kompiler 0.3.2 → 0.3.3

data/lib/kompiler/wrappers/macho_wrapper.rb

@@ -1,4 +1,6 @@
 require 'kompiler/wrappers/packed_bytes'
+require 'securerandom'
+require 'digest'
 
 
 module Kompiler
@@ -11,6 +13,29 @@ module MachO
 	MH_MAGIC_32 = 0xfeedface
 	MH_MAGIC_64 = 0xfeedfacf
 
+	LC_REQ_DYLD = 0x80000000
+
+
+	# Encodes an unsigned integer into ULEB128 byte sequence
+	def self.encode_uleb value
+
+		result_bytes = ""
+		
+		loop do
+			value_bits = value & 0x7f # 7 lower bits
+			value >>= 7 # shift value by 7 bits
+			continue_bit = (value == 0) ? 0 : 1 # "More bytes to come" bit
+			final_byte = value_bits | (continue_bit << 7)
+			result_bytes << final_byte.chr
+			
+			break if value == 0 # If nothing else to encode, exit the loop
+		end
+
+		return result_bytes
+		
+	end
+
+
 
 	def self.wrap_obj code, symbols, arch_type: 64, cputype: 0, cpusubtype: 0
 
@@ -27,28 +52,427 @@ module MachO
 					{
 						name: "__text",
 						vaddr: 0,
-						vsize: 0,
-						align: 1,
-						flags: 0,
+						align: 4,
+						flags: 0x80000400, # section contains some machine instructions
+						content: code,
+					},
+				]
+			}
+		]
+
+
+
+		output = MachO.build(segments: segments, symbols: symbols, prebuilt_lcs: prebuilt_lcs, arch_type: arch_type, cputype: cputype, cpusubtype: cpusubtype, filetype: 1, align_section_contents: true)
+
+		return output
+
+	end
+
+
+	def self.wrap_exec_static code, symbols, arch_type: 64, cputype: 0, cpusubtype: 0, thread_state: nil, virtual_entry_address: 0x80000, codesign: false
+
+		raise "Thread state must be provided for building a static Mach-O executable" if thread_state == nil
+
+		segments = [
+			{
+				name: "__PAGEZERO",
+				vaddr: 0,
+				vsize: virtual_entry_address - 0x1000,
+				maxprot: 0,
+				initprot: 0,
+				flags: 0,
+				file_offset: 0,
+				filesize: 0,
+				sections: []
+			},
+			{
+				name: "__TEXT",
+				vaddr: virtual_entry_address - 0x1000,
+				maxprot: 7,
+				initprot: 7,
+				flags: 0,
+				file_offset: 0,
+				sections: [
+					{
+						name: "__text",
+						vaddr: virtual_entry_address,
+						align: 0x1000,
+						flags: 0x80000400, # section contains some machine instructions
+						content: code,
+					}
+				]
+			}
+		]
+
+		if codesign
+			segments << {
+				name: "__LINKEDIT",
+				vaddr: 0x200000000,
+				vsize: 0,
+				maxprot: 1,
+				initprot: 1,
+				flags: 0,
+				sections: []
+			}
+		end
+		
+
+		uuid_lc = PackedBytes.new
+		uuid_lc.uint32 0x1b
+		uuid_lc.uint32 24
+		uuid_lc.bytes Random.urandom(16) # UUID
+
+
+		unix_thread_lc = PackedBytes.new
+		unix_thread_lc.uint32 0x5 # LC_UNIX_THREAD
+		unix_thread_lc.uint32 thread_state.bytesize + 8 # cmdsize
+		unix_thread_lc.add thread_state
+
+		
+		
+		prebuilt_lcs = [
+			{
+				bytes: uuid_lc.result,
+			},
+			{
+				bytes: unix_thread_lc.result,
+			},
+		]
+
+		flags = 1
+
+		out = MachO.build segments: segments, symbols: symbols, prebuilt_lcs: prebuilt_lcs, codesign: codesign, arch_type: arch_type, cputype: cputype, cpusubtype: cpusubtype, filetype: 2, flags: flags, align_section_contents: true
+
+		return out
+	end
+
+
+
+
+
+
+
+	# Wrap executable with dynamic linker
+	# Wraps a binary program in Mach-O format using dynamic link commands (especially used on ARM MacOS)
+	#
+	def self.wrap_exec_dylink code, symbols, arch_type: 64, cputype: 0, cpusubtype: 0, virtual_entry_address: 0x80000, codesign: false
+
+		pagezero_size = 0x100000000
+
+		text_segment_vaddr = pagezero_size
+
+		text_section_vaddr = text_segment_vaddr + 0x1000
+
+		virtual_entry_address = text_section_vaddr
+
+		linkedit_vaddr = pagezero_size * 3
+
+
+
+		n_local_sym = symbols.size
+
+		symbols.map! do
+			_1[:value] += text_section_vaddr
+			_1
+		end
+
+
+		linkedit = PackedBytes.new
+
+
+		symtab, sym_strtab = MachO.build_symtab(symbols, arch_type: arch_type).values
+				
+		symtab_offset = linkedit.result.bytesize
+		linkedit.add symtab
+		sym_strtab_offset = linkedit.result.bytesize
+		linkedit.add sym_strtab
+
+
+		segments = [
+			{
+				name: "__PAGEZERO",
+				file_offset: 0,
+				filesize: 0,
+				vaddr: 0,
+				vsize: pagezero_size,
+				flags: 0,
+				maxprot: 0,
+				initprot: 0,
+				sections: [],
+			},
+			{
+				name: "__TEXT",
+				vaddr: text_segment_vaddr,
+				# vsize: 0x4000,
+				maxprot: 7,
+				initprot: 7,
+				flags: 0,
+				file_offset: 0,
+				# filesize: 8192,
+
+				sections: [
+					{
+						name: "__text",
+						vaddr: text_section_vaddr,
+						align: 0x1000,
+						flags: 0x80000400, # section contains some machine instructions
 						content: code,
 					},
 				]
+			},
+			{
+				name: "__LINKEDIT",
+				vaddr: linkedit_vaddr,
+				maxprot: 1,
+				initprot: 1,
+				flags: 0,
+
+				content: linkedit.result,
+				content_align: 0x4000,
 			}
 		]
 
