buzzert/Kordophone
Private
Public Access
1
0
Fork 0
Code Packages Activity
Files
0cb907e2adcfd84a08de5740c4c9c3b98db80cd3
Kordophone/README.md
James Magahern 0cb907e2ad Experimental SSL support
2019-01-22 23:31:36 -08:00

1.7 KiB
Raw Blame History

Entitlements

You might to enable this default to use private entitlements

sudo defaults write /Library/Preferences/com.apple.security.coderequirements Entitlements -string always

Maybe a better thing to do is to DYLD_PRELOAD imagent and swizzle IMDAuditTokenTaskHasEntitlement to always return YES.

Building/linking

If you get dyld errors running from the command line, use install_name_tool to update the @rpath (where @rpath points to where linked Frameworks like GCDWebServer is). install_name_tool -add_rpath . ./kordophoned

Running

You need to hook imagent first to bypass entitlements check. Look at hookAgent.sh

SSL

If you want to run with SSL, you have to generate a self-signed certificate, and have the Mac trust the root cert.

Generate a root cert

  1. Generate root key openssl genrsa -out Kordophone-root.key 4096
  2. Generate root certificate openssl req -x509 -new -nodes -key Kordophone-root.key -sha256 -days 1024 -out Kordophone-root.crt

Create signing certificate by signing a new cert with the root cert

  1. Generate signing key openssl genrsa -out kp.localhost.key 2048
  2. Create certificate signing request openssl req -new -key kp.localhost.key -out kp.localhost.csr
  3. Sign the cert with the root cert openssl x509 -req -in kp.localhost.csr -CA Kordophone-root.crt -CAkey Kordophone-root.key -CAcreateserial -out kp.localhost.crt -days 365 -sha256
  4. kordophoned works with a signing cert in PKCS12 format. Convert the cert and the privkey to PKCS12 openssl pkcs12 -export -in kp.localhost.crt -inkey kp.localhost.key -out certificate.p12 -name "Kordophone"

Start kordophone with the SSL options and provide the p12

kordophoned -s -c certificate.p12