Skip to content

Instantly share code, notes, and snippets.

@pudquick
Created January 17, 2016 04:05
Show Gist options
  • Save pudquick/0e7d366d2e3623c5bb95 to your computer and use it in GitHub Desktop.
Save pudquick/0e7d366d2e3623c5bb95 to your computer and use it in GitHub Desktop.
Getting an unsigned plist / mobileconfig from