pliney 0.0.4 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2bfa1e0dfc77474eaabb59345899e03103a99434
-  data.tar.gz: aad5759a6adaec3bec3f80f4711fac40781ce558
+  metadata.gz: 9acf33365d64a3a900b1a620ebd8a638a45ef6aa
+  data.tar.gz: 253367edc5a548e08baefcf956af43b68884eaa9
 SHA512:
-  metadata.gz: 22502e81aba65160256be4851bc4e77ab6b492c2862cfc57368e2c999951692cf3f1f1e5cca42ebadcb5187b5bc1ba368692ba816a4b5bc2ff969f63dd48107b
-  data.tar.gz: 285a7560ece3b623ee9d7c2281b30ac78e4b90f47f01a590dedebe85ae48c2af673bbad06e014ad9462292dd7b027825500c6c8608f66acbc8a9152b360117cb
+  metadata.gz: e6c91f1f912f62dd8e679ff7c10cf228ff154e968882d4179e452364388a232e8542b4d452f15bba3ce620930a95ab2d666e6893e94d6181a294542f65680322
+  data.tar.gz: a90eebcabf9039cb47aef08dbbf4e425ea0a6e688eb7d2943fd5cc81de05855c2446ba08dff07505f4e133f13353063db35c418cea5fbe24cce10023e2a41d40

data/README.md

@@ -50,7 +50,7 @@ Or install it yourself as:
 
     profile.developer_certificates
     # => [#<OpenSSL::X509::Certificate:...
-    
+
     profile.expiration_date
     # => 2016-04-20 14:18:13 -0700
 
@@ -62,9 +62,3 @@ Or install it yourself as:
 
     ipa.close
 
-
-## TODOS
-
-- macho parsing
-- entitlements extraction/parsing/serialization
-- ?

data/lib/pliney.rb

@@ -1,6 +1,6 @@
-require "pliney/version"
-require 'pliney/ipa'
-require 'pliney/provisioning_profile'
+require_relative 'pliney/version'
+require_relative 'pliney/ipa'
+require_relative 'pliney/provisioning_profile'
 
