xsscx/srd

SUMMARY: BUILD | 19E5209h | 13E5086k | libclang_rt.asan_ios_dynamic.dylib | Entitlement Issues

xsscx opened this issue · 2 comments

xsscx commented

With respect to ios 15.4 Beta 19E5209h and Xcode 13E5086k | libclang_rt.asan_ios_dynamic.dylib

Issue

cryptex-run: unsuitable CT policy 0 for this platform/device, rejecting signature

Repro

Terminal

  • Step 1: Make & Install Cryptex
make clean
make
make install
  • Step 2: Collect Logs
sudo -E cryptexctl log collect
  • Step 3: Search Logs
open ./system_logs.logarchive
Search == cryptex
  • Step 4: Review & Confirm the Issue

Source

https://github.com/apple/security-research-device/tree/main/example-cryptex

Codesign Info

codesign -dvv /usr/local/bin/cryptexctl.research
Executable=/usr/local/bin/cryptexctl.research
Identifier=com.apple.security.cryptexctl
Format=Mach-O universal (x86_64 arm64e)
CodeDirectory v=20400 size=3286 flags=0x2000(library-validation) hashes=92+7 location=embedded
Signature size=4442
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA
Signed Time=Jan 26, 2022 at 02:53:39
Info.plist entries=18
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=80

Host Version Info

=====================================
SRD Host Cryptex Troubleshooter Log Info
=====================================
Sun Jan 30 21:40:51 EST 2022
macOS 12.3 (21E5196i) 
21.4.0 Darwin Kernel Version 21.4.0: Tue Jan 18 13:02:08 PST 2022; root:xnu-8020.100.406.0.1~18/RELEASE_ARM64_T8101 arm64
Apple clang version 13.1.6 (clang-1316.0.19.2)
Target: arm64-apple-darwin21.4.0
Thread model: posix
InstalledDir: /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
Darwin Cryptex Management Interface Version 2.0.0: Tue Jan 25 23:53:01 PST 2022; root:libcryptex_executables-170.100.20~29/cryptexctl/WEN_ETA_ARM64E
machdep.cpu.brand_string: Apple M1
System Integrity Protection status: disabled.
cryptexctl: flags = [none]
cryptexctl: will re-exec: /usr/local/bin/cryptexctl.research
cryptexctl.research: path = /usr/local/bin/cryptexctl.research
MobileDevice version = 1369.100.45.111.1
cryptexctl.research: argv[_main] =
cryptexctl.research:   [0] = cryptexctl
cryptexctl.research:   [1] = -v2
cryptexctl.research:   [2] = -d2
cryptexctl.research:   [3] = install
cryptexctl.research:   [4] = --variant=research
cryptexctl.research:   [5] = --persist
cryptexctl.research:   [6] = --print-info
cryptexctl.research:   [7] = ./com.example.cryptex.cxbd.signed

Issue Summary

default	21:35:49.740365-0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.WJMQAm/usr/bin/cryptex-run' is adhoc signed.
default	21:35:49.740483-0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.WJMQAm/usr/bin/cryptex-run': unsuitable CT policy 0 for this platform/device, rejecting signature.

