Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help to check app integrity #1

Open
ogezue opened this issue Sep 26, 2019 · 0 comments
Open

Help to check app integrity #1

ogezue opened this issue Sep 26, 2019 · 0 comments

Comments

@ogezue
Copy link

ogezue commented Sep 26, 2019

I found your code to calculate the integrity but I ask myself if it is still relevant for Swift apps.
My current approach to check the integrity is to import an array of possible app sizes and hashes from my backend and compare it to the calculated app size and hash.
Anyway - I have some struggle with the comparison: How do I modify the trusted hash so that the function returns 0?

Here is my code:

#import <Foundation/Foundation.h>
#import "IntegrityCheck.h"
#import <CommonCrypto/CommonDigest.h>

unsigned char sha256_placeholder[] =
{ 0x16, 0x13, 0x13, 0x19, 0x14, 0x48, 0xbe, 0xd2, 0x9d, 0x3d, 0x27, 0x45, 0x0b, 0x86, 0x51, 0xde, 0x58, 0x6d,0x39, 0xb2};

unsigned char file_size_placeholder[] = { 0x80, 0x04, 0x67, 0x02 };

NSData *get_sha256() {
   return  [NSData dataWithBytes:sha256_placeholder length:32];
}


NSData *get_fileSize() {
   return[NSData dataWithBytes:file_size_placeholder  length:8];
}

#ifdef FAIL
    NSString *AppName = @"MyAppiOS_fail";
#else
     NSString *AppName = @"MyAppiOS";
#endif

int doAppIntegrity() {
    
    int ret = 0;

    //** read my APPS executable
    NSFileHandle      *inFile;
    NSFileManager     *fileMgr;
    NSString          *filePath;
    
    fileMgr = [NSFileManager defaultManager];
    
    //** open and read APP file into a data block
    filePath = [[NSBundle mainBundle] pathForResource:AppName ofType:0 ];
    
    if ( [fileMgr fileExistsAtPath:filePath] == NO ) {
        NSLog(@"File does not exist!");
        ret = -1;
    }
    
    //** FILE SIZE
    inFile = [NSFileHandle fileHandleForReadingAtPath: filePath];
    NSData *plain_txt = [ inFile readDataToEndOfFile];
    unsigned int app_file_size = (CC_LONG)[plain_txt length];
    NSLog(@"AS-IS - APP file size: %d", app_file_size);
    [inFile closeFile];
    
    //** SHA256bit HASH
    unsigned char hash[CC_SHA256_DIGEST_LENGTH];
    CC_SHA256([plain_txt bytes], (CC_LONG)[plain_txt length], hash);
    NSData *app_sig = [NSData dataWithBytes:hash length:CC_SHA1_DIGEST_LENGTH];
    NSLog(@"AS-IS - sha_hash_val 20 bytes: %@", app_sig);
    NSLog(@"app_sig_len:%lu", (unsigned long)[app_sig length]);
    
    
    NSData *trusted_app_sig = [NSData dataWithBytes:sha256_placeholder length:CC_SHA1_DIGEST_LENGTH];
    NSLog(@"trusted app sig:%@", trusted_app_sig);
    NSLog(@"trusted app sig len:%lu", (unsigned long)[trusted_app_sig length]);
    
    NSData *trusted_app_size_data = [NSData dataWithBytes:file_size_placeholder length:4];
    unsigned int trusted_app_size;
    [trusted_app_size_data getBytes:&trusted_app_size length:sizeof(trusted_app_size)];
    
    NSLog(@"trusted app size hex:%@", trusted_app_size_data);
    NSLog(@"trusted app size:%d", trusted_app_size);
    
    // compare computed sha hash to passed in value
    if (8004672 != app_file_size) {
        NSLog(@"App Integrity FAIL - file size MISMATCH");
        ret = -1;
    }
    
    else {
        NSLog(@"App Integrity PASS - file size MATCH");
    }
    if ([trusted_app_sig isEqualToData:app_sig]){
        NSLog(@"App Integrity PASS - signature MATCH");
    }
    else {
        NSLog(@"App Integrity FAIL - signature MISMATCH");
        ret = -1;
    }
    
    return ret;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ogezue