 module Pliney
 end

data/lib/pliney/apple_code_signature.rb

@@ -0,0 +1,249 @@
+require_relative 'io_helpers'
+
+module Pliney
+    module AppleCodeSignature
+        class Blob
+            class Magic
+                attr_accessor :value
+                def initialize(num)
+                    @value = (Magic === num)? num.value : num
+                end
+
+                def inspect
+                    "0x%x" % value
+                end
+            end
+
+            attr_reader :magic, :size, :input
+
+            def initialize(magic, data)
+                @magic = Magic.new(magic)
+                @input = data.is_a?(StringStream)? data : StringStream.new(data)
+                @base = @input.pos-4
+                yield self if block_given?
+            end
+
+            def parse
+                if @input
+                    @size = input.read_uint32
+                    yield 
+                end
+                @input=nil
+                return self
+            end
+
+            private
+            def rest
+                @input.read(size_left)
+            end
+
+            def size_left
+                @size-(@input.pos-@base)
+            end
+        end
+
+        class OpaqueBlob < Blob
+            attr_reader :data, :base
+            def parse
+                super() do
+                    @data = rest()
+                end
+            end
+        end
+
+        class SuperBlob < Blob
+            class ContentInfo
+                attr_reader :unk, :offset
+                def initialize(unk, offset)
+                    @unk = unk
+                    @offset = offset
+                end
+            end
+            attr_reader :contents, :content_infos
+            def parse
+                super() do
+                    ncontent = @input.read_uint32
+                    @content_infos = Array.new(ncontent) {
+                        ContentInfo.new(@input.read_uint32, @input.read_uint32)
+                    }
+                    @contents = []
+                    @content_infos.each do |ci|
+                        @input.pos = @base+ci.offset
+                        @contents << AppleCodeSignature.parse(@input)
+                    end
+                end
+            end
+        end
+
+        # SuperBlob containing all the signing components that are usually
+        # embedded within a main executable.
+        # This is what we embed in Mach-O images. It is also what we use for detached
+        # signatures for non-Mach-O binaries.
+        class EmbeddedSignature < SuperBlob
+        end
+
+        # SuperBlob that contains all the data for all architectures of a
+        # signature, including any data that is usually written to separate files.
+        # This is the format of detached signatures if the program is capable of
+        # having multiple architectures.
+        # A DetachedSignatureBlob collects multiple architectures' worth of
+        # EmbeddedSignatureBlobs into one, well, Super-SuperBlob.
+        # This is what is used for Mach-O detached signatures.
+        class DetachedSignature < SuperBlob
+        end
+
+        # A CodeDirectory
+        class CodeDirectory < Blob
+            # Types of cryptographic digests (hashes) used to hold code signatures
+            # together.
+            # 
+            # Each combination of type, length, and other parameters is a separate
+            # hash type; we don't understand "families" here.
+            # 
+            # These type codes govern the digest links that connect a CodeDirectory
+            # to its subordinate data structures (code pages, resources, etc.)
+            # They do not directly control other uses of hashes (such as the
+            # hash-of-CodeDirectory identifiers used in requirements).
+            HASHTYPES={
+                0 => :NoHash,     # null value
+                1 => :HashSha1,   # SHA-1
+                2 => :HashSha256, # SHA-256
+                32 => :HashPrestandardSkein160x256, # Skein, 160bits, 256bit pool
+                33 => :HashPrestandardSkein256x512, # Skein, 256bits, 512bit pool
+            }
+
+            CURRENT_VERSION = 0x20100	    # "version 2.1"
+            COMPATABILITY_LIMIT = 0x2F000	# "version 3 with wiggle room"
+            EARLIEST_VERSION = 0x20001	  # earliest supported version
+            SUPPORTS_SCATTER = 0x20100	  # first version to support scatter option
+
+            attr_reader :data
+            attr_reader :version        # uint32 compatibility version
+            attr_reader :flags          # uint32 setup and mode flags
+            attr_reader :hashOffset     # uint32 offset of hash slot element at index zero
+            attr_reader :identOffset    # uint32 offset of identifier string
+            attr_reader :nSpecialSlots	# uint32 number of special hash slots
+            attr_reader :nCodeSlots     # uint32 number of ordinary (code) hash slots
+            attr_reader :codeLimit      # uint32 limit to main image signature range
+            attr_reader :hashSize       # size of each hash digest (bytes)
+            attr_reader :hashType       # type of hash (kSecCodeSignatureHash* constants)
+            attr_reader :spare1         # unused (must be zero)
+            attr_reader	:pageSize       # log2(page size in bytes); 0 => infinite
+            attr_reader :spare2         # uint32 unused (must be zero)
+            attr_reader :scatterOffset  # uint32 offset of optional scatter vector (zero if absent)
+
+            def parse
+                super() do
+                    @vers = @input.read_uint32
+                    @flags = @input.read_uint32
+                    @hashOffset = @input.read_uint32
+                    @identOffset = @input.read_uint32
+                    @nSpecialSlots = @input.read_uint32
+                    @nCodeSlots = @input.read_uint32
+                    @codeLimit = @input.read_uint32
+                    @hashSize = @input.read_uint8
+                    @hashType = @input.read_uint8
+                    @spare1 = @input.read_uint8
+                    @pageSize = @input.read_uint8
+                    @spare2 = @input.read_uint32
+                    @scatterOffset = @input.read_uint32
+                    @data = rest()
+                end
+            end
+
+            def version
+                [@vers].pack("N").unpack("CCCC").join('.')
+            end
+
+            def hash_type
+                HASHTYPES[@hashType] || :unknown
+            end
+        end
+
+        # A collection of individual code requirements, indexed by requirement
+        # type. This is used for internal requirement sets.
+        class RequirementSet < SuperBlob
+        end
+
+        # An individual code requirement
+        # This is actlually a small compiled expression.
+        # csreq(1) can be used to decompile them
+        class Requirement < Blob
+            SYSTEM_HAS_CSREQ = system("which csreq > /dev/null")
+            attr_reader :data, :decompiled
+            def parse
+                super() do
+                    @data=rest()
+                    @decompiled = self.class.decompile([@magic.value, @size, @data].pack("NNA*"))
+                end
+            end
+
+            def self.decompile(data)
+                return nil unless SYSTEM_HAS_CSREQ
+                csreq=IO.popen("csreq -r- -t", "r+")
+                csreq.write(data)
+                decompiled = csreq.read()
+                csreq.close()
+                return decompiled
+            end
+        end
+
+        # The linkers produces a superblob of dependency records from its dylib inputs
+        class LibraryDependencyBlob < OpaqueBlob
+        end
+
+        # Program Entitlements Dictionary
+        class Entitlement < OpaqueBlob
+        end
+
+        class BlobWrapper < OpaqueBlob
+        end
+
+        class UnknownBlob < OpaqueBlob
+        end
+
+        FADEMAGIC = {
+            0xfade0c00 => :Requirement,
+            0xfade0c01 => :RequirementSet,
+            0xfade0c02 => :CodeDirectory,
+            0xfade0c05 => :LibraryDependencyBlob,
+            0xfade0cc0 => :EmbeddedSignature,
+            0xfade0cc1 => :DetachedSignature,
+            0xfade0b01 => :BlobWrapper,
+            0xfade7171 => :Entitlement,
+        }
+
+        def self.parse(data)
+            obj = data.is_a?(StringStream)? data : StringStream.new(data)
+            magic = obj.read_uint32
+            n=FADEMAGIC[magic]
+            if n.nil? and ((magic >> 16) == 0xFADE)
+                n = :UnknownBlob
+            end
+            unless n.nil?
+                blob=const_get(n).new(magic,obj) {|o| o.parse }
+                return blob
+            else
+                raise "Invalid magic value: 0x#{magic.to_s(16)}"
+            end
+        end
+
+        def self.from_stream(f)
+            obj = MachO::from_stream(f)
+            mh = if MachO::is_fat_magic(obj.magic)
+                     obj.machos.first
+                 elsif MachO::is_macho_magic(obj.magic)
+                     obj
+                 else
+                     raise "Could not find mach-o object"
+                 end
+
+            return mh.codesignature
+        end
+
+        def self.from_path(fname)
+            return from_stream(File.open(fname, 'rb'))
+        end
+    end
+end
+

