Skip to content

Commit d3079dc

Browse files
rileytestutrileytestut
committed
Detects correct WWDR intermediate certificate
Some Apple IDs (especially paid developer accounts) are still using the legacy WWDR certificate, so we now choose the correct one to use at runtime.
1 parent e33437a commit d3079dc

1 file changed

Lines changed: 42 additions & 2 deletions

File tree

AltSign/Signer.cpp

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,33 @@ const char* AppleWWDRCertificateData = ""
8282
"UDSdlTs=\n"
8383
"-----END CERTIFICATE-----\n";
8484

85+
const char* LegacyAppleWWDRCertificateData = ""
86+
"-----BEGIN CERTIFICATE-----\n"
87+
"MIIEIjCCAwqgAwIBAgIIAd68xDltoBAwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE\n"
88+
"BhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRp\n"
89+
"ZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTEz\n"
90+
"MDIwNzIxNDg0N1oXDTIzMDIwNzIxNDg0N1owgZYxCzAJBgNVBAYTAlVTMRMwEQYD\n"
91+
"VQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3JsZHdpZGUgRGV2ZWxv\n"
92+
"cGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3aWRlIERldmVsb3Bl\n"
93+
"ciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3\n"
94+
"DQEBAQUAA4IBDwAwggEKAoIBAQDKOFSmy1aqyCQ5SOmM7uxfuH8mkbw0U3rOfGOA\n"
95+
"YXdkXqUHI7Y5/lAtFVZYcC1+xG7BSoU+L/DehBqhV8mvexj/avoVEkkVCBmsqtsq\n"
96+
"Mu2WY2hSFT2Miuy/axiV4AOsAX2XBWfODoWVN2rtCbauZ81RZJ/GXNG8V25nNYB2\n"
97+
"NqSHgW44j9grFU57Jdhav06DwY3Sk9UacbVgnJ0zTlX5ElgMhrgWDcHld0WNUEi6\n"
98+
"Ky3klIXh6MSdxmilsKP8Z35wugJZS3dCkTm59c3hTO/AO0iMpuUhXf1qarunFjVg\n"
99+
"0uat80YpyejDi+l5wGphZxWy8P3laLxiX27Pmd3vG2P+kmWrAgMBAAGjgaYwgaMw\n"
100+
"HQYDVR0OBBYEFIgnFwmpthhgi+zruvZHWcVSVKO3MA8GA1UdEwEB/wQFMAMBAf8w\n"
101+
"HwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wLgYDVR0fBCcwJTAjoCGg\n"
102+
"H4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5jcmwwDgYDVR0PAQH/BAQDAgGG\n"
103+
"MBAGCiqGSIb3Y2QGAgEEAgUAMA0GCSqGSIb3DQEBBQUAA4IBAQBPz+9Zviz1smwv\n"
104+
"j+4ThzLoBTWobot9yWkMudkXvHcs1Gfi/ZptOllc34MBvbKuKmFysa/Nw0Uwj6OD\n"
105+
"Dc4dR7Txk4qjdJukw5hyhzs+r0ULklS5MruQGFNrCk4QttkdUGwhgAqJTleMa1s8\n"
106+
"Pab93vcNIx0LSiaHP7qRkkykGRIZbVf1eliHe2iK5IaMSuviSRSqpd1VAKmuu0sw\n"
107+
"ruGgsbwpgOYJd+W+NKIByn/c4grmO7i77LpilfMFY0GCzQ87HUyVpNur+cmV6U/k\n"
108+
"TecmmYHpvPm0KdIBembhLoz2IYrF+Hjhga6/05Cdqa3zr/04GpZnMBxRpVzscYqC\n"
109+
"tGwPDBUf\n"
110+
"-----END CERTIFICATE-----\n";
111+
85112
namespace fs = std::filesystem;
86113

87114
extern std::string make_uuid();
@@ -109,14 +136,27 @@ std::string CertificatesContent(std::shared_ptr<Certificate> altCertificate)
109136
// Prepare certificate chain of trust.
110137
auto* certificates = sk_X509_new(NULL);
111138

112-
BIO* rootCertificateBuffer = BIO_new_mem_buf(AppleRootCertificateData, strlen(AppleRootCertificateData));
139+
BIO* rootCertificateBuffer = BIO_new_mem_buf(AppleRootCertificateData, (int)strlen(AppleRootCertificateData));
140+
BIO* wwdrCertificateBuffer = NULL;
141+
142+
unsigned long issuerHash = X509_issuer_name_hash(certificate);
143+
if (issuerHash == 0x817d2f7a)
144+
{
145+
// Use legacy WWDR certificate.
146+
wwdrCertificateBuffer = BIO_new_mem_buf(LegacyAppleWWDRCertificateData, (int)strlen(LegacyAppleWWDRCertificateData));
147+
}
148+
else
149+
{
150+
// Use latest WWDR certificate.
151+
wwdrCertificateBuffer = BIO_new_mem_buf(AppleWWDRCertificateData, (int)strlen(AppleWWDRCertificateData));
152+
}
153+
113154
auto rootCertificate = PEM_read_bio_X509(rootCertificateBuffer, NULL, NULL, NULL);
114155
if (rootCertificate != NULL)
115156
{
116157
sk_X509_push(certificates, rootCertificate);
117158
}
118159

119-
BIO* wwdrCertificateBuffer = BIO_new_mem_buf(AppleWWDRCertificateData, strlen(AppleWWDRCertificateData));
120160
auto wwdrCertificate = PEM_read_bio_X509(wwdrCertificateBuffer, NULL, NULL, NULL);
121161
if (wwdrCertificate != NULL)
122162
{

0 commit comments

Comments
 (0)