Difference between revisions of "AppleMobileFileIntegrity"

From The iPhone Wiki
Jump to: navigation, search
(Created page with "AppleMobileFileIntegrity(.kext, by its full name com.apple.driver.AppleMobileFileIntegrity) is an iOS kernel extension which serves as the corner stone of iOS's code entitlements...")
 
m (another link)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
AppleMobileFileIntegrity(.kext, by its full name com.apple.driver.AppleMobileFileIntegrity) is an iOS kernel extension which serves as the corner stone of iOS's code entitlements model. It is one of the Sandbox's (com.apple.security.sandbox) dependencies, along with com.apple.kext.AppleMatch (which, like on OS X, is responsible for parsing the Sandbox language rules).
+
[[AppleMobileFileIntegrity]](.kext), which can go by its full name com.apple.driver.AppleMobileFileIntegrity, is an [[iOS]] kernel extension which serves as the corner stone of iOS's code entitlements model. It is one of the [[Sandbox]]'s (com.apple.security.sandbox) dependencies, along with com.apple.kext.AppleMatch (which, like on OS X, is responsible for parsing the Sandbox language rules).
 
Affectionately known as amfi, this kext can be found in the iOS 5.0 iPod 4,1 kernel around 0x805E499C (start) and 0x805E3EE8 (Initialization function). The latter function registers a MAC policy (using the kernel exported mac_policy_register), which is used to hook various system operations and enforce Apple's tight security policy.
 
   
  +
Affectionately known as [[AppleMobileFileIntegrity|AMFI]], this kext can be found in the iOS 5.0 iPod 4,1 kernel around 0x805E499C (start) and 0x805E3EE8 (Initialization function). The latter function registers a MAC policy (using the kernel exported mac_policy_register), which is used to hook various system operations and enforce Apple's tight security policy.
   
 
This kext recognizes the task_for_pid-allow entitlement (among others) and is responsible for hooking this Mach call, which retrieves the Mach task port associated with a BSD process identifier. Given this port, one can usurp control of the task/PID, reading and writing its memory, debugging, etc. It is therefore enabled only if the binary is digitally signed with a proper entitlement file, specifying task_for_pid-allow.
 
This kext recognizes the task_for_pid-allow entitlement (among others) and is responsible for hooking this Mach call, which retrieves the Mach task port associated with a BSD process identifier. Given this port, one can usurp control of the task/PID, reading and writing its memory, debugging, etc. It is therefore enabled only if the binary is digitally signed with a proper entitlement file, specifying task_for_pid-allow.
   
 
The amfi kext recognizes quite a few boot-args, including:
 
The amfi kext recognizes quite a few boot-args, including:
  +
* PE_i_can_has_debugger (see also [[PE i can has debugger Patch|patch]])
  +
* '''amfi_unrestrict_task_for_pid''' - Allowing the above to proceed even without entitlement
  +
* '''amfi_allow_any_signature''' - Allowing any digital signature on code, not just Apple's
  +
* '''amfi_get_out_of_my_way''' - disable amfi
  +
* '''cs_enforcement_disable''' - Disable code signing enforcement
  +
* '''cs_debug''' - Debug code signing
   
  +
===See also===
PE_i_can_has_debugger
 
  +
*[[AMFI Binary Trust Cache Patch]]
amfi_unrestrict_task_for_pid - Allowing the above to proceed even without entitlement
 
amfi_allow_any_signature - Allowing any digital signature on code, not just Apple's
 
amfi_get_out_of_my_way - disable amfi
 
cs_enforcement_disable - Disable code signing enforcement
 
cs_debug - Debug code signing
 

Latest revision as of 20:28, 15 February 2012

AppleMobileFileIntegrity(.kext), which can go by its full name com.apple.driver.AppleMobileFileIntegrity, is an iOS kernel extension which serves as the corner stone of iOS's code entitlements model. It is one of the Sandbox's (com.apple.security.sandbox) dependencies, along with com.apple.kext.AppleMatch (which, like on OS X, is responsible for parsing the Sandbox language rules).

Affectionately known as AMFI, this kext can be found in the iOS 5.0 iPod 4,1 kernel around 0x805E499C (start) and 0x805E3EE8 (Initialization function). The latter function registers a MAC policy (using the kernel exported mac_policy_register), which is used to hook various system operations and enforce Apple's tight security policy.

This kext recognizes the task_for_pid-allow entitlement (among others) and is responsible for hooking this Mach call, which retrieves the Mach task port associated with a BSD process identifier. Given this port, one can usurp control of the task/PID, reading and writing its memory, debugging, etc. It is therefore enabled only if the binary is digitally signed with a proper entitlement file, specifying task_for_pid-allow.

The amfi kext recognizes quite a few boot-args, including:

  • PE_i_can_has_debugger (see also patch)
  • amfi_unrestrict_task_for_pid - Allowing the above to proceed even without entitlement
  • amfi_allow_any_signature - Allowing any digital signature on code, not just Apple's
  • amfi_get_out_of_my_way - disable amfi
  • cs_enforcement_disable - Disable code signing enforcement
  • cs_debug - Debug code signing

See also