+		entry_point_lc = PackedBytes.new
+		entry_point_lc.uint32 0x80000028 # LC_MAIN
+		entry_point_lc.uint32 24 # cmdsize
+
+		entry_point_lc.uint64 0x80000 # file offset address
+		entry_point_lc.uint64 0 # stack size
+
+
+
+		uuid_lc = PackedBytes.new
+		uuid_lc.uint32 0x1b
+		uuid_lc.uint32 24
+		uuid_lc.bytes Random.urandom(16) # UUID
+
+				
+
+		load_dylinker_lc = PackedBytes.new
+
+		load_dylinker_lc.uint32 0xe
+		load_dylinker_lc.uint32 32
+		load_dylinker_lc.bytes "\f\x00\x00\x00/usr/lib/dyld\x00\x00\x00\x00\x00\x00\x00"
+
+		symtab_lc = PackedBytes.new
+
+		symtab_lc.uint32 0x2
+		symtab_lc.uint32 24
+
+		symtab_lc.uint32 0
+		symtab_lc.uint32 symbols.size
+
+		symtab_lc.uint32 0
+		symtab_lc.uint32 sym_strtab.bytesize
+
+
+		dyld_info_lc = PackedBytes.new
+
+		dyld_info_lc.uint32 0x22
+		dyld_info_lc.uint32 12 * 4
+
+		dyld_info_lc.uint32 0 # rebase_off
+		dyld_info_lc.uint32 0 # size
+
+		dyld_info_lc.uint32 0 # bind_off
+		dyld_info_lc.uint32 0 # size
+
+		dyld_info_lc.uint32 0 # weak_bind_off
+		dyld_info_lc.uint32 0 # size
+
+		dyld_info_lc.uint32 0 # lazy_bind_off
+		dyld_info_lc.uint32 0 # size
+
+		dyld_info_lc.uint32 0 # export_off
+		dyld_info_lc.uint32 0 # size
+
+
+
+		code_signature_lc = PackedBytes.new
+
+		code_signature_lc.uint32 0x1d # LC_CODE_SIGNATURE
+		code_signature_lc.uint32 16 # cmdsize
+
+		code_signature_lc.uint32 0 # offset
+		code_signature_lc.uint32 0 # size
+
+
+
+		prebuilt_lcs = [
+			{
+				bytes: symtab_lc.result,
+				relocations: [
+					{
+						content_index: 1,
+						bytefield_offset: 8,
+						bytefield_size: 4,
+						addend: symtab_offset,
+					},
+					{
+						content_index: 1,
+						bytefield_offset: 16,
+						bytefield_size: 4,
+						addend: sym_strtab_offset,
+					}
+				]
+			},
+			{
+				bytes: load_dylinker_lc.result,
+			},
+			{
+				bytes: uuid_lc.result
+			},
+			{
+				bytes: dyld_info_lc.result
+			},
+			{
+				bytes: entry_point_lc.result,
+				relocations: [
+					{
+						content_index: 0,
+						bytefield_offset: 8,
+						bytefield_size: 8
+					}
+				]
+			},
+		]
+
+
+		mh_flags = 0x200000 | 0x4 | 0x1 # MH_PIE | MH_DYLDLINK | MH_NOUNDEFS
+
 
-		output = MachO.build(segments: segments, symbols: symbols, arch_type: arch_type, cputype: cputype, cpusubtype: cpusubtype, filetype: 1, align_section_contents: false)
+		output = MachO.build(segments: segments, symbols: nil, prebuilt_lcs: prebuilt_lcs, arch_type: arch_type, codesign: codesign, cputype: cputype, cpusubtype: cpusubtype, filetype: 2, align_section_contents: true, flags: mh_flags)
 
 		return output
+		
+	end
 
+
+	def self.build_thread_state_x86_32(r: [0] * 7, esp: 0, ss: 0, eflags: 0, eip: 0, cs: 0, ds: 0, es: 0, fs: 0, gs: 0)
+		raise "r must be an array of 7 elements" if r.size != 7
+		
+		thread_state = PackedBytes.new
+
+		thread_state.uint32 1 # flavor = x86_THREAD_STATE_32
+		thread_state.uint32 16 # count = 16 4-byte fields
+
+		r.each do |r_val|
+			thread_state.uint32 r_val
+		end
+
+		thread_state.uint32 esp
+		thread_state.uint32 ss
+		thread_state.uint32 eflags
+		thread_state.uint32 eip
+		thread_state.uint32 cs
+		thread_state.uint32 ds
+		thread_state.uint32 es
+		thread_state.uint32 fs
+		thread_state.uint32 gs
+
+		return thread_state.result
 	end
 
 
+	def self.build_thread_state_x86_64(r: [0] * 16, rip: 0, rflags: 0, cs: 0, fs: 0, gs: 0)
+
+		raise "r must be an array of 16 elements" if r.size != 16
 	
+		thread_state = PackedBytes.new
+
+		thread_state.uint32 4 # flavor = x86_THREAD_STATE_64
+		thread_state.uint32 42 # count = 21 8-byte fields / sizeof(int) (4 bytes)
+
+
+		r.each do |r_val|
+			thread_state.uint64 r_val
+		end
 
+		thread_state.uint64 rip
+
+		thread_state.uint64 rflags
+		thread_state.uint64 cs
+		thread_state.uint64 fs
+		thread_state.uint64 gs
+		
+
+		return thread_state.result
+	end
+
+
+
+	def self.build_thread_state_arm64(x: [0] * 29, fp: 0, lr: 0, sp: 0, pc: 0, cpsr: 0)
+
+		thread_state = PackedBytes.new
+
+		thread_state.uint32 6 # flavor = ARM_THREAD_STATE64
+		thread_state.uint32 33 * 2 + 2 # count = 33 8-byte fields + 2 4-byte fields / sizeof(int) (4 bytes)
+
+		raise "x must be an array of 29 values." if x.size != 29
+
+		x.each do |x_val|
+			thread_state.uint64 x_val
+		end
+
+		thread_state.uint64 fp
+		thread_state.uint64 lr
+		thread_state.uint64 sp
+		thread_state.uint64 pc
+
+		thread_state.uint32 cpsr
+		
+		thread_state.uint32 0 # pad
+
+		return thread_state.result
+	end
+
+
+
+	def self.build_thread_state_arm32(r: [0] * 13, lr: 0, sp: 0, pc: 0, cpsr: 0)
+
+		thread_state = PackedBytes.new
+
+		thread_state.uint32 1 # flavor = ARM_THREAD_STATE
+		thread_state.uint32 17  # count = 17 4-byte fields / sizeof(int) (4 bytes)
+
+		raise "r must be an array of 13 values." if r.size != 13
+
+		r.each do |r_val|
+			thread_state.uint32 r_val
+		end
+
+		thread_state.uint32 lr
+		thread_state.uint32 sp
+		thread_state.uint32 pc
+
+		thread_state.uint32 cpsr
+
+		return thread_state.result
+	end
 
 
 	
+	def self.build_thread_state arch: nil, entry_address: 0, stack_pointer: 0
+		raise "arch must be specified" if arch == nil
+
+		case arch
+		when "arm64"
+			return MachO.build_thread_state_arm64(pc: entry_address, sp: stack_pointer)
+		when "arm32"
+			return MachO.build_thread_state_arm32(pc: entry_address, sp: stack_pointer)
+		when "x86-64"
+			r = [0] * 16
+			r[7] = stack_pointer
+			return MachO.build_thread_state_x86_64(rip: entry_address, r: r)
+		when "x86-32"
+			r = [0] * 7
+			return MachO.build_thread_state_x86_32(r: r, eip: entry_address)
+		else
+			raise "Unkown architecture"
+		end
+	end
+
+	
 	def self.build_macho_header arch_type: 64, cputype: 0, cpusubtype: 0, filetype: 0, ncmds: 0, sizeofcmds: 0, flags: 0
 
 		macho_header = PackedBytes.new
@@ -87,8 +511,10 @@ module MachO
 	#  symbols - list of symbols to be included inside a single symtab (structure below)
 	#  prebuilt_lcs - a list of other already built load commands (strings) to be included in the file
 	#  arch_type - architecture type, either 32- or 64-bit (default is 64)
+	#  codesign - specifies whether to create a code signature. If yes, a __LINKEDIT segment must be present. The code signature will be a code_directory struct with hashes of everything before it. A CODE_SIGNATURE load command will be added automatically.
 	#  cputype - Mach-O header cputype field
 	#  cpusubtype - Mach-O header cpusubtype field
+	#  flags - Mach-O header flags field
 	#  filetype - Mach-O file type
 	#  align_section_contents - specifies whether to align the contents of each section to its alignment boundary (default is false)
 	#
@@ -116,7 +542,25 @@ module MachO
 	#  sect - symbol's sect field value
 	#  desc - symbol's desc field value
 	# 
-	def self.build segments: [], symbols: [], prebuilt_lcs: [], arch_type: 64, cputype: 0, cpusubtype: 0, filetype: 0, align_section_contents: false
+	# Prebuilt load command structure:
+	#  bytes - the load command bytes
+	#  contents - contents related to the load command
+	#  contents_align - alignment boundary in the file for the contents
+	#  relocations - a list of relocations to replace some load command's bytes based on the content's file offset
+	#
+	# Prebuilt load command relocation structure:
+	#  content_index - index of the contents related to the relocation (contents of segments and symtab will appear last)
+	#  bytefield_offset - offset of the to-be-replaced bytes in the load command
+	#  bytefield_size - size of the bytefield to be replaced
+	#  addend - value to add to the contents' file offset to replace the specified bytefield in the load command with
+	#  Relocation logic:
+	#   load_command[:bytes][lc_offset...(lc_offset + lc_size)] = int_to_bytes(contents[content_i][:file_offset] + addend, lc_size)
+	#
+	def self.build segments: [], symbols: [], prebuilt_lcs: [], arch_type: 64, cputype: 0, cpusubtype: 0, filetype: 0, align_section_contents: false, flags: 0, codesign: false
+
+
+		n_symtabs = 1
+		n_symtabs = 0 if symbols == nil
 
 		file_content = PackedBytes.new
 
@@ -137,24 +581,27 @@ module MachO
 
 		symtab_entry_size = 4 * 6
 
+		code_signature_lc_size = 4 * 4
 
-		n_sections = 1
+		n_code_signature_lcs = codesign ? 1 : 0
 
-		prebuilt_lcs_size = prebuilt_lcs.map(&:bytesize).sum
+		n_sections = segments.map{(_1[:sections] || []).size}.sum
+
+		prebuilt_lcs_size = prebuilt_lcs.map{_1[:bytes].bytesize}.sum
 		
-		cmds_size = segment_entry_size + section_entry_size * n_sections + symtab_entry_size + prebuilt_lcs_size
+		cmds_size = segment_entry_size * segments.size + section_entry_size * n_sections + symtab_entry_size * n_symtabs + code_signature_lc_size * n_code_signature_lcs + prebuilt_lcs_size
 		
 
-		n_cmds = segments.size + 1 + prebuilt_lcs.size # One segment (with possibly multiple sections), one symtab
+		n_cmds = segments.size + n_symtabs + n_code_signature_lcs + prebuilt_lcs.size # One segment (with possibly multiple sections), one symtab
 		
 		macho_header = build_macho_header(
-			arch_type: 64,
+			arch_type: arch_type,
 			cputype: cputype,
 			cpusubtype: cpusubtype,
 			filetype: filetype,
 			ncmds: n_cmds,
 			sizeofcmds: cmds_size,
-			flags: 0
+			flags: flags
 		)
 		
 
@@ -167,14 +614,93 @@ module MachO
 		
 
 		contents = ""
+
+
+		prebuilt_lc_content_offsets = []
+
+		prebuilt_lcs.each do |lc|
+			if lc.keys.include? :contents
+
+				align = lc[:contents_align] || 1
+
+				file_offset = contents.bytesize + contents_offset
+
+				if file_offset % align != 0
+					pad = align - (file_offset % align)
+					contents << "\0" * pad
+					file_offset += pad
+				end
+
+				prebuilt_lc_content_offsets << file_offset
+				
+				contents << lc[:contents]
+			else
+				prebuilt_lc_content_offsets << nil
+			end
+		end
 		
 
 
+		contents_offsets = []
+
+		if codesign
+			# Ensure that the __LINKEDIT segment exists, and place it as the last segment to not interfere with other load commands and hash more of the file
+			
+			linkedit_segments = segments.each_with_index.filter{|seg, idx| seg[:name] == "__LINKEDIT"}
+			if linkedit_segments.size == 0
+				raise "Segment __LINKEDIT must be present if codesign is true"
+			#	segments << {name: "__LINKEDIT", vaddr}
+			else
+				linkedit_segment, linkedit_segment_idx = linkedit_segments[0]
+
+				# Make __LINKEDIT the last segment
+				segments[-1], segments[linkedit_segment_idx] = segments[linkedit_segment_idx], segments[-1]
+			end
+		end
+
+
+				
+
+
 		segments.each do |segment|
 
 			raise "Segment name is larger than 16 characters" if segment[:name].bytesize > 16
 
-			start_size = contents.bytesize
+			raise "Segment can't contain both the :content and :sections key" if segment.keys.include?(:content) && segment.keys.include?(:sections) && segment[:sections].size > 0
+
+			if segment.keys.include? :content
+
+				segment[:sections] = []
+
+				alignment = segment[:content_align] || 1
+
+				file_offset = contents_offset + contents.bytesize
+				if file_offset % alignment != 0
+					pad = alignment - (file_offset % alignment)
+					contents << "\0" * pad
+					file_offset += pad
+				end
+
+				contents << segment[:content]
+
+				segment[:file_offset] ||= file_offset
+				segment[:filesize] ||= segment[:content].bytesize
+
+				segment[:vaddr] ||= 0
+				segment[:vsize] ||= segment[:filesize]
+
+				segment[:flags] ||= 0
+
+				segment[:maxprot] ||= 0
+				segment[:initprot] ||= 0
+
+				contents_offsets << segment[:file_offset]
+
+				next
+			end
+
+
+			start_offset = contents.bytesize + contents_offset
 
 			segment[:sections].each_with_index do |section, section_i|
 
@@ -187,7 +713,7 @@ module MachO
 				sec_offset = contents_offset + contents.bytesize
 
 				pad_amount = 0
-				if (sec_offset % section[:align] != 0) && align_sections
+				if (sec_offset % section[:align] != 0) && align_section_contents
 					pad_amount = section[:align] - (sec_offset % section[:align])
 				end
 
@@ -197,20 +723,21 @@ module MachO
 				section[:file_offset] = sec_offset
 
 				if section_i == 0
-					segment[:file_offset] = sec_offset
-					start_size = contents.bytesize
+					segment[:file_offset] ||= sec_offset
 				end
 
+				contents_offsets << section[:file_offset]
+				
 				contents << section[:content]
 
 				section[:vaddr] ||= 0
 				section[:vsize] ||= section[:content].bytesize
 			end
 
-			end_size = contents.bytesize
+			end_offset = contents.bytesize + contents_offset
 
-			segment[:file_offset] ||= 0
-			segment[:filesize] = end_size - start_size
+			segment[:file_offset] ||= start_offset
+			segment[:filesize] ||= end_offset - segment[:file_offset]
 
 			segment[:vaddr] ||= 0
 			segment[:vsize] ||= segment[:filesize]
@@ -222,48 +749,209 @@ module MachO
 		end
 
 
-		
+		if codesign
 
-		symtab_contents = PackedBytes.new
-		
-		sym_strtab_contents = "\0"
+			# The __LINKEDIT segment is last (logic written previously)
+			linkedit_segment = segments.last
+			
 
