zsign POC

Author: hugeBlack

.gitignore

@@ -3,4 +3,5 @@ packages/
 .DS_Store
 LiveContainer.xcodeproj
 project.xcworkspace
-xcuserdata
+xcuserdata
+Resources/Frameworks/OpenSSL.framework

LiveContainerSwiftUI/LCAppBanner.swift

@@ -239,9 +239,12 @@ struct LCAppBanner : View {
             Text("lc.appBanner.waitForJitMsg".loc)
         }
 
-        .alert("lc.common.error".loc, isPresented: $errorShow) {
+        .alert("lc.common.error".loc, isPresented: $errorShow){
             Button("lc.common.ok".loc, action: {
             })
+            Button("lc.common.copy".loc, action: {
+                copyError()
+            })
         } message: {
             Text(errorInfo)
         }
@@ -386,6 +389,10 @@ struct LCAppBanner : View {
 
         return ans
     }
+    
+    func copyError() {
+        UIPasteboard.general.string = errorInfo
+    }
 
 }
 

LiveContainerSwiftUI/LCAppListView.swift

@@ -194,8 +194,14 @@ struct LCAppListView : View, LCAppBannerDelegate, LCAppModelDelegate {
 
         }
         .navigationViewStyle(StackNavigationViewStyle())
-        .alert(isPresented: $errorShow){
-            Alert(title: Text("lc.common.error".loc), message: Text(errorInfo))
+        .alert("lc.common.error".loc, isPresented: $errorShow){
+            Button("lc.common.ok".loc, action: {
+            })
+            Button("lc.common.copy".loc, action: {
+                copyError()
+            })
+        } message: {
+            Text(errorInfo)
         }
         .fileImporter(isPresented: $choosingIPA, allowedContentTypes: [.ipa]) { result in
             Task { await startInstallApp(result) }
@@ -400,11 +406,13 @@ struct LCAppListView : View, LCAppBannerDelegate, LCAppModelDelegate {
             if sameBundleIdApp.count > 0 && !sharedModel.isHiddenAppUnlocked {
                 do {
                     if !(try await LCUtils.authenticateUser()) {
+                        self.installprogressVisible = false
                         return
                     }
                 } catch {
                     errorInfo = error.localizedDescription
                     errorShow = true
+                    self.installprogressVisible = false
                     return
                 }
             }
@@ -451,6 +459,7 @@ struct LCAppListView : View, LCAppBannerDelegate, LCAppModelDelegate {
         }
         var signError : String? = nil
         await withCheckedContinuation({ c in
+            finalNewApp.signer = Signer(rawValue: LCUtils.appGroupUserDefault.integer(forKey: "LCDefaultSigner"))!
             finalNewApp.patchExecAndSignIfNeed(completionHandler: { error in
                 signError = error
                 c.resume()
@@ -473,6 +482,7 @@ struct LCAppListView : View, LCAppBannerDelegate, LCAppModelDelegate {
             finalNewApp.doSymlinkInbox = appToReplace.appInfo.doSymlinkInbox
             finalNewApp.setDataUUID(appToReplace.appInfo.getDataUUIDNoAssign())
             finalNewApp.setTweakFolder(appToReplace.appInfo.tweakFolder())
+            finalNewApp.signer = appToReplace.appInfo.signer
         }
         DispatchQueue.main.async {
             if let appToReplace {
@@ -602,4 +612,8 @@ struct LCAppListView : View, LCAppBannerDelegate, LCAppModelDelegate {
         isNavigationActive = false
         navigateTo = nil
     }
+    
+    func copyError() {
+        UIPasteboard.general.string = errorInfo
+    }
 }

LiveContainerSwiftUI/LCAppModel.swift

@@ -22,6 +22,7 @@ class LCAppModel: ObservableObject, Hashable {
     @Published var uiTweakFolder : String?
     @Published var uiDoSymlinkInbox : Bool
     @Published var uiBypassAssertBarrierOnQueue : Bool
+    @Published var uiSigner : Signer
 
     var jitAlert : YesNoHelper? = nil
 
@@ -43,6 +44,7 @@ class LCAppModel: ObservableObject, Hashable {
         self.uiTweakFolder = appInfo.tweakFolder()
         self.uiDoSymlinkInbox = appInfo.doSymlinkInbox
         self.uiBypassAssertBarrierOnQueue = appInfo.bypassAssertBarrierOnQueue
+        self.uiSigner = appInfo.signer
     }
 
     static func == (lhs: LCAppModel, rhs: LCAppModel) -> Bool {

LiveContainerSwiftUI/LCAppSettingsView.swift

@@ -178,6 +178,16 @@ struct LCAppSettingsView : View{
                 }
             }
 
