Hello, is it possible to interact with a nearby device through Bluetooth LE, from the authorization plugin? Currently, I have: a plugin bundle, registered with the authorization mechanisms; a daemon that I have set up to contain all the business logic added the com.apple.security.device.bluetooth entitlement to the daemon package, to allow Bluetooth communication; registered the daemon through LaunchDaemons so that it is managed by launchd And I'm using XPC to communicate between the plugin and the daemon. When I send the request to the daemon to scan for peripherals, I get a TCC error: 0xd5a Error 0x23e5 161 0 tccd: [com.apple.TCC:access] Refusing TCCAccessRequest for service kTCCServiceBluetoothAlways from client Sub:{...} in background session The above error seems to suggest that I can't grant the bluetooth permission from the daemon itself, is there a recommended way to grant permissions before running it? And if granted, would I be able to utilize the framework successfully from the logon screen? Other options I have tried: Invoking the framework directly from the plugin, which failed. Probably because the Security agent process isn't entitled to communicate via Bluetooth and that it would require changing the host process entitlements plist, which I don't have access to? 🤔 Attempting to use a launch agent in lieu of a daemon, with proper entitlement, but that didn't work either. Probably because launch agents are loaded after the user has successfully logged in and I was invoking it before? 🤔 And lastly, I looked into the possibility of utilizing Privacy Preference MDM payload to grant access, but it seems like the MDM options do not include Bluetooth support. Is there any other way to accomplish this? Thank you!

I am developing a cloud-based application and have integrated the FileProviderExtension. However, files larger than 20 MB are not downloading as it’s throwing a memory limit exception. In this process, I have downloaded the file data, but after downloading the data, I need to decrypt the data. I am getting a memory limit exception during decryption. I am using the below lines to decrypt the data. let symmetricKey = SymmetricKey(data: key) let sealedBox = try AES.GCM.SealedBox(combined: inputData) let decryptedData = try AES.GCM.open(sealedBox, using: symmetricKey) I am getting memory limit exception at AES.GCM.open(sealedBox, using: symmetricKey)

Hey, I'm looking for some help with ASAuthorizationController and passkeys. It seems that wildcards in applinks used for subdomains break passkeys for the main domain. The app has the following entries in entitlements (where mydomain.com is a placeholder for the actual domain): webcredentials: mydomain.com applinks: mydomain.com applinks: *.mydomain.com The AASA file is hosted only at mydomain.com and contains a correctly formatted webcredentials entry: { "webcredentials": { "apps": [ "app-id-corretly-formatted" ] }, "applinks": { "apps": [], "details": [ // ... ] } } When I use ASAuthorizationController with the domain mydomain.com, it reports the following error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "Application with identifier X is not associated with domain mydomain.com" UserInfo={NSLocalizedFailureReason=Application with identifier X is not associated with domain mydomain.com If I remove the following line from the entitlements applinks: *.mydomain.com, it works as expected: webcredentials: mydomain.com applinks: mydomain.com It appears that the problem is with the wildcard in the subdomains. Has someone experienced this issue?

A few weeks ago I had problems with provisioning profiles for some macOS programs, so I deleted/revoked a bunch of certificates and provisioning profiles and started from scratch. (Everything seems to be working for me) Unfortunately, a co-worker had two programs on his machine that were built with the old, test provisioning profiles with the revoked certificates, and it seems this may be preventing him from deleting the system extensions. The apps have been deleted, but that does not delete the system extensions. I installed a new program that programmatically (tries to) uninstall the system extension, but it doesn't seem to work either. When he reboots his computer, macOS pops up a window showing that the extensions may be malware. If he clicks "Show in Finder" and then tries to delete the system extensions from the Finder, he gets the message: The operation can't be completed because you don't have permission to access some of the items. Is it possible to delete the old system extensions that were installed with the old provisioning profiles? Are there multiple files that need to be deleted (e.g., the system extension and a .plist file somewhere)?

Hi there, I'm trying to do a raw signature but the SecKeyRawSign is deprecated, so I am wondering if there is any way to do it using SecKeyCreateSignature, and EC key and the kSecKeyAlgorithmECDSASignatureMessageX962SHA256 algo. I've noticed that this method applies a hash before signing the data, and I want to avoid that. Is that possible? If not, what other options do i have? Thanks in advance.