-		symbols.each do |symbol|
-			if symbol.keys.include? :name
-				symbol[:name_offset] = sym_strtab_contents.bytesize
-				sym_strtab_contents << symbol[:name] + "\0"
-			else
-				symbol[:name_offset] = 0
-			end
+			code_directory = PackedBytes.new endianess: :be
 
-			symtab_contents.uint32 symbol[:name_offset]
-			symtab_contents.uint8 symbol[:type]
-			symtab_contents.uint8 symbol[:sect]
-			symtab_contents.uint16 symbol[:desc]
-			symtab_contents.bytes symbol[:value], flexval_size
+			code_directory.uint32 0xfade0c02 # Magic
+
+			code_directory_length_offset = code_directory.result.bytesize
+			code_directory.uint32 0 # Length (will be replaced)
+
+			code_directory.uint32 0 # Version
+
+			code_directory.uint32 0 # Flags
+
+			code_directory_header_size = 96
+
+			hash_array_offset = code_directory_header_size
+
+			total_hashing_size = linkedit_segment[:file_offset] + linkedit_segment[:filesize]
+			
+			hashing_pagesize = 0x1000
+
+			n_hashes = (total_hashing_size / hashing_pagesize.to_f).ceil
+
+			hash_size = 32
+			hash_type = 2 # SHA256
+
+			hash_array_size = hash_size * n_hashes
+
+
+			ident_offset = hash_array_offset + hash_array_size
+
+
+			code_directory.uint32 hash_array_offset # Hash offset
+
+			code_directory.uint32 ident_offset # Identifier string offset
+
+			code_directory.uint32 0 # nSpecialSlots
+
+			code_directory.uint32 n_hashes # nCodeSlots
+
+			code_directory.uint32 total_hashing_size # codeLimit
+
+
+			code_directory.uint8 hash_size
+			code_directory.uint8 hash_type
+
+			code_directory.uint8 0
+			hashing_pagesize_enc = Math.log2(hashing_pagesize)
+			raise "Code signing pagesize is not a power of two" if hashing_pagesize_enc.to_i != hashing_pagesize_enc
+			code_directory.uint8 hashing_pagesize_enc.to_i
+
+			code_directory.uint32 0 # spare2
+
+			code_directory.uint32 0 # scatterOffset (zero for absent)
+			code_directory.uint32 0 # teamIDOffset (zero for absent)
+
+			code_directory.uint32 0 # spare3
+
+			code_directory.uint64 total_hashing_size # codeLimit64
+			
+			code_directory.uint64 0 # offset of executable segment
+			code_directory.uint64 0 # limit of executable segment
+			code_directory.uint64 0 # exec segment flags
+
+			code_directory.uint32 0 # runtime
+			code_directory.uint32 0xFFFF # pre-encrypt hash slots offset
+
+			
+
+			hash_array_placeholder = "\0" * hash_array_size
+
+			
+			code_directory.add hash_array_placeholder
+
+			ident_string = "program-#{SecureRandom.uuid.gsub('-', '')}\0"
+
+			code_directory.add ident_string
+
+			
+			code_directory_bytes = code_directory.result
+			code_directory_bytes[code_directory_length_offset...(code_directory_length_offset + 4)] = [code_directory_bytes.bytesize].pack("L>")
+
+			blobs = [
+				{type: 0, content: code_directory.result}
+			]
+
+			# Embedded signature blob (superblob with magic = 0xfade0cc0)
+			superblob = MachO.build_superblob(magic: 0xfade0cc0, blobs: blobs)
+
+
+			# Calculate the offset of the hash array that will be replaced later
+			
+			code_directory_offset = MachO.calc_superblob_offset(blobs, 0)
+			superblob_offset = linkedit_segment[:file_offset] + linkedit_segment[:filesize]
+
+			codesign_hash_array_offset = superblob_offset + code_directory_offset + hash_array_offset
+
+			contents << superblob
+
+			# Change the linkedit segment to include the embedded signature blob
+			linkedit_segment[:filesize] += superblob.bytesize
+			linkedit_segment[:vsize] += superblob.bytesize
+
+			# Add a code signature load command
+			code_signature_lc = PackedBytes.new
+			code_signature_lc.uint32 0x1d # LC_CODE_SIGNATURE
+			code_signature_lc.uint32 4 * 4 # cmdsize
+
+			code_signature_lc.uint32 superblob_offset
+			code_signature_lc.uint32 superblob.bytesize
+
+
+			prebuilt_lcs << {
+				bytes: code_signature_lc.result
+			}
+			
 		end
 