+            Picker(selection: $model.uiSigner) {
+                Text("ZSign").tag(Signer.ZSign)
+                Text("AltSigner").tag(Signer.AltSigner)
+                    
+            } label: {
+                Text("Signer")
+            }
+            .onChange(of: model.uiSigner, perform: { newValue in
+                Task { await setSigner(newValue) }
+            })
 
             Section {
                 Toggle(isOn: $model.uiDoSymlinkInbox) {
@@ -399,6 +409,12 @@ struct LCAppSettingsView : View{
 
     }
 
+    func setSigner(_ signer: Signer) async {
+        appInfo.signer = signer
+        model.uiSigner = signer
+
+    }
+    
     func setSimlinkInbox(_ simlinkInbox : Bool) async {
         appInfo.doSymlinkInbox = simlinkInbox
         model.uiDoSymlinkInbox = simlinkInbox

LiveContainerSwiftUI/LCSettingsView.swift

@@ -26,6 +26,7 @@ struct LCSettingsView: View {
     @State private var isAltStorePatched = false
 
     @State var isJitLessEnabled = false
+    @State var defaultSigner = Signer.ZSign
 
     @State var isAltCertIgnored = false
     @State var frameShortIcon = false
@@ -43,6 +44,8 @@ struct LCSettingsView: View {
 
     init(apps: Binding<[LCAppModel]>, hiddenApps: Binding<[LCAppModel]>, appDataFolderNames: Binding<[String]>) {
         _isJitLessEnabled = State(initialValue: LCUtils.certificatePassword() != nil)
+        _defaultSigner = State(initialValue: Signer(rawValue: LCUtils.appGroupUserDefault.integer(forKey: "LCDefaultSigner"))!)
+        
         _isAltCertIgnored = State(initialValue: UserDefaults.standard.bool(forKey: "LCIgnoreALTCertificate"))
         _frameShortIcon = State(initialValue: UserDefaults.standard.bool(forKey: "LCFrameShortcutIcons"))
         _silentSwitchApp = State(initialValue: UserDefaults.standard.bool(forKey: "LCSwitchAppWithoutAsking"))
@@ -95,6 +98,15 @@ struct LCSettingsView: View {
                                 }
                             }
                         }
+                        
+                        Picker(selection: $defaultSigner) {
+                            Text("ZSign").tag(Signer.ZSign)
+                            Text("AltSigner").tag(Signer.AltSigner)
+                                
+                        } label: {
+                            Text("Default Signer")
+                        }
+                        
 
                     } header: {
                         Text("lc.settings.jitLess".loc)
@@ -339,6 +351,9 @@ struct LCSettingsView: View {
             .onChange(of: sideJITServerAddress) { newValue in
                 saveAppGroupItem(key: "LCSideJITServerAddress", val: newValue)
             }
+            .onChange(of: defaultSigner) { newValue in
+                saveAppGroupItem(key: "LCDefaultSigner", val: newValue.rawValue)
+            }
         }
         .navigationViewStyle(StackNavigationViewStyle())
 

LiveContainerSwiftUI/Localizable.xcstrings

@@ -660,13 +660,13 @@
         "en" : {
           "stringUnit" : {
             "state" : "translated",
-            "value" : "Bundle Identifier"
+            "value" : "Bundle Folder"
           }
         },
         "zh_CN" : {
           "stringUnit" : {
             "state" : "translated",
-            "value" : "包名"
+            "value" : "包文件名"
           }
         }
       }

LiveContainerUI/LCAppInfo.h

@@ -1,5 +1,6 @@
 #import <Foundation/Foundation.h>
 #import <UIKit/UIKit.h>
+#import "LCUtils.h"
 
 @interface LCAppInfo : NSObject {
    NSMutableDictionary* _info;
@@ -13,6 +14,7 @@
 @property bool doSymlinkInbox;
 @property bool bypassAssertBarrierOnQueue;
 @property UIColor* cachedColor;
+@property Signer signer;
 
 - (void)setBundlePath:(NSString*)newBundlePath;
 - (NSMutableDictionary*)info;
@@ -30,5 +32,5 @@
 - (instancetype)initWithBundlePath:(NSString*)bundlePath;
 - (NSDictionary *)generateWebClipConfig;
 - (void)save;
-- (void)patchExecAndSignIfNeedWithCompletionHandler:(void(^)(NSString* errorInfo))completetionHandler progressHandler:(void(^)(NSProgress* errorInfo))progressHandler  forceSign:(BOOL)forceSign;
+- (void)patchExecAndSignIfNeedWithCompletionHandler:(void(^)(NSString* errorInfo))completetionHandler progressHandler:(void(^)(NSProgress* progress))progressHandler  forceSign:(BOOL)forceSign;
 @end

LiveContainerUI/LCAppInfo.m

@@ -181,7 +181,7 @@ - (void)preprocessBundleBeforeSiging:(NSURL *)bundleURL completion:(dispatch_blo
 }
 
 // return "SignNeeded" if sign is needed, other wise return an error
-- (void)patchExecAndSignIfNeedWithCompletionHandler:(void(^)(NSString* errorInfo))completetionHandler progressHandler:(void(^)(NSProgress* errorInfo))progressHandler forceSign:(BOOL)forceSign {
+- (void)patchExecAndSignIfNeedWithCompletionHandler:(void(^)(NSString* errorInfo))completetionHandler progressHandler:(void(^)(NSProgress* progress))progressHandler forceSign:(BOOL)forceSign {
     NSString *appPath = self.bundlePath;
     NSString *infoPath = [NSString stringWithFormat:@"%@/Info.plist", appPath];
     NSMutableDictionary *info = _info;
@@ -243,9 +243,8 @@ - (void)patchExecAndSignIfNeedWithCompletionHandler:(void(^)(NSString* errorInfo
             info[@"CFBundleIdentifier"] = info[@"LCBundleIdentifier"];
             [info removeObjectForKey:@"LCBundleExecutable"];
             [info removeObjectForKey:@"LCBundleIdentifier"];
-
-            __block NSProgress *progress = [LCUtils signAppBundle:appPathURL
-            completionHandler:^(BOOL success, NSError *_Nullable error) {
+            
+            void (^signCompletionHandler)(BOOL success, NSError *error)  = ^(BOOL success, NSError *_Nullable error) {
                 dispatch_async(dispatch_get_main_queue(), ^{
                     if (!error) {
                         info[@"LCJITLessSignID"] = @(signID);
@@ -267,7 +266,25 @@ - (void)patchExecAndSignIfNeedWithCompletionHandler:(void(^)(NSString* errorInfo
                     }
 
                 });
-            }];
+            };
+            
+            __block NSProgress *progress;
+            
+            switch ([self signer]) {
+                case ZSign:
+                    NSLog(@"[LC] using ZSign");
+                    progress = [LCUtils signAppBundleWithZSign:appPathURL execName:info[@"CFBundleExecutable"] completionHandler:signCompletionHandler];
+                    break;
+                case AltSigner:
+                    NSLog(@"[LC] using AltSigner");
+                    progress = [LCUtils signAppBundle:appPathURL completionHandler:signCompletionHandler];
+                    break;
+                    
+                default:
+                    completetionHandler(@"Signer Not Found");
+                    break;
+            }
+
             if (progress) {
                 progressHandler(progress);
             }
@@ -345,6 +362,17 @@ - (void)setBypassAssertBarrierOnQueue:(bool)enabled {
 
 }
 
+- (Signer)signer {
+    return (Signer) [((NSNumber*) _info[@"signer"]) intValue];
+
+}
+- (void)setSigner:(Signer)newSigner {
+    _info[@"signer"] = [NSNumber numberWithInt:(int) newSigner];
+    NSLog(@"[LC] new signer = %d", (int) newSigner);
+    [self save];
+    
+}
+
 - (UIColor*)cachedColor {
     if(_info[@"cachedColor"] != nil) {
         NSData *colorData = _info[@"cachedColor"];

LiveContainerUI/LCUtils.h

@@ -7,6 +7,11 @@ typedef NS_ENUM(NSInteger, Store){
     AltStore
 };
 
+typedef NS_ENUM(NSInteger, Signer){
+    ZSign = 0,
+    AltSigner = 1
+};
+
 NSString *LCParseMachO(const char *path, LCParseMachOCallback callback);
 void LCPatchAddRPath(const char *path, struct mach_header_64 *header);
 void LCPatchExecSlice(const char *path, struct mach_header_64 *header);
@@ -37,7 +42,7 @@ void LCPatchAltStore(const char *path, struct mach_header_64 *header);
 
 + (void)removeCodeSignatureFromBundleURL:(NSURL *)appURL;
 + (NSProgress *)signAppBundle:(NSURL *)path completionHandler:(void (^)(BOOL success, NSError *error))completionHandler;
-
++ (NSProgress *)signAppBundleWithZSign:(NSURL *)path execName:(NSString*)execName completionHandler:(void (^)(BOOL success, NSError *error))completionHandler;
 + (BOOL)isAppGroupAltStoreLike;
 + (Store)store;
 + (NSString *)appGroupID;