data/lib/pliney/io_helpers.rb

@@ -0,0 +1,64 @@
+require 'stringio'
+
+module Pliney
+    module IOHelpers
+        class StrictReadError < StandardError
+        end
+
+        def strictread(nbytes)
+            _pos = self.pos
+            res = read(nbytes)
+            if res.nil?
+                raise(StrictReadError, "read returned nil for read(#{nbytes}) at offset #{_pos}")
+            end
+            if res.bytesize != nbytes
+                raise(StrictReadError, "read returned only #{res.size} bytes for read(#{nbytes}) at offset #{_pos}")
+            end
+            return res
+        end
+
+        def read_uint8
+            getbyte
+        end
+
+        def read_uint16be
+            strictread(2).unpack("n").first
+        end
+
+        def read_uint32be
+            strictread(4).unpack("N").first
+        end
+
+        def read_uint64be
+            v = strictread(8).unpack("NN")
+            (v[0] << 32) | v[1]
+        end
+
+        alias read_uint16 read_uint16be
+        alias read_uint32 read_uint32be
+        alias read_uint64 read_uint64be
+
+        def read_uint16le
+            strictread(2).unpack("v").first
+        end
+
+        def read_uint32le
+            strictread(4).unpack("V").first
+        end
+
+        def read_uint64le
+            v = strictread(8).unpack("VV")
+            (v[1] << 32) | v[0]
+        end
+    end
+end
+
+class StringStream < StringIO
+    include Pliney::IOHelpers
+end
+
+class IO
+    include Pliney::IOHelpers
+end
+
+

data/lib/pliney/ipa.rb

@@ -1,10 +1,16 @@
 require 'rubygems'
 require 'zip'
-require 'pliney/util'
-require 'pliney/entitlements'
+require_relative 'util'
+require_relative 'macho'
+require_relative 'apple_code_signature'
 
 module Pliney
     class IPA
+        class ZipExtractError < StandardError
+        end
+
+        SYSTEM_HAS_UNZIP = system("which unzip > /dev/null")
+
         def self.from_path(path)
             ipa = new(Zip::File.open(path))
             if block_given?
@@ -90,5 +96,128 @@ module Pliney
 
             ProvisioningProfile.from_asn1(profile_data)
         end
+
+        def with_macho_for_entry(file_entry)
+            with_extracted_tmpfile(file_entry) do |tmpfile|
+                yield ::Pliney::MachO.from_stream(tmpfile)
+            end
+        end
+
+        def with_executable_macho(&block)
+            with_macho_for_entry(self.executable_entry, &block)
+        end
+
+        def codesignature_for_entry(file_entry)
+            _with_tmpdir do |tmp_path|
+                tmpf = tmp_path.join("executable")
+                file_entry.extract(tmpf.to_s)
+                return ::Pliney::AppleCodeSignature.from_path(tmpf.to_s)
+            end
+        end
+
+        def executable_codesignature
+            return codesignature_for_entry(self.executable_entry)
+        end
+
+        def entitlements_data_for_entry(file_entry)
+            cs = self.codesignature_for_entry(file_entry)
+            if cs
+                ents_blob = cs.contents.find{|c| c.is_a? ::Pliney::AppleCodeSignature::Entitlement}
+                if ents_blob
+                    return ents_blob.data
+                end
+            end
+        end
+
+        def entitlements_for_entry(file_entry)
+            dat = entitlements_data_for_entry(file_entry)
+            if dat
+                return ::Pliney.parse_plist(dat)
+            end
+        end
+
+        def executable_entitlements_data
+            return entitlements_data_for_entry(self.executable_entry)
+        end
+
+        def executable_entitlements
+            return entitlements_for_entry(self.executable_entry)
+        end
+
+        def team_identifier
+            entitlements = executable_entitlements()
+            if entitlements
+                return entitlements["com.apple.developer.team-identifier"]
+            end
+        end
+
+        def extract(path)
+            if SYSTEM_HAS_UNZIP
+                ret = system("unzip", "-qd", path.to_s, self.zipfile.name.to_s)
+                unless ret
+                    raise(ZipExtractError, "'unzip' command returned non-zero status: #{$?.inspect}")
+                end
+            else
+                path = Pathname(path)
+                zipfile.each do |ent|
+                    extract_path = path.join(ent.name)
+                    FileUtils.mkdir_p(extract_path.dirname)
+                    ent.extract(extract_path.to_s)
+                    extract_path.chmod(ent.unix_perms & 0777)
+                end
+            end
+            return path
+        end
+
+        def with_extracted_tmpdir(&block)
+            _with_tmpdir {|tmp_path| yield(extract(tmp_path)) }
+        end
+
+        def with_extracted_tmpfile(ent, &block)
+            tmpf = Tempfile.new("ent")
+            begin
+                Zip::IOExtras.copy_stream(tmpf, ent.get_input_stream)
+                tmpf.rewind
+                yield(tmpf)
+            ensure
+                tmpf.unlink()
+            end
+        end
+
+        def each_file_entry
+            zipfile.entries.select do |ent|
+                not ent.name_is_directory?
+            end.each do |ent|
+                yield(ent)
+            end
+            return nil
+        end
+
+        def each_executable_entry
+            each_file_entry do |entry|
+                next if (zipstream = entry.get_input_stream).nil?
+                next if (magicbytes = zipstream.read(4)).nil?
+                next if (magic = magicbytes.unpack("N").first).nil?
+                if ::Pliney::MachO::is_macho_magic(magic) or ::Pliney::MachO::is_fat_magic(magic)
+                    yield(entry)
+                end
+            end
+        end
+
+        def executable_entries
+            a = []
+            each_executable_entry{|e| a << e}
+            return a
+        end
+
+        def canonical_name
+            return "#{self.team_identifier}.#{self.bundle_identifier}.v#{self.bundle_short_version}"
+        end
+
+        private
+
+        def _with_tmpdir
+            Dir.mktmpdir {|tmpd| yield(Pathname(tmpd)) }
+        end
     end
 end