 
-		symtab_offset = contents.bytesize + contents_offset
-		symtab_align = 8
 
-		if symtab_offset % symtab_align != 0
-			pad = (symtab_align - (symtab_offset % symtab_align))
-			contents << "\0" * pad
-			symtab_offset += pad
+		symtab_offset = nil
+
+
+		if symbols != nil
+
+			symtab_contents = PackedBytes.new
+			
+			sym_strtab_contents = "\0"
+
+			symbols.each do |symbol|
+				if symbol.keys.include? :name
+					symbol[:name_offset] = sym_strtab_contents.bytesize
+					sym_strtab_contents << symbol[:name] + "\0"
+				else
+					symbol[:name_offset] = 0
+				end
+
+				symtab_contents.uint32 symbol[:name_offset]
+				symtab_contents.uint8 symbol[:type]
+				symtab_contents.uint8 symbol[:sect]
+				symtab_contents.uint16 symbol[:desc]
+				symtab_contents.bytes symbol[:value], flexval_size
+			end
+
+
+			symtab_offset = contents.bytesize + contents_offset
+			symtab_align = 360
+
+			if symtab_offset % symtab_align != 0
+				pad = (symtab_align - (symtab_offset % symtab_align))
+				contents << "\0" * pad
+				symtab_offset += pad
+			end
+
+			# contents_offsets << symtab_offset
+			
+			contents << symtab_contents.result
+
+			sym_strtab_offset = contents.bytesize + contents_offset
+			
+			contents << sym_strtab_contents
+
 		end
 
-		contents << symtab_contents.result
 
-		sym_strtab_offset = contents.bytesize + contents_offset
-		
-		contents << sym_strtab_contents
 
+		contents_offsets << symtab_offset if symtab_offset != nil
 
+		contents_offsets += prebuilt_lc_content_offsets
 
-		load_commands = PackedBytes.new
 
 
+		prebuilt_lcs.each do |lc|
+
+			if lc.keys.include? :relocations
+				lc[:relocations].each do |reloc|
+
+					addr = contents_offsets[reloc[:content_index]]
+
+					raise "Load command contents at index #{reloc[:content_index]} is empty and doesn't have an offset" if addr == nil
+
+					write_val = addr + (reloc[:addend] || 0)
+
+					bytesize = reloc[:bytefield_size]
+
+					bits = (0...(bytesize * 8)).map{|bit_i| write_val[bit_i] }
+					bytes = (0...bytesize).map{|byte_i| bits[(byte_i*8)...(byte_i*8 + 8)] }.map{|byte_bits| byte_bits.each_with_index.map{|bit, bit_i| 2 ** bit_i * bit }.sum }
+					str_bytes = bytes.map(&:chr).join
+
+					lc[:bytes][reloc[:bytefield_offset]...(reloc[:bytefield_offset] + bytesize)] = str_bytes
+				end
+			end
+
+		end
+
+
+		load_commands = PackedBytes.new
+		
+
 		segments.each do |segment|
 
 			case arch_type
@@ -301,7 +989,11 @@ module MachO
 				load_commands.bytes section[:vsize], flexval_size
 
 				load_commands.uint32 section[:file_offset]
-				load_commands.uint32 section[:align]
+				
+				align_value = Math.log2 section[:align]
+				raise "Section alignment is not a power of 2" if align_value.to_i != align_value
+
+				load_commands.uint32 align_value
 
 				load_commands.uint32 0 # reloff
 				load_commands.uint32 0 # nreloc
@@ -322,27 +1014,168 @@ module MachO
 
 		# Symtab load command
 
-		load_commands.uint32 0x2 # LC_SYMTAB
-		load_commands.uint32 symtab_entry_size
+		if symbols != nil
+			load_commands.uint32 0x2 # LC_SYMTAB
+			load_commands.uint32 symtab_entry_size
 
-		load_commands.uint32 symtab_offset
-		load_commands.uint32 symbols.size
-
-		load_commands.uint32 sym_strtab_offset
-		load_commands.uint32 sym_strtab_contents.bytesize
+			load_commands.uint32 symtab_offset
+			load_commands.uint32 symbols.size
 
+			load_commands.uint32 sym_strtab_offset
+			load_commands.uint32 sym_strtab_contents.bytesize
+		end
+		
 
