]> git.cameronkatri.com Git - ldid.git/blob - docs/ldid.1
ldid v2.1.5-procursus5
[ldid.git] / docs / ldid.1
1 .\"-
2 .\" Copyright (c) 2021-2022 Procursus Team <team@procurs.us>
3 .\" SPDX-License-Identifier: AGPL-3.0-or-later
4 .\"
5 .Dd January 20, 2022
6 .Dt LDID 1
7 .Os
8 .Sh NAME
9 .Nm ldid
10 .Nd Link Identity Editor
11 .Sh SYNOPSIS
12 .Nm
13 .Op Fl A Ns Ar cputype : Ns Ar subtype
14 .Op Fl a
15 .Op Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime
16 .Op Fl D
17 .Op Fl d
18 .Op Fl E Ns Ar num : Ns Ar file
19 .Op Fl e
20 .Op Fl H Ns Op Ar sha1 | Ar sha256
21 .Op Fl h
22 .Op Fl I Ns Ar name
23 .Op Fl K Ns Ar key.p12 Op Fl U Ns Ar password
24 .Op Fl M
25 .Op Fl P Ns Op Ar num
26 .Op Fl Q Ns Ar requirements
27 .Op Fl q
28 .Op Fl r | Fl S Ns Ar file.xml | Fl s
29 .Op Fl u
30 .Op Fl arch Ar arch_type
31 .Ar
32 .Sh DESCRIPTION
33 .Nm
34 adds SHA1 and SHA256 hashes to a Mach-O file so that they can be run
35 on a system that has validation but not signature verification.
36 .Bl -tag -width -indent
37 .It Fl A Ns Ar cputype : Ns Ar subtype
38 When used with
39 .Fl a , Fl D , Fl e , Fl h , Fl q ,
40 or
41 .Fl u ,
42 only act on the slice specified by
43 .Ar cputype
44 and
45 .Ar subtype .
46 .Ar cputype
47 and
48 .Ar subtype
49 should both be integers.
50 .It Fl a
51 Print the CPU types and subtypes in hexadecimal.
52 .It Fl arch Ar arch_type
53 The same as
54 .Fl A ,
55 except the name of the architecture is used.
56 The list of currently known
57 .Ar arch_type Ns s
58 can be found in
59 .Xr arch 3 .
60 This is a Procursus extension.
61 .It Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime
62 Specify the option flags to embed in the code signature.
63 See
64 .Xr codesign 1
65 for details about these options.
66 .It Fl D
67 Reset the cryptid.
68 .It Fl d
69 Print the cryptid in the binaries if it exists.
70 .It Fl E Ns Ar num : Ns Ar file
71 Embed the hashes of
72 .Ar file
73 in the special codesign slot at
74 .Ar num .
75 .It Fl e
76 Print the entitlements in each slice, or the slice specified by
77 .Fl A
78 or
79 .Fl arch
80 to
81 .Ar stdout .
82 .It Fl H Ns Op Ar sha1 | Ar sha256
83 Disable the hash not specified.
84 This is useful to replicate the default behavior of
85 .Xr codesign 1 ,
86 which only provides an sha256 signature.
87 .It Fl h
88 Print information about the signature, such as
89 hash types, flags, CDHash, and CodeDirectory version to
90 .Ar stdout .
91 .It Fl I Ns Ar name
92 Set the identifier used in the binaries signature to
93 .Ar name .
94 If not specified, the basename of the binary is used.
95 .It Fl K Ns Ar key.p12
96 Sign using the identity in
97 .Ar key.p12 .
98 This will give the binary a valid signature so that it can be run
99 on a system with signature validation.
100 If
101 .Ar key.p12
102 has a password you will be prompted for it,
103 or you can specify from the command line with
104 .Fl U .
105 .It Fl M
106 When used with
107 .Fl S ,
108 merge the new and existing entitlements instead of replacing the existing
109 entitlements, this is useful for adding a few specific entitlements to a
110 handful of binaries.
111 .It Fl P Ns Op Ar num
112 Mark the Mach-O as a platform binary.
113 If
114 .Ar num
115 is specified, the platform field in the CodeDirectory will be set to that number.
116 The default is 13, as per Apple binaries.
117 Specifying the platform to set to using
118 .Fl P
119 is a Procursus extension.
120 .It Fl Q Ns Ar requirements.xml
121 Embed the requirements found in
122 .Ar requirements .
123 .It Fl q
124 Print embedded requirements of the binaries.
125 .It Fl r
126 Remove the signature from the Mach-O.
127 .It Fl S Ns Op Ar file.xml
128 Pseudo-sign the Mach-O binaries.
129 If
130 .Ar file.xml
131 is specified then the entitlements found in
132 .Ar file.xml
133 will be embedded in the Mach-O.
134 .It Fl s
135 Resign the Mach-O binaries while keeping the existing entitlements.
136 .It Fl U Ns Ar password
137 Use
138 .Ar password
139 as the password for the p12 certificate instead of prompting.
140 This is a Procursus extension.
141 .It Fl u
142 If the binary was linked against UIKit, then print the UIKit version that the
143 Mach-O binaries were linked against.
144 .El
145 .Sh EXAMPLES
146 The command:
147 .Pp
148 .Dl "ldid -S file"
149 .Pp
150 will fakesign
151 .Ar file
152 with no entitlements.
153 .Pp
154 The command:
155 .Pp
156 .Dl "ldid -Cadhoc -K/path/to/key.p12 -Sent.xml file"
157 .Pp
158 will sign
159 .Ar file
160 using the key in
161 .Ar /path/to/key.p12
162 with the entitlements found in
163 .Ar ent.xml ,
164 and mark it as an adhoc signature.
165 .Pp
166 The command:
167 .Pp
168 .Dl "ldid -Sent.xml -M file"
169 .Pp
170 will add the entitlements in
171 .Ar ent.xml
172 to the entitlements already in
173 .Ar file .
174 .Pp
175 The command:
176 .Pp
177 .Dl "ldid -e file > ent.xml"
178 .Pp
179 will save the entitlements found in each slice of
180 .Ar file
181 to
182 .Ar ent.xml .
183 .Sh SEE ALSO
184 .Xr codesign 1
185 .Sh HISTORY
186 The
187 .Nm
188 utility was written by
189 .An Jay \*qSaurik\*q Freeman .
190 iPhoneOS 1.2.0 and 2.0 support was added on April 6, 2008.
191 .Fl S
192 was added on June 13, 2008.
193 SHA256 support was added on August 25, 2016, fixing iOS 11 support.
194 iOS 14 support was added on July 31, 2020 by
195 .An Kabir Oberai .
196 iOS 15 support was added on June 11, 2021.