iPhone 11 Log Collection

default	2022-01-30 21:50:54.186624 -0500	launchd	service state: spawning
default	2022-01-30 21:50:54.186683 -0500	launchd	launching: inefficient
default	2022-01-30 21:50:54.188719 -0500	launchd	xpcproxy spawned with pid 4448
default	2022-01-30 21:50:54.188781 -0500	launchd	internal event: SPAWNED, code = 0
default	2022-01-30 21:50:54.188801 -0500	launchd	service state: xpcproxy
default	2022-01-30 21:50:54.188817 -0500	launchd	deferred event: domain spawn response: 0
default	2022-01-30 21:50:54.188839 -0500	launchd	internal event: SOURCE_ATTACH, code = 0
default	2022-01-30 21:50:54.196063 -0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.enqAqx/usr/bin/cryptex-run' is adhoc signed.
default	2022-01-30 21:50:54.196108 -0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.enqAqx/usr/bin/cryptex-run': unsuitable CT policy 0 for this platform/device, rejecting signature.
default	2022-01-30 21:50:54.196371 -0500	launchd	service state: running
default	2022-01-30 21:50:54.196410 -0500	launchd	internal event: INIT, code = 0
default	2022-01-30 21:50:54.196435 -0500	launchd	Successfully spawned cryptex-run[4448] because inefficient
default	2022-01-30 21:50:54.197077 -0500	launchd	removing service since it exited with consistent failure - OS_REASON_EXEC
default	2022-01-30 21:50:54.197093 -0500	launchd	service exited: dirty = 0, supported pressured-exit = 0
default	2022-01-30 21:50:54.197109 -0500	launchd	service state: exited
default	2022-01-30 21:50:54.197125 -0500	launchd	internal event: EXITED, code = 0
default	2022-01-30 21:50:54.197135 -0500	launchd	service inactive: com.example.cryptex.sshd
default	2022-01-30 21:50:54.197153 -0500	launchd	service state: not running
default	2022-01-30 21:50:54.197175 -0500	launchd	Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
default	2022-01-30 21:50:54.197276 -0500	launchd	internal event: WILL_SPAWN, code = 0
default	2022-01-30 21:50:54.197290 -0500	launchd	service state: spawn scheduled
default	2022-01-30 21:50:54.197303 -0500	launchd	service throttled by 10 seconds
default	2022-01-30 21:50:56.494889 -0500	launchd	service state: spawning
default	2022-01-30 21:50:56.494950 -0500	launchd	launching: inefficient
default	2022-01-30 21:50:56.497005 -0500	launchd	xpcproxy spawned with pid 4449
default	2022-01-30 21:50:56.497064 -0500	launchd	internal event: SPAWNED, code = 0
default	2022-01-30 21:50:56.497081 -0500	launchd	service state: xpcproxy
default	2022-01-30 21:50:56.497098 -0500	launchd	deferred event: domain spawn response: 0
default	2022-01-30 21:50:56.497124 -0500	launchd	internal event: SOURCE_ATTACH, code = 0
default	2022-01-30 21:50:56.505707 -0500	launchd	service state: running
default	2022-01-30 21:50:56.505748 -0500	launchd	internal event: INIT, code = 0
default	2022-01-30 21:50:56.505769 -0500	launchd	Successfully spawned hello[4449] because inefficient
default	2022-01-30 21:50:56.544836 -0500	launchd	service exited: dirty = 0, supported pressured-exit = 0
default	2022-01-30 21:50:56.544877 -0500	launchd	jettisoned: JETSAM_REASON_MEMORY_PERPROCESSLIMIT
default	2022-01-30 21:50:56.544894 -0500	launchd	service state: exited
default	2022-01-30 21:50:56.544913 -0500	launchd	internal event: EXITED, code = 0
default	2022-01-30 21:50:56.544923 -0500	launchd	service inactive: com.example.cryptex.hello
default	2022-01-30 21:50:56.544939 -0500	launchd	service state: not running
default	2022-01-30 21:50:56.544960 -0500	launchd	Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
default	2022-01-30 21:50:56.545021 -0500	launchd	internal event: WILL_SPAWN, code = 0
default	2022-01-30 21:50:56.545036 -0500	launchd	service state: spawn scheduled
default	2022-01-30 21:50:56.545048 -0500	launchd	service throttled by 10 seconds
default	2022-01-30 21:51:04.202399 -0500	launchd	service state: spawning
default	2022-01-30 21:51:04.202461 -0500	launchd	launching: inefficient
default	2022-01-30 21:51:04.204480 -0500	launchd	xpcproxy spawned with pid 4451
default	2022-01-30 21:51:04.204545 -0500	launchd	internal event: SPAWNED, code = 0
default	2022-01-30 21:51:04.204562 -0500	launchd	service state: xpcproxy
default	2022-01-30 21:51:04.204577 -0500	launchd	deferred event: domain spawn response: 0
default	2022-01-30 21:51:04.204611 -0500	launchd	internal event: SOURCE_ATTACH, code = 0
default	2022-01-30 21:51:04.211842 -0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.enqAqx/usr/bin/cryptex-run' is adhoc signed.
default	2022-01-30 21:51:04.211884 -0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.enqAqx/usr/bin/cryptex-run': unsuitable CT policy 0 for this platform/device, rejecting signature.
default	2022-01-30 21:51:04.212199 -0500	launchd	service state: running
default	2022-01-30 21:51:04.212246 -0500	launchd	internal event: INIT, code = 0
default	2022-01-30 21:51:04.212271 -0500	launchd	Successfully spawned cryptex-run[4451] because inefficient
default	2022-01-30 21:51:04.212918 -0500	launchd	removing service since it exited with consistent failure - OS_REASON_EXEC
default	2022-01-30 21:51:04.212949 -0500	launchd	service exited: dirty = 0, supported pressured-exit = 0
default	2022-01-30 21:51:04.212965 -0500	launchd	service state: exited
default	2022-01-30 21:51:04.212980 -0500	launchd	internal event: EXITED, code = 0
default	2022-01-30 21:51:04.212990 -0500	launchd	service inactive: com.example.cryptex.sshd
default	2022-01-30 21:51:04.213009 -0500	launchd	service state: not running