-		load_commands.add prebuilt_lcs
+		prebuilt_lcs.each do |lc|
+			load_commands.bytes lc[:bytes]
+		end
 
 
 		file_content.add load_commands
 
 
 		file_content.add contents
+
+
+		if codesign
+			# Compute the hashes and replace them instead of the placeholder
+			
+			out = file_content.result
+			
+			hash_array_contents = ""
+
+			n_hashes.times do |hash_i|
+				start_offset = hash_i * hashing_pagesize
+				# Enf offset is either the end of the page or the code_limit field from code_directory
+				end_offset = [start_offset + hashing_pagesize, total_hashing_size].min
+
+				hashed = Digest::SHA256.digest out[start_offset...end_offset]
+
+				hash_array_contents << hashed
+			end
+
+
+			hash_array_start = codesign_hash_array_offset
+			hash_array_end = hash_array_start + hash_array_contents.bytesize
+	
+			out[hash_array_start...hash_array_end] = hash_array_contents
+
+			return out
+		end
+
+
+		return file_content.result		
+	end
+
+
+
+	# Builds a code signature SuperBlob structure
+	# 
+	# Arguments:
+	#  magic - SuperBlob's magic field value (default is 0)
+	#  blobs - blobs included in the superblob (structure below)
+	#
+	# Blob structure:
+	#  type - blob's type
+	#  content - blob's content
+	#
+	def self.build_superblob magic: 0, blobs: []
+
+		superblob = PackedBytes.new endianess: :be
+
+		superblob.uint32 0xfade0cc0 # magic
+
+		superblob_length_offset = superblob.result.bytesize
+		superblob.uint32 0 # length (will be replaced)
+
+		superblob.uint32 1 # Number of entries
+
+
+		index_entry_size = 8
+		index_entries_size = index_entry_size * blobs.size
+
+		superblob_header_size = 4 * 3
+
+		blobs_offset = superblob_header_size + index_entries_size
+
+		blob_contents = ""
+
+		blobs.each do |blob|
+			blob[:offset] = blobs_offset + blob_contents.bytesize
+			blob_contents << blob[:content]
+		end
+
+		# Index entries
+		blobs.each do |blob|
+			superblob.uint32 blob[:type]
+			superblob.uint32 blob[:offset]				
+		end
+
+		# Blob contents write
+		blobs.each do |blob|
+			superblob.add blob[:content]
+		end
+
+
+		out = superblob.result
+		out[superblob_length_offset...(superblob_length_offset + 4)] = [out.bytesize].pack("L>")
+
+		out
+	end
+
+
+	# Calculates the offset of the specified blob from the beginning of the superblob
+	def self.calc_superblob_offset blobs, index
+
+		superblob_header_size = 4 * 3
+
+		index_entry_size = 8
 		
+		index_entries_size = index_entry_size * blobs.size
+
+		total_offset = superblob_header_size + index_entries_size
+
+		blobs[...index].each do |blob|
+			total_offset += blob[:content].bytesize
+		end
+
+		total_offset
+	end
+
+
+
+
+	# Builds a symtab and a strtab based off input symbols
+	def self.build_symtab symbols, arch_type: 64
 
-		return file_content.result
+		case arch_type
+		when 64
+			flexval_size = 8
+		when 32
+			flexval_size = 4
+		end
+	
+		symtab_contents = PackedBytes.new
 		
+		sym_strtab_contents = "\0"
+
+		symbols.each do |symbol|
+			if symbol.keys.include? :name
+				symbol[:name_offset] = sym_strtab_contents.bytesize
+				sym_strtab_contents << symbol[:name] + "\0"
+			else
+				symbol[:name_offset] = 0
+			end
+
+			symtab_contents.uint32 symbol[:name_offset]
+			symtab_contents.uint8 symbol[:type]
+			symtab_contents.uint8 symbol[:sect]
+			symtab_contents.uint16 symbol[:desc]
+			symtab_contents.bytes symbol[:value], flexval_size
+		end
+
+
+		return {symtab: symtab_contents.result, strtab: sym_strtab_contents}
 	end
 
 
@@ -357,7 +1190,7 @@ module MachO
 	def self.labels_to_symbols labels, 
 		out = []
 		labels.each do |name, value|
-			out << create_symbol(name: name, value: value, type: :sect, external: false, section_number: 1)
+			out << create_symbol(name: name, value: value, type: :sect, external: true, section_number: 1)
 		end
 		return out
 	end