data/lib/pliney/macho.rb

@@ -0,0 +1,557 @@
+require_relative 'io_helpers'
+require_relative 'apple_code_signature'
+
+# Note this implementation only works with little-endian mach-o binaries
+# such as ARM and X86. Older PPC mach-o files are big-endian. Support could
+# be pretty easily added just by conditionally swapping in the IOHelper addons
+# for read_uintXXbe instead of read_uintXXle where appropriate
+
+module Pliney
+    module MachO
+        FAT_MAGIC = 0xCAFEBABE
+        MACHO_MAGIC32 = 0xCEFAEDFE
+        MACHO_MAGIC64 = 0xCFFAEDFE
+
+        LC_REQ_DYLD = 0x80000000
+
+        def self.is_fat_magic(magicval)
+            return (magicval == FAT_MAGIC)
+        end
+
+        def self.is_macho_magic(magicval)
+            return (is_macho32_magic(magicval) or is_macho64_magic(magicval))
+        end
+
+        def self.is_macho32_magic(magicval)
+            return (magicval == MACHO_MAGIC32)
+        end
+
+        def self.is_macho64_magic(magicval)
+            return (magicval == MACHO_MAGIC64)
+        end
+
+        def self.lcmap
+            @LCMAP ||= Hash[
+                LoadCommandConst.constants.map do |lc|
+                    [lc, LoadCommandConst.const_get(lc)] 
+                end
+            ]
+        end
+
+        def self.resolve_lc(lcnum)
+            lcmap.invert[lcnum]
+        end
+
+        def self.reader_for_lc(lcnum)
+            lcsym = lcmap.invert[lcnum]
+            if lcsym
+                klname = "#{lcsym}_Reader"
+                if MachO.const_defined?(klname)
+                    return MachO.const_get(klname)
+                end
+            end
+            return UndefinedLCReader
+        end
+
+        def self.reader_for_filemagic(magic)
+            case magic
+            when FAT_MAGIC
+                return FatHeaderReader
+            when MACHO_MAGIC32
+                return MachHeaderReader
+            when MACHO_MAGIC64
+                return MachHeader64Reader
+            else
+                raise(ReaderError, "Unrecognized magic value: 0x%0.8x" % magic)
+            end
+        end
+
+        def self.read_stream(fh)
+            magic = fh.read_uint32
+            fh.pos -= 4
+            return reader_for_filemagic(magic).parse(fh)
+        end
+        singleton_class.send(:alias_method, :from_stream, :read_stream)
+
+        module LoadCommandConst
+            LC_SEGMENT = 0x1
+            LC_SYMTAB = 0x2
+            LC_SYMSEG = 0x3
+            LC_THREAD = 0x4
+            LC_UNIXTHREAD = 0x5
+            LC_LOADFVMLIB = 0x6
+            LC_IDFVMLIB = 0x7
+            LC_IDENT = 0x8
+            LC_FVMFILE = 0x9
+            LC_PREPAGE = 0xa
+            LC_DYSYMTAB = 0xb
+            LC_LOAD_DYLIB = 0xc
+            LC_ID_DYLIB = 0xd
+            LC_LOAD_DYLINKER = 0xe
+            LC_ID_DYLINKER = 0xf
+            LC_PREBOUND_DYLIB = 0x10
+            LC_ROUTINES = 0x11
+            LC_SUB_FRAMEWORK = 0x12
+            LC_SUB_UMBRELLA = 0x13
+            LC_SUB_CLIENT = 0x14
+            LC_SUB_LIBRARY = 0x15
+            LC_TWOLEVEL_HINTS = 0x16
+            LC_PREBIND_CKSUM = 0x17
+            LC_LOAD_WEAK_DYLIB = (0x18 | LC_REQ_DYLD)
+            LC_SEGMENT_64 = 0x19
+            LC_ROUTINES_64 = 0x1a
+            LC_UUID = 0x1b
+            LC_RPATH = (0x1c | LC_REQ_DYLD)
+            LC_CODE_SIGNATURE = 0x1d
+            LC_SEGMENT_SPLIT_INFO = 0x1e
+            LC_REEXPORT_DYLIB = (0x1f | LC_REQ_DYLD)
+            LC_LAZY_LOAD_DYLIB = 0x20
+            LC_ENCRYPTION_INFO = 0x21
+            LC_DYLD_INFO = 0x22
+            LC_DYLD_INFO_ONLY = (0x22 | LC_REQ_DYLD)
+            LC_LOAD_UPWARD_DYLIB = (0x23 | LC_REQ_DYLD)
+            LC_VERSION_MIN_MACOSX = 0x24
+            LC_VERSION_MIN_IPHONEOS = 0x25
+            LC_FUNCTION_STARTS = 0x26
+            LC_DYLD_ENVIRONMENT = 0x27
+            LC_MAIN = (0x28 | LC_REQ_DYLD)
+            LC_DATA_IN_CODE = 0x29
+            LC_SOURCE_VERSION = 0x2A
+            LC_DYLIB_CODE_SIGN_DRS = 0x2B
+            LC_ENCRYPTION_INFO_64 = 0x2C
+            LC_LINKER_OPTION = 0x2D
+            LC_LINKER_OPTIMIZATION_HINT = 0x2E
+            LC_VERSION_MIN_TVOS = 0x2F
+            LC_VERSION_MIN_WATCHOS = 0x30
+            LC_NOTE = 0x31
+            LC_BUILD_VERSION = 0x32
+        end
+
+        include LoadCommandConst
+
+        class ReaderError < StandardError
+        end
+
+        class Reader
+            attr_reader :fh, :startpos
+
+            def self.parse(f)