iPhone 12 Log Collection

default	2022-01-31 06:12:16.660702 -0800	launchd	service state: spawning
default	2022-01-31 06:12:16.660758 -0800	launchd	launching: inefficient
default	2022-01-31 06:12:16.662678 -0800	launchd	xpcproxy spawned with pid 1010
default	2022-01-31 06:12:16.662724 -0800	launchd	internal event: SPAWNED, code = 0
default	2022-01-31 06:12:16.662739 -0800	launchd	service state: xpcproxy
default	2022-01-31 06:12:16.662750 -0800	launchd	deferred event: domain spawn response: 0
default	2022-01-31 06:12:16.662772 -0800	launchd	internal event: SOURCE_ATTACH, code = 0
default	2022-01-31 06:12:16.668931 -0800	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.znycKY/usr/bin/cryptex-run' is adhoc signed.
default	2022-01-31 06:12:16.668956 -0800	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.znycKY/usr/bin/cryptex-run': unsuitable CT policy 0 for this platform/device, rejecting signature.
default	2022-01-31 06:12:16.669169 -0800	launchd	service state: running
default	2022-01-31 06:12:16.669203 -0800	launchd	internal event: INIT, code = 0
default	2022-01-31 06:12:16.669223 -0800	launchd	Successfully spawned cryptex-run[1010] because inefficient
default	2022-01-31 06:12:16.669852 -0800	launchd	removing service since it exited with consistent failure - OS_REASON_EXEC
default	2022-01-31 06:12:16.669881 -0800	launchd	exited with exit reason (namespace: 9 code: 0x1) - OS_REASON_EXEC
default	2022-01-31 06:12:16.669895 -0800	launchd	service state: exited
default	2022-01-31 06:12:16.669912 -0800	launchd	internal event: EXITED, code = 0
default	2022-01-31 06:12:16.669922 -0800	launchd	service inactive: com.example.cryptex.sshd
default	2022-01-31 06:12:16.669934 -0800	launchd	service state: not running

UX

No SSH Access

ssh: connect to host 192.168.3.70 port 22: Connection refused

Prior Report(s)

https://github.com/apple/security-research-device/issues/43: 19D50 | AMFI Research | 21C39 | simple-shell | unsuitable CT policy 0 for this platform/device, rejecting signature

Cryptex Manager

CryptexManager can also be used for Cryptex Installation. The Console Logs shows similar Errors :

default	13:51:44.456337-0500	ReportCrash	ASI found [dyld] (sensitive) 'Library not loaded: @rpath/libclang_rt.asan_ios_dynamic.dylib
  Referenced from: /private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/hello
  Reason: tried: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib' (code signature invalid (errno=1) sliceOffset=0x001FC000, codeBlobOffset=0x000B5B70, codeBlobSize=0x00006D40 for '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib'), '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/13.0.0/lib/darwin/libclang_rt.asan_ios_dynamic.dylib' (no such file), '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib' (code signature invalid (errno=1) sliceOffset=0x001FC000, codeBlobOffset=0x000B5B70, codeBlobSize=0x00006D40 for '/private/var/run/com.apple.security.cryptexd<…>'
error	13:51:51.232732-0500	kernel	Sandbox: mobile_storage_p(302) deny(1) file-read-metadata /private/var/run/com.apple.security.cryptexd/codex.system/live/com.example.cryptex/cpxd
default	13:51:54.417943-0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib': unsuitable CT policy 0x8 for this platform/device, rejecting signature.
default	13:51:54.424813-0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib': unsuitable CT policy 0x8 for this platform/device, rejecting signature.
default	13:51:54.433294-0500	ReportCrash	ASI found [dyld] (sensitive) 'Library not loaded: @rpath/libclang_rt.asan_ios_dynamic.dylib
  Referenced from: /private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/hello
  Reason: tried: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib' (code signature invalid (errno=1) sliceOffset=0x001FC000, codeBlobOffset=0x000B5B70, codeBlobSize=0x00006D40 for '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib'), '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/13.0.0/lib/darwin/libclang_rt.asan_ios_dynamic.dylib' (no such file), '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib' (code signature invalid (errno=1) sliceOffset=0x001FC000, codeBlobOffset=0x000B5B70, codeBlobSize=0x00006D40 for '/private/var/run/com.apple.security.cryptexd<…>'
default	13:52:04.451750-0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib': unsuitable CT policy 0x8 for this platform/device, rejecting signature.
default	13:52:04.458494-0500	kernel	AMFI: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.YCRf5T/usr/bin/libclang_rt.asan_ios_dynamic.dylib': unsuitable CT policy 0x8 for this platform/device, rejecting signature.

CryptexManager is able to successfully perform a Cryptex Installation for ios 15.4 Beta 19E5209h with Host X86_64 when using macOS 12.2 (21D49):

uname -a
Darwin SRD0009 21.4.0 Darwin Kernel Version 21.4.0: Sun Jan 16 20:50:39 PST 2022; root:xnu-8020.100.406.0.1~10/RELEASE_ARM64_T8030 iPhone12,1 Toybox
xsscx commented

SUMMARY

See #17