LiveContainerUI/LCUtils.m

@@ -5,6 +5,7 @@
 #import "AltStoreCore/ALTSigner.h"
 #import "LCUtils.h"
 #import "LCVersionInfo.h"
+#import "../zsign/zsigner.h"
 
 @implementation LCUtils
 
@@ -134,6 +135,16 @@ + (void)loadStoreFrameworksWithError:(NSError **)error {
     loaded = YES;
 }
 
++ (void)loadStoreFrameworksWithError2:(NSError **)error {
+    // too lazy to use dispatch_once
+    static BOOL loaded = NO;
+    if (loaded) return;
+
+    dlopen("@executable_path/Frameworks/ZSign.dylib", RTLD_GLOBAL);
+    
+    loaded = YES;
+}
+
 + (NSString *)storeBundleID {
     // Assuming this format never changes...
     // group.BUNDLEID.YOURTEAMID
@@ -233,6 +244,27 @@ + (NSProgress *)signAppBundle:(NSURL *)path completionHandler:(void (^)(BOOL suc
     return [signer signAppAtURL:path provisioningProfiles:@[(id)profile] completionHandler:completionHandler];
 }
 
++ (NSProgress *)signAppBundleWithZSign:(NSURL *)path execName:(NSString*)execName completionHandler:(void (^)(BOOL success, NSError *error))completionHandler {
+    NSError *error;
+
+    // use zsign as our signer~
+    NSURL *profilePath = [NSBundle.mainBundle URLForResource:@"embedded" withExtension:@"mobileprovision"];
+    NSData *profileData = [NSData dataWithContentsOfURL:profilePath];
+    // Load libraries from Documents, yeah
+    [self loadStoreFrameworksWithError2:&error];
+
+    if (error) {
+        completionHandler(NO, error);
+        return nil;
+    }
+
+    NSLog(@"[LC] starting signing...");
+    
+    NSProgress* ans = [NSClassFromString(@"ZSigner") signWithAppPath:[path path] execName:execName prov:profileData key: self.certificateData pass:self.certificatePassword completionHandler:completionHandler];
+    
+    return ans;
+}
+
 #pragma mark Setup
 
 + (NSString *)appGroupID {

Makefile

@@ -19,7 +19,7 @@ $(APPLICATION_NAME)_FRAMEWORKS = UIKit
 
 include $(THEOS_MAKE_PATH)/application.mk
 
-SUBPROJECTS += LiveContainerUI TweakLoader TestJITLess LiveContainerSwiftUI AltStoreTweak
+SUBPROJECTS += ZSign LiveContainerUI TweakLoader TestJITLess LiveContainerSwiftUI AltStoreTweak
 include $(THEOS_MAKE_PATH)/aggregate.mk
 
 # Make the executable name longer so we have space to overwrite it with the guest app's name
@@ -29,3 +29,6 @@ before-package::
 	@cp $(THEOS_STAGING_DIR)/Applications/LiveContainer.app/LiveContainer $(THEOS_STAGING_DIR)/Applications/LiveContainer.app/JITLessSetup
 	@ldid -Sentitlements_setup.xml $(THEOS_STAGING_DIR)/Applications/LiveContainer.app/JITLessSetup
 	@mv $(THEOS_STAGING_DIR)/Applications/LiveContainer.app/LiveContainer $(THEOS_STAGING_DIR)/Applications/LiveContainer.app/LiveContainer_PleaseDoNotShortenTheExecutableNameBecauseItIsUsedToReserveSpaceForOverwritingThankYou
+
+before-all::
+	@sh ./download_openssl.sh

download_openssl.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+if [ -d "$THEOS/lib/OpenSSL.framework" ]; then
+	echo "OpenSSL.framework already exists in $THEOS/lib"
+else
+	echo "OpenSSL.framework not found. Downloading..."
+
+	curl -L "https://github.com/HAHALOSAH/OpenSSL-Swift/releases/download/3.1.5004/OpenSSL.xcframework.zip" -o "OpenSSL.xcframework.zip"
+
+	unzip -q "OpenSSL.xcframework.zip" -d .
+
+	mkdir -p "$THEOS/lib"
+	mv "OpenSSL.xcframework/ios-arm64/OpenSSL.framework" "$THEOS/lib"
+
+	rm -f "OpenSSL.xcframework.zip"
+	rm -rf "OpenSSL.xcframework"
+
+	echo "OpenSSL.framework has been installed to $THEOS/lib"
+fi
+
+if [ ! -d "./Resources/Frameworks/OpenSSL.framework" ]; then
+    rsync -av --exclude 'Headers' "$THEOS/lib/OpenSSL.framework" "./Resources/Frameworks"
+fi