From 6f8569e3fbf32942880af8a97a502fd6e7eef135 Mon Sep 17 00:00:00 2001 From: Cameron Katri Date: Sun, 10 Oct 2021 18:40:01 -0400 Subject: Add manpage --- ldid.1 | 164 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ldid.cpp | 17 +++++-- 2 files changed, 177 insertions(+), 4 deletions(-) create mode 100644 ldid.1 diff --git a/ldid.1 b/ldid.1 new file mode 100644 index 0000000..55efe4e --- /dev/null +++ b/ldid.1 @@ -0,0 +1,164 @@ +.\"- +.\" Copyright (c) 2021 Cameron Katri +.\" SPDX-License-Identifier: AGPL-3.0-or-later +.\" +.Dd October 8, 2021 +.Dt LDID 1 +.Os +.Sh NAME +.Nm ldid +.Nd Link Identity Editor +.Sh SYNOPSIS +.Nm +.Op Fl A Ns Ar cputype : Ns Ar subtype +.Op Fl a +.Op Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime +.Op Fl D +.Op Fl d +.Op Fl e +.Op Fl h +.Op Fl K Ns Ar key.p12 Op Fl U Ns Ar password +.Op Fl M +.Op Fl P +.Op Fl q +.Op Fl r | Fl S Ns Ar file.xml | Fl s +.Op Fl T Ns Ar timestamp +.Op Fl u +.Ar +.Sh DESCRIPTION +.Nm +adds SHA1 and SHA256 hashes to a Mach-O file so that they can be run on a system that has validation but not signature verification. +.Bl -tag -width -indent +.It Fl a +Print the CPU types and subtypes in hexadecimal. +.It Fl A Ns Ar cputype : Ns Ar subtype +When used with +.Fl a , Fl D , Fl e , Fl h , Fl q , +or +.Fl u , +only act on the slice specified by +.Ar cputype +and +.Ar subtype . +.Ar cputype +and +.Ar subtype +should both be integers. +.It Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime +Specify the option flags to embed in the code signature. +See +.Xr codesign 1 +for details about these options. +.It Fl D +Reset the cryptid. +.It Fl d +Print the cryptid in the binaries if it exists. +For compatibility reasons it also acts as +.Fl h , +but this will be removed in the future. +.It Fl e +Print the entitlements in each slice, or the slice specified by +.Fl A , +to +.Ar stdout . +.It Fl h +Print information about the signature, such as hash types, flags, CDHash, and CodeDirectory version to +.Ar stdout . +.It Fl K Ns Ar key.p12 +Sign using the identity in +.Ar key.p12 . +This will give the binary a valid signature so that it can be run on a system with signature validation. +If +.Ar key.p12 +has a password you will be prompted for it, or you can specify from the command line with +.Fl U . +.It Fl M +When used with +.Fl S , +merge the new and existing entitlements instead of replacing the existing entitlements, this is useful for adding a few specific entitlements to a handful of binaries. +.It Fl P +Mark the Mach-O as a platform binary. +.It Fl Q Ns Ar file +Embed the requirements found in +.Ar file . +.It Fl q +Print embedded requirements of the binaries. +.It Fl r +Remove the signature from the Mach-O. +.It Fl S Ns Op Ar file.xml +Pseudo-sign the Mach-O binaries. +If +.Ar file.xml +is specified then the entitlements found in +.Ar file.xml +will be embedded in the Mach-O. +.It Fl s +Resign the Mach-O binaries while keeping the existing entitlements. +.It Fl T Ns Ar timestamp +When signing a dylib, set the timestamp to +.Ar timestamp . +.Ar timestamp +should be an UNIX timestamp in seconds, if +.Ar timestamp +is a single dash +.Pq Sq Fl , +the timestamp will be set to a hash of the Mach-O header. +.It Fl U Ns Ar password +Use +.Ar password +as the password for the p12 certificate instead of prompting. +.It Fl u +If the binary was linked against UIKit, then print the UIKit version that the Mach-O binaries was linked against. +.El +.Sh EXAMPLES +The command: +.Pp +.Dl "ldid -S file" +.Pp +will fakesign +.Ar file +with no entitlements. +.Pp +The command: +.Pp +.Dl "ldid -Cadhoc -K/path/to/key.p12 -Sent.xml file" +.Pp +will sign +.Ar file +using the key in +.Ar /path/to/key.p12 +with the entitlements found in +.Ar ent.xml , +and mark it as an adhoc signature. +.Pp +The command: +.Pp +.Dl "ldid -Sent.xml -M file" +.Pp +will add the entitlements in +.Ar ent.xml +to the entitlements already in +.Ar file . +.Pp +The command: +.Pp +.Dl "ldid -e file > ent.xml" +.Pp +will save the entitlements found in each slice of +.Ar file +to +.Ar ent.xml . +.Sh SEE ALSO +.Xr codesign 1 +.Sh HISTORY +The +.Nm +utility was written by +.An Jay \*qSaurik\*q Freeman . +iPhoneOS 1.2.0 and 2.0 support was added on April 6, 2008. +.Fl S +was added on June 13, 2008. +SHA256 support was added on August 25, 2016, fixing iOS 11 support. +iOS 14 support was added on July 31, 2020 by +.An Kabir Oberai . +iOS 15 support was added on June 11, 2021. diff --git a/ldid.cpp b/ldid.cpp index b664441..f8360d3 100644 --- a/ldid.cpp +++ b/ldid.cpp @@ -3102,10 +3102,19 @@ std::string Hex(const uint8_t *data, size_t size) { } static void usage(const char *argv0) { - fprintf(stderr, "usage: %s -S[entitlements.xml] \n", argv0); - fprintf(stderr, " %s -e MobileSafari\n", argv0); - fprintf(stderr, " %s -S cat\n", argv0); - fprintf(stderr, " %s -Stfp.xml gdb\n", argv0); + fprintf(stderr, "Link Identity Editor %s\n\n", LDID_VERSION); + fprintf(stderr, "usage: %s [-Acputype:subtype] [-a]\n", argv0); + fprintf(stderr, " [-C[adhoc | enforcement | expires | hard |\n"); + fprintf(stderr, " host | kill | library-validation | restrict | runtime]] [-D] [-d]\n"); + fprintf(stderr, " [-e] [-h] [-Kkey.p12 [-Upassword]] [-M] [-P] [-q] [-r | -Sfile | -s]\n"); + fprintf(stderr, " [-Ttimestamp] [-u] file ...\n\n"); + fprintf(stderr, "Options:\n"); + fprintf(stderr, " -S[file.xml] Pseudo-sign using the entitlements in file.xml\n"); + fprintf(stderr, " -Kkey.p12 Sign using private key in key.p12\n"); + fprintf(stderr, " -Upassword Use password to unlock key.p12\n"); + fprintf(stderr, " -M Merge entitlements with any existing\n"); + fprintf(stderr, " -h Print CDHash of file\n\n"); + fprintf(stderr, "More information: 'man ldid'\n"); } #ifndef LDID_NOTOOLS -- cgit v1.2.3-56-ge451