I need to programmatically add an item to a keychain using SecItemAdd. I am told to use kSecUseKeychain to specify which keychain. I also need to programmatically retrieve items from a keychain using SecItemCopyMatching, and I am told I need kSecMatchSearchList to do this. Where I am stuck is I need to be nice to the end user and allow them to choose a keychain using a friendly name. The document https://developer.apple.com/documentation/technotes/tn3137-on-mac-keychains mentions that SecKeychainRef's are needed, but not where they come from. What calls do I need to use to enumerate the keychains on MacOS? Most specifically, what calls do I need to use to programmatically retrieve the following list, containing "login", "iCloud", "System" and "System Roots". I am aware that some functions are deprecated.

Hi folks, I have a binary that I'm testing for a colleague developer on macOS 12.7.1. It's identified as a "Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|BINDS_TO_WEAK|PIE|HAS_TLV_DESCRIPTORS>" by the /usr/bin/file utility. Whenever it's launched I get the 'allow or deny incoming connections' app firewall prompt, but even though my response is stored correctly (verified using /usr/libexec/ApplicationFirewall/socketfilterfw —listapps), every time I launch it I get prompted again. Is this because the app can't be signed when I approve or deny connections? I tried a quick self-sign using codesign --force --deep -s - <app> and got an internal error in Code Signing subsystem response. Any and all advice very much welcome! Thanks :)

On my mac platform I try to use the method SecKeyCreateSignature to sign data with algorithm kSecKeyAlgorithmRSASignatureRaw but always failed. I double checked the support status but it failed with sample code: if (!SecKeyIsAlgorithmSupported(privKeyRef, kSecKeyOperationTypeSign, kSecKeyAlgorithmRSASignatureRaw)) {return 0;} But on my iOS client, the kSecKeyAlgorithmRSASignatureRaw works well. If I can not use the algorithm kSecKeyAlgorithmRSASignatureRaw, which algorithm I can use to get the same signed result by sign the given to-be-signed raw data.

Hello, I have made a basic c program and i have compiled it with gcc. This program has not been signed (i didn't run codesign). When i am trying to run this program from terminal, i don't get any Gatekeeper popup. My first question is... why ? I have create a SwiftUI project with Xcode (Xcode 15). I have set signing settings to "Sign to run locally" (by the way, can you tell me how i can disable signing in Xcode ?) I have opened terminal and i have changed current directory to ~/Library/Developer/Xcode/DerivatedData/..../Products/Debug/MyApp.app/Contents/MacOS folder. Now i get a gatekeeper confirmation popup if run "./Myapp" from terminal. My second question is... Why ? Does that mean Gatekeeper only checks signed binaries ? Thanks

Given a SecKeyRef such as the example below, how do I get the class? "<SecCDSAKeyRef 0x600000d37030: algorithm id: 1, class=1, algorithm=2a, usage=800001ff attrs=39>", The possible values kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate and kSecAttrKeyClassSymmetric are documented below, but the function used to retrieve those values seems missing. https://developer.apple.com/documentation/security/ksecattrkeyclasspublic?language=objc

I have a DER encoded digital certificate that comes from outside a keychain. I am trying to search the keychain for a matching private key. I am able to parse the DER certificate and show all the values as follows: CFErrorRef error = NULL; CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, cert->der, cert->len, kCFAllocatorNull); SecCertificateRef certref = SecCertificateCreateWithData(kCFAllocatorDefault, data); CFDictionaryRef values = SecCertificateCopyValues(certref, NULL, &error); CFShow(values); I am able to search for keys in the keychain as follows: CFTypeRef keys = NULL; CFIndex count; CFIndex i; CFStringRef dictkeys[] = { kSecClass, kSecMatchLimit, kSecReturnRef, kSecReturnAttributes }; CFTypeRef dictvalues[] = { kSecClassKey, kSecMatchLimitAll, kCFBooleanTrue, kCFBooleanTrue }; CFDictionaryRef query = CFDictionaryCreate( NULL, (const void **) dictkeys, dictvalues, sizeof(dictkeys) / sizeof(dictkeys[0]), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks ); OSStatus err = SecItemCopyMatching(query, &keys); Where I am stuck is how to join the two together. What value from the certificate should I be extracting to allow a lookup for a link to the private key? What parameter do I pass into SecItemCopyMatching to search for a matching private key?