+                ob = new(f)
+                ob.parse()
+                return ob
+            end
+
+            def initialize(f)
+                @fh = f
+                @startpos = @fh.pos
+            end
+
+            def parse()
+                @fh.pos = @startpos
+            end
+
+            def rewind()
+                @fh.pos = @startpos
+            end
+        end
+
+        class FatHeaderReader < Reader
+            attr_reader :magic, :nfat_arch, :fat_arches
+
+            def parse()
+                super()
+                @magic = @fh.read_uint32
+                @nfat_arch = @fh.read_uint32
+                @fat_arches = Array.new(@nfat_arch) { FatArchReader.parse(@fh) }
+
+                unless MachO::is_fat_magic(@magic)
+                    raise(ReaderError, "Unexpected magic value for FAT header: 0x%0.8x" % @magic)
+                end
+            end
+
+            def machos()
+                a = []
+                each_macho {|mh| a << mh}
+                return a
+            end
+
+            def each_macho()
+                @fat_arches.each do |arch|
+                    @fh.pos = @startpos + arch.offset
+                    yield arch.macho_reader.parse(@fh)
+                end
+            end
+        end
+
+        class FatArchReader < Reader
+            CPU_ARCH_ABI64 = 0x01000000
+
+            attr_reader :cputype, :cpusubtype, :offset, :size, :align
+
+            def parse()
+                super()
+                @cputype = @fh.read_uint32
+                @cpusubtype = @fh.read_uint32
+                @offset = @fh.read_uint32
+                @size = @fh.read_uint32
+                @align = @fh.read_uint32
+            end
+
+            def macho_reader
+                if (@cputype & CPU_ARCH_ABI64) == 0
+                    return MachHeaderReader
+                else
+                    return MachHeader64Reader
+                end
+            end
+        end
+
+        class CommonMachHeaderReader < Reader
+            attr_reader :magic, :cputype, :cpusubtype, :filetype, :ncmds, :sizeofcmds, :flags
+
+            attr_reader :load_commands
+
+            def parse()
+                super()
+                @magic = @fh.read_uint32
+                unless MachO::is_macho_magic(@magic)
+                    raise(ReaderError, "Unrecognized magic value for mach header: 0x%0.8x" % @magic)
+                end
+                @cputype = @fh.read_uint32le
+                @cpusubtype = @fh.read_uint32le
+                @filetype = @fh.read_uint32le
+                @ncmds = @fh.read_uint32le
+                @sizeofcmds = @fh.read_uint32le
+                @flags = @fh.read_uint32le
+            end
+
+            def all_load_commands_of_type(val)
+                v = _normalize_lc_lookup_type(val)
+                return [] if v.nil?
+                load_commands.select{|x| x.cmd == v }
+            end
+
+            def find_load_command_of_type(val)
+                v = _normalize_lc_lookup_type(val)
+                return nil if v.nil?
+                load_commands.find{|x| x.cmd == v }
+            end
+
+            def loaded_libraries()
+                all_load_commands_of_type(:LC_LOAD_DYLIB).map {|lc| lc.dylib_name }
+            end
+
+            def rpaths()
+                all_load_commands_of_type(:LC_RPATH).map{|lc| lc.rpath}.uniq
+            end
+
+            def read_at(offset, size)
+                @fh.pos = @startpos + offset
+                return @fh.read(size)
+            end
+
+            def codesignature_data()
+                lc = find_load_command_of_type(:LC_CODE_SIGNATURE)
+                return nil if lc.nil?
+                read_at(lc.dataoff, lc.datasize)
+            end
+
+            def codesignature()
+                cs = codesignature_data
+                return nil if cs.nil?
+                return AppleCodeSignature::parse(cs)
+            end
+
+            def is_32?()
+                return (@magic == MACHO_MAGIC32)
+            end
+
+            def is_64?()
+                return (@magic == MACHO_MAGIC64)
+            end
+
+            def encryption_info
+                ectyp = (is_64?)? :LC_ENCRYPTION_INFO_64 : :LC_ENCRYPTION_INFO
+                return find_load_command_of_type(ectyp)
+            end
+
+            def is_encrypted?
+                ec = encryption_info
+                return (ec and ec.cryptid != 0)
+            end
+
