
Key Takeaways
- iOS verifies app integrity through Mach-O binary code signatures and hash validation
- Provisioning profiles contain certificates, device lists, entitlements, and expiration dates
- CodeDirectory stores hash values for each 0x1000 page of binary code
- specialHash array validates five critical components including entitlements and resources
- CMS signatures in BlobWrapper prevent attackers from updating CodeDirectory after tampering
iOS code signing creates a multi-layered verification system that checks certificates, hashes binary pages, validates resources, and uses cryptographic signatures to ensure only legitimate apps execute.
About This Article
iOS apps need to pass multiple security checks before they can install. The system requires provisioning profiles with embedded certificates, device lists, and entitlements that all have to match what's on the device. If anything doesn't line up, the installation just fails.
Minyoung Sim's AIR ARMOR team decrypts embedded.mobileprovision files using the security cms command. They also use otool to find LC_CODE_SIGNATURE load commands at specific dataoff offsets in Mach-O binaries so they can analyze the code forensically.
iOS checks CodeDirectory hash slots across 0x1000-byte pages and verifies CMS signatures in BlobWrapper structures. This stops any code that gets modified after signing from running, which keeps apps from being tampered with.