I have some code where I'm using SecKeyCreateSignature using a SecKey that I retrieved using SecCopyItemMatching with an LAContext provided to the query via the kSecUseAuthenticationContext parameter. This is a biometrically-backed key so a Touch ID prompt is displayed for the user. Calling LAContext.invalidate() while that system prompt is present doesn't dismiss the prompt or cancel the SecKeyCreateSignature call. I was hoping that would behave similar to how calling LAContext.invalidate when calling LAContext.evaluatePolicy and dismiss the system prompt and cancel the evaluatePolicy call. Is this a bug/oversight, expected behaviour, or am I missing some required setup to accomplish what I'm trying to do?

Hello, I am read some binaries are "SIP protected". SIP means System Integrity Protection. I know this is a security mechanism under macOS. But i don't understand what is a "SIP protected binary". Is it a binary located in a specific folder ? Is it a binary signed with "hardened runtime" ? Thanks

I have discovered this executable, RemotePairingDataVaultHelper, is not validly signed. This was brought to my attention while experimenting with Google's Santa (https://santa.dev). Has anyone else come across this or something similar? I want to know if this executable can be trusted or if it should be suspected of corruption. Malwarebytes and ClamXAV do not report a virus within the RemotePairing.framework. I am running macOS 14.0 (23A344) on a Mac Studio 2023 with an Apple M2 Ultra processor. Here is what I get with codesign: (python-3.11)zsh % codesign -v /Library/Apple/System/Library/PrivateFrameworks/RemotePairing.framework/Versions/A/Resources/bin/RemotePairingDataVaultHelper /Library/Apple/System/Library/PrivateFrameworks/RemotePairing.framework/Versions/A/Resources/bin/RemotePairingDataVaultHelper: invalid Info.plist (plist or signature have been modified) In architecture: arm64e (python-3.11)zsh % codesign -dvvv /Library/Apple/System/Library/PrivateFrameworks/RemotePairing.framework/Versions/A/Resources/bin/RemotePairingDataVaultHelper Executable=/Library/Apple/System/Library/PrivateFrameworks/RemotePairing.framework/Versions/A/Resources/bin/RemotePairingDataVaultHelper Identifier=com.apple.CoreDevice.RemotePairingDataVaultHelper Format=Mach-O universal (x86_64 arm64e arm64) CodeDirectory v=20400 size=1290 flags=0x0(none) hashes=29+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha1=8976226501f2cbf161e3d7559b3ccb038e83669a CandidateCDHashFull sha1=8976226501f2cbf161e3d7559b3ccb038e83669a CandidateCDHash sha256=5afa3b8c21c1c48d725fde5c039ecb0a98c12627 CandidateCDHashFull sha256=5afa3b8c21c1c48d725fde5c039ecb0a98c126276fab3d55a5b28d29c72c7158 Hash choices=sha1,sha256 CMSDigest=23c24570be68e98aa95c9152004324d5ea81e85705bc747ac42cbb7e02bef9be CMSDigestType=2 CDHash=5afa3b8c21c1c48d725fde5c039ecb0a98c12627 Signature size=4493 Authority=Software Signing Authority=Apple Code Signing Certification Authority Authority=Apple Root CA Info.plist=not bound TeamIdentifier=not set Sealed Resources=none Internal requirements count=1 size=100

I've been reading information/signing data using keys in the file keychain without too many problems but the other day I tried to generate a private key in the file and the secure enclave keychains and I faced the -30418 error. I made sure that the entitlements were correct based on previous posts but still no luck. Code kind of based off this: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/protecting_keys_with_the_secure_enclave Do you actually need to pay for the $99/per year developer account to generate private keys inside the keychains ?

Hello, Look at this basic C program: #include <stdio.h> int main() { printf("%llx\n", main); return 0; } The displayed address change on each run. This is due to ASLR. Is there a way to launch a program by forcing the main module's base address I would like to do something like that in my terminal: $ BASE_ADDRESS=0x10000 ./a.out How can i do that on mac os ? Is it possible to force base address loading for shared libraries too ? Thanks

I was investigating the Client Hello for my iOS app and saw that the TLS 1.3 handshake with Client Hello sends Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) I thought SHA-1 is not being used anymore. The Full list of offered signature_algorithms from the client in the Extension: signature_algorithms (len=24) Type: signature_algorithms (13) Length: 24 Signature Hash Algorithms Length: 22 Signature Hash Algorithms (11 algorithms) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: SM2 (4) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1)

My AppleScript .app bundle contains a helper executable. Table 3 of TN2206 says that executables may be in either Contents/MacOS or Contents/Helpers, but Quinn's first reply in this post says that Contents/MacOS is better. So I put the helper in Contents/MacOS, alongside applet. I sign the AppleScript .app bundle for Developer ID and Hardened Runtime by running the codesign command with arguments recommended by Quinn in this post. Result: Notary Service rejects the .app bundle due to 3 issues with the helper: is not signed with a valid Developer ID certificate does not include a secure timestamp does not have the hardened runtime enabled (Possibly it still has a years-old signature without Developer ID and Hardened Runtime). So it seems that the the helper is not being (re-)signed. If, instead of signing the .app bundle, I run Quinn's codesign comand twice, once on the applet and once on the second executable, then Notary Service is happy with the bundle. I was hoping that, after all these years, codesign is now smart enough to find and sign all of the executables inside a bundle. Both executables are x86_64 non-fat (I guess I should fatten those) and I have installed Xcode 15.1 Beta. Should I file a bug, or am I doing something wrong?

I found out that this code fails on Sonoma on apple silicon: #include &lt;sys/mman.h&gt; #include &lt;sys/types.h&gt; #include &lt;sys/stat.h&gt; #include &lt;fcntl.h&gt; #include &lt;unistd.h&gt; #include &lt;cassert&gt; #include &lt;iostream&gt; int main() { const char* filename = "data_file"; int dataSize = 1024; // 1 kilobyte int fd; // Create or overwrite the file fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IXUSR ); if (fd == -1) { perror("Error creating file"); return 1; } // Make the file 1 KB in size if (ftruncate(fd, dataSize) == -1) { perror("Error setting file size"); close(fd); return 1; } // Map the file into memory for writing int* writeData = (int*)mmap(NULL, dataSize, PROT_WRITE, MAP_SHARED, fd, 0); if (writeData == MAP_FAILED) { perror("Error mmaping for write"); close(fd); return 1; } // Write some integer data for (int i = 0; i &lt; dataSize/sizeof(int); ++i) { writeData[i] = i; } // Close the file and unmap memory if (munmap(writeData, dataSize) == -1) { perror("Error unmapping writeData"); } close(fd); // Reopen the file for reading and executing fd = open(filename, O_RDONLY); if (fd == -1) { perror("Error opening file for read|exec"); return 1; } int* readData = (int*)mmap(NULL, dataSize, PROT_READ | PROT_EXEC, MAP_SHARED, fd, 0); if (readData == MAP_FAILED) { perror("Error mmaping for read|exec"); close(fd); return 1; } // Assert the integer data is the same for (int i = 0; i &lt; dataSize/sizeof(int); ++i) { assert(readData[i] == i); } std::cout &lt;&lt; "Data verification succeeded!\n"; // Clean up if (munmap(readData, dataSize) == -1) { perror("Error unmapping readData"); } close(fd); unlink(filename); // Delete the file return 0; } mmap with PROT_READ | PROT_EXEC fails with EACCESS. and digging around the internet had led me to this commit: https://github.com/python/cpython/pull/109929/files what was the reasoning behind this change in the API, and where is it documented? it's quite unpleasant to find changes like that in a crucial low-level calls.

With the deprecated SecTrustGetResult API , It used to return a cert chain and cert trust status chain as well for each certificate in the chain. How can we achieve the same using SecTrustGetTrustResult. for cert chain -&gt; there is an API SecTrustCopyAnchorCertificates to retrieve cert chain But no API is there to get cert trust chain. How can we achieve the same? SecTrustGetResult https://developer.apple.com/documentation/security/1396077-sectrustgettrustresult?language=objc SecTrustGetTrustResult https://developer.apple.com/documentation/security/1524331-sectrustgetresult/ SecTrustCopyAnchorCertificates https://developer.apple.com/documentation/security/1401507-sectrustcopyanchorcertificates?language=objc