+            def segment_load_commands()
+                segtyp = (is_64?)? :LC_SEGMENT_64 : :LC_SEGMENT
+                return all_load_commands_of_type(segtyp)
+            end
+
+            private
+            # called privately by subclasses after parse()
+            def _parse_load_commands()
+                @load_commands = Array.new(@ncmds) do
+                    cmd = @fh.read_uint32le
+                    @fh.pos -= 4
+                    klass = MachO.reader_for_lc(cmd)
+                    klass.parse(@fh)
+                end
+            end
+
+            def _normalize_lc_lookup_type(val)
+                if val.is_a?(Integer)
+                    return val
+                elsif val.is_a?(Symbol)
+                    return MachO::lcmap[val]
+                elsif val.is_a?(String)
+                    return MachO::lcmap[val.to_sym]
+                else
+                    raise(ArgumentError, "Invalid load command lookup type: #{typ.class}")
+                end
+            end
+        end
+
+        class MachHeaderReader < CommonMachHeaderReader
+            def parse()
+                super()
+                unless MachO::is_macho32_magic(@magic)
+                    raise(ReaderError, "Unexpected magic value for Mach header: 0x%0.8x" % @magic)
+                end
+                _parse_load_commands()
+            end
+        end
+
+        class MachHeader64Reader < CommonMachHeaderReader
+            attr_reader :_reserved
+            def parse()
+                super()
+                @_reserved = @fh.read_uint32le
+                unless MachO::is_macho64_magic(@magic)
+                    raise(ReaderError, "Unexpected magic value for Mach 64 header: 0x%0.8x" % @magic)
+                end
+                _parse_load_commands()
+            end
+        end
+
+        class CommonLCReader < Reader
+            attr_reader :cmd, :cmdsize
+            def parse()
+                super()
+                @cmd = @fh.read_uint32le
+                @cmdsize = @fh.read_uint32le
+                if @cmdsize < 8
+                    raise(ReaderError, "Load command size too small (#{@cmdsize} bytes) at offset #{@fh.pos - 4}")
+                end
+            end
+
+            def resolve_type()
+                MachO::resolve_lc(@cmd)
+            end
+        end
+
+        class UndefinedLCReader < CommonLCReader
+            attr_reader :cmd_data
+            def parse()
+                super()
+                @cmd_data = StringStream.new(@fh.strictread(@cmdsize - 8))
+            end
+        end
+
+        class CommonSegmentReader < CommonLCReader
+            attr_reader :segname, :vmaddr, :vmsize, :fileoff, :filesize, :maxprot, :initprot, :nsects, :flags
+
+            attr_reader :sections
+
+            def parse()
+                super()
+                @segname = @fh.strictread(16)
+            end
+
+            def segment_name()
+                @segname.unpack("Z16").first
+            end
+        end
+
+        class CommonSectionReader < Reader
+            attr_reader :sectname, :segname, :addr, :size, :offset, :align, :reloff, :nreloc, :flags, :_reserved1, :_reserved2
+            def parse()
+                super()
+                @sectname = @fh.strictread(16)
+                @segname = @fh.strictread(16)
+            end
+
+            def segment_name()
+                @segname.unpack("Z16").first
+            end
+
+            def section_name()
+                @sectname.unpack("Z16").first
+            end
+        end
+
+        class SectionReader < CommonSectionReader
+            def parse()
+                super()
+                @addr = @fh.read_uint32le
+                @size = @fh.read_uint32le
+                @offset = @fh.read_uint32le
+                @align = @fh.read_uint32le
+                @reloff = @fh.read_uint32le
+                @nreloc = @fh.read_uint32le
+                @flags = @fh.read_uint32le
+                @_reserved1 = @fh.read_uint32le
+                @_reserved2 = @fh.read_uint32le
+            end
+        end
+
+        class Section64Reader < CommonSectionReader
+            attr_reader :_reserved3
+            def parse()
+                super()
+                @addr = @fh.read_uint64le
+                @size = @fh.read_uint64le
+                @offset = @fh.read_uint32le
+                @align = @fh.read_uint32le
+                @reloff = @fh.read_uint32le
+                @nreloc = @fh.read_uint32le
