Instantly share code, notes, and snippets.

Embed
What would you like to do?
Receigen dumper shell script to help diagnose receipt validation issues
#!/bin/bash
#
# Copyright (c) 2011-2014 Laurent Etiemble (laurent dot etiemble at gmail dot com)
#
# This script is provided as-is without any warranties. Use it at your own risks.
#
# Get parameter
APP_BUNDLE=$1
# Locate essential files
RECEIPT_FILE="$APP_BUNDLE/Contents/_MASReceipt/receipt"
INFO_PLIST="$APP_BUNDLE/Contents/Info.plist"
# Temporary file to work
TEMP_FILE="/var/tmp/$$.dump"
# A great buddy
PLIST_BUDDY="/usr/libexec/PlistBuddy"
# Check that the parameter is provided
if [ "x$APP_BUNDLE" == "x" ]; then
echo "Please provide a valid application bundle"
exit -1
fi
echo "==========================="
echo "===== Receigen Dumper ====="
echo "==========================="
echo ""
# Display computer information
echo "----- BEGIN HARDWARE INFORMATION -----"
UNAME=`uname -a`
MAC_ADDRESS=`ifconfig en0 | grep "ether" | sed -e "s/ether//" | xargs echo`
echo "System Name : $UNAME"
echo "Primary MAC Address : $MAC_ADDRESS"
echo "----- END HARDWARE INFORMATION -----"
echo ""
# Display app bundle information
echo "----- BEGIN APPLICATION INFORMATION -----"
APP_NAME=`basename "$APP_BUNDLE"`
APP_IDENTIFIER=`$PLIST_BUDDY -c "Print CFBundleIdentifier" "$INFO_PLIST"`
APP_VERSION=`$PLIST_BUDDY -c "Print CFBundleShortVersionString" "$INFO_PLIST"`
echo "Application Bundle : $APP_BUNDLE"
echo "Application Name : $APP_NAME"
echo "Application Identifier : $APP_IDENTIFIER"
echo "Application Version : $APP_VERSION"
echo ""
echo "Signature check"
echo "---------------"
codesign --verify --verbose=4 "$APP_BUNDLE"
echo ""
echo "Signature information"
echo "---------------------"
codesign --display --verbose=4 "$APP_BUNDLE"
echo ""
echo "Signed files"
echo "------------"
codesign --display --file-list - "$APP_BUNDLE"
echo ""
echo "Designated requirements"
echo "-----------------------"
codesign --display -r - "$APP_BUNDLE"
echo ""
echo "Entitlements"
echo "------------"
codesign --display --entitlements - "$APP_BUNDLE"
echo ""
echo "----- END APPLICATION INFORMATION -----"
echo ""
# Display receipt certificates
echo "----- BEGIN RECEIPT INFORMATION -----"
openssl asn1parse -inform DER -in "$RECEIPT_FILE" | egrep -A 2 "pkcs7-data" | grep "HEX DUMP" | awk -F":" '{ print $4 }' | xxd -r -p - > "$TEMP_FILE.1"
LINE=`openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 1 "SEQUENCE" | egrep "INTEGER.+:02"`
openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 2 "$LINE" | grep "HEX DUMP" | awk -F":" '{ print $4 }' | xxd -r -p - > "$TEMP_FILE.2"
RECEIPT_IDENTIFIER=`openssl asn1parse -inform DER -in "$TEMP_FILE.2" | awk -F":" '{ print $4; }'`
LINE=`openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 1 "SEQUENCE" | egrep "INTEGER.+:03"`
openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 2 "$LINE" | grep "HEX DUMP" | awk -F":" '{ print $4 }' | xxd -r -p - > "$TEMP_FILE.3"
RECEIPT_VERSION=`openssl asn1parse -inform DER -in "$TEMP_FILE.3" | awk -F":" '{ print $4; }'`
LINE=`openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 1 "SEQUENCE" | egrep "INTEGER.+:04"`
openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 2 "$LINE" | grep "HEX DUMP" | awk -F":" '{ print $4 }' > "$TEMP_FILE.4"
RECEIPT_OPAQUE=`cat "$TEMP_FILE.4"`
LINE=`openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 1 "SEQUENCE" | egrep "INTEGER.+:05"`
openssl asn1parse -inform DER -in "$TEMP_FILE.1" | egrep -A 2 "$LINE" | grep "HEX DUMP" | awk -F":" '{ print $4 }' > "$TEMP_FILE.5"
RECEIPT_SHA1=`cat "$TEMP_FILE.5"`
echo "Receipt identifier : $RECEIPT_IDENTIFIER"
echo "Receipt version : $RECEIPT_VERSION"
echo "Receipt opaque : $RECEIPT_OPAQUE"
echo "Receipt SHA-1 : $RECEIPT_SHA1"
echo ""
openssl pkcs7 -inform DER -in "$RECEIPT_FILE" -noout -print_certs
rm -f "TEMP_FILE.1"
rm -f "TEMP_FILE.2"
rm -f "TEMP_FILE.3"
rm -f "TEMP_FILE.4"
rm -f "TEMP_FILE.5"
echo "----- END RECEIPT INFORMATION -----"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment