2018-11-12 20:10:46 -08:00
# Entitlements
You might to enable this default to use private entitlements
```
sudo defaults write /Library/Preferences/com.apple.security.coderequirements Entitlements -string always
```
Maybe a better thing to do is to DYLD_PRELOAD `imagent` and swizzle `IMDAuditTokenTaskHasEntitlement` to always return YES.
2018-11-13 22:39:03 -08:00
## Building/linking
If you get dyld errors running from the command line, use `install_name_tool` to update the @rpath (where @rpath points to where linked Frameworks like GCDWebServer is).
`install_name_tool -add_rpath . ./kordophoned`
## Running
You need to hook imagent first to bypass entitlements check. Look at `hookAgent.sh`
2019-01-22 23:31:36 -08:00
## SSL
If you want to run with SSL, you have to generate a self-signed certificate, and have the Mac trust the root cert.
### Generate a root cert
1. Generate root key
`openssl genrsa -out Kordophone-root.key 4096`
2. Generate root certificate
`openssl req -x509 -new -nodes -key Kordophone-root.key -sha256 -days 1024 -out Kordophone-root.crt`
2019-01-22 23:32:35 -08:00
3. Add this certificate to the Mac's trust store via Keychain Access. Set to "Always Trust"
2019-01-22 23:31:36 -08:00
### Create signing certificate by signing a new cert with the root cert
1. Generate signing key
`openssl genrsa -out kp.localhost.key 2048`
2. Create certificate signing request
`openssl req -new -key kp.localhost.key -out kp.localhost.csr`
3. Sign the cert with the root cert
`openssl x509 -req -in kp.localhost.csr -CA Kordophone-root.crt -CAkey Kordophone-root.key -CAcreateserial -out kp.localhost.crt -days 365 -sha256`
4. kordophoned works with a signing cert in PKCS12 format. Convert the cert and the privkey to PKCS12
`openssl pkcs12 -export -in kp.localhost.crt -inkey kp.localhost.key -out certificate.p12 -name "Kordophone"`
### Start kordophone with the SSL options and provide the p12
`kordophoned -s -c certificate.p12`