+                @flags = @fh.read_uint32le
+                @_reserved1 = @fh.read_uint32le
+                @_reserved2 = @fh.read_uint32le
+                @_reserved3 = @fh.read_uint32le
+            end
+        end
+
+        class LC_SEGMENT_Reader < CommonSegmentReader
+            def parse()
+                super()
+                @vmaddr = @fh.read_uint32le
+                @vmsize = @fh.read_uint32le
+                @fileoff = @fh.read_uint32le
+                @filesize = @fh.read_uint32le
+                @maxprot = @fh.read_uint32le
+                @initprot = @fh.read_uint32le
+                @nsects = @fh.read_uint32le
+                @flags = @fh.read_uint32le
+
+                @sections = Array.new(@nsects) { SectionReader.parse(@fh) }
+            end
+        end
+
+        class LC_SEGMENT_64_Reader < CommonSegmentReader
+            def parse()
+                super()
+                @vmaddr = @fh.read_uint64le
+                @vmsize = @fh.read_uint64le
+                @fileoff = @fh.read_uint64le
+                @filesize = @fh.read_uint64le
+                @maxprot = @fh.read_uint32le
+                @initprot = @fh.read_uint32le
+                @nsects = @fh.read_uint32le
+                @flags = @fh.read_uint32le
+
+                @sections = Array.new(@nsects) { Section64Reader.parse(@fh) }
+            end
+        end
+
+        class CommonLinkeditDataCommandReader < CommonLCReader
+            attr_reader :dataoff, :datasize
+
+            def parse()
+                super()
+                @dataoff = @fh.read_uint32le
+                @datasize = @fh.read_uint32le
+            end
+        end
+
+        class LC_CODE_SIGNATURE_Reader < CommonLinkeditDataCommandReader
+        end
+
+        class LC_SEGMENT_SPLIT_INFO_Reader < CommonLinkeditDataCommandReader
+        end
+
+        class LC_FUNCTION_STARTS_Reader < CommonLinkeditDataCommandReader
+        end
+
+        class LC_DATA_IN_CODE_Reader < CommonLinkeditDataCommandReader
+        end
+
+        class LC_DYLIB_CODE_SIGN_DRS_Reader < CommonLinkeditDataCommandReader
+        end
+
+        class LC_LINKER_OPTIMIZATION_HINT_Reader < CommonLinkeditDataCommandReader
+        end
+
+        class CommonEncryptionInfoReader < CommonLCReader
+            attr_reader :cryptoff, :cryptsize, :cryptid
+
+            def parse()
+                super()
+                @cryptoff = @fh.read_uint32le
+                @cryptsize = @fh.read_uint32le
+                @cryptid = @fh.read_uint32le
+            end
+        end
+
+        class LC_ENCRYPTION_INFO_Reader < CommonEncryptionInfoReader
+        end
+
+        class LC_ENCRYPTION_INFO_64_Reader < CommonEncryptionInfoReader
+            attr_reader :_pad
+
+            def parse()
+                super()
+                @_pad = @fh.read_uint32le
+            end
+        end
+
+        class DylibStructReader < Reader
+            attr_reader :offset, :timestamp, :current_version, :compatibility_version
+
+            def parse()
+                super()
+                @offset = @fh.read_uint32le
+                @timestamp = @fh.read_uint32le
+                @current_version = @fh.read_uint32le
+                @compatibility_version = @fh.read_uint32le
+            end
+        end
+
+        class CommonDylibCommandReader < CommonLCReader
+            attr_reader :dylib_struct, :dylib_name_data
+
+            def parse()
+                super()
+                @dylib_struct = DylibStructReader.parse(@fh)
+                @dylib_name_data = @fh.strictread(self.cmdsize - self.dylib_struct.offset)
+            end
+
+            def dylib_name()
+                @dylib_name_data.unpack("Z*").first
+            end
+        end
+
+        class LC_ID_DYLIB_Reader < CommonDylibCommandReader
+        end
+
+        class LC_LOAD_DYLIB_Reader < CommonDylibCommandReader
+        end
+
+        class LC_LOAD_WEAK_DYLIB_Reader < CommonDylibCommandReader
+        end
+
+        class LC_REEXPORT_DYLIB_Reader < CommonDylibCommandReader
+        end
+
+        class LC_RPATH_Reader < CommonLCReader
+            attr_reader :offset, :rpath_data
+
+            def parse()
+                super()
+                @offset = @fh.read_uint32le
+                @rpath_data = @fh.strictread(@cmdsize - @offset)
+            end
+
+            def rpath()
+                @rpath_data.unpack("Z*").first
+            end
+        end
+    end
+end

data/lib/pliney/provisioning_profile.rb

@@ -1,10 +1,19 @@
-require 'pliney/util'
-require 'pliney/entitlements'
 require 'openssl'
 require 'digest/sha1'
 
+require_relative 'util'
+
 module Pliney
-    class EntitlementsMask < Entitlements
+    class EntitlementsMask
+        def self.from_data(data)
+            new(Pliney.parse_plist(data))
+        end
+
+        attr_reader :ents
+        def initialize(ents)
+            @ents = ents
+        end
+
     end
 
     class ProvisioningProfile

data/lib/pliney/util.rb

@@ -7,4 +7,10 @@ module Pliney
         plist = CFPropertyList::List.new(data: rawdat)
         return CFPropertyList.native_types(plist.value)
     end
+
+    def self.write_plist(data, outpath, format = CFPropertyList::List::FORMAT_XML)
+        plist = CFPropertyList::List.new
+        plist.value = CFPropertyList.guess(data)
+        plist.save(outpath, format)
+    end
 end

data/lib/pliney/version.rb

@@ -1,3 +1,3 @@
 module Pliney
-  VERSION = "0.0.4"
+  VERSION = "0.0.6"
 end

data/spec/ipa_spec.rb

@@ -75,9 +75,62 @@ describe Pliney::IPA do
         @ipa.bundle_short_version.should == "1.0"
     end
 
-    it "reads the executable object"
+    it "reads the codesignature for the main exe" do
+        cs = @ipa.executable_codesignature
+        cs.should be_a Pliney::AppleCodeSignature::EmbeddedSignature
+    end
+
+    it "reads the raw entitlements data" do
+        ents_data = @ipa.executable_entitlements_data
+        ents_data.should be_a String
+        ents_data.should =~ /^<\?xml/
+    end
+
+    it "reads the parsed entitlements" do
+        ents = @ipa.executable_entitlements
+        ents.should be_a Hash
+        ents["application-identifier"].should == "UL736KYQR9.computer.versus.pliney-test"
+    end
+
+    it "gets the team_identifier" do
+        @ipa.team_identifier == "UL736KYQR9"
+    end
+
+    it "extracts ipa contents" do
+        Dir.mktmpdir do |tmpd|
+            @ipa.extract(tmpd)
+            tmp_path = Pathname(tmpd)
+            @ipa.each_file_entry do |ent|
+                tmp_path.join(ent.name).exist?.should == true
+            end
+        end
+    end
 
-    it "reads the entitlements"
+    it "extracts ipa contents to a temp directory yielded to a block" do
+        block_was_called = false
+        @ipa.with_extracted_tmpdir do |tmp_path|
+            block_was_called = true
+            @ipa.each_file_entry do |ent|
+                tmp_path.join(ent.name).exist?.should == true
+            end
+        end
+        block_was_called.should == true
+    end
+
+    it "reads the executable object" do
+        block_was_called = false
+        @ipa.with_executable_macho do |exe_obj|
+            block_was_called = true
+            exe_obj.should be_a Pliney::MachO::FatHeaderReader
+            exe_obj.fat_arches.count.should == 2
+            machos = exe_obj.machos
+            machos.map{|x| x.magic}.should == [
+                Pliney::MachO::MACHO_MAGIC32,
+                Pliney::MachO::MACHO_MAGIC64,
+            ]
+        end
+        block_was_called.should == true
+    end
 
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pliney
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.6
 platform: ruby
 authors:
 - Eric Monti
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-19 00:00:00.000000000 Z
+date: 2018-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
@@ -124,8 +124,10 @@ files:
 - README.md
 - Rakefile
 - lib/pliney.rb
-- lib/pliney/entitlements.rb
+- lib/pliney/apple_code_signature.rb
+- lib/pliney/io_helpers.rb
 - lib/pliney/ipa.rb
+- lib/pliney/macho.rb
 - lib/pliney/provisioning_profile.rb
 - lib/pliney/util.rb
 - lib/pliney/version.rb

data/lib/pliney/entitlements.rb

@@ -1,13 +0,0 @@
-
-module Pliney
-    class Entitlements
-        def self.from_data(data)
-            new(Pliney.parse_plist(data))
-        end
-
-        attr_reader :ents
-        def initialize(ents)
-            @ents = ents
-        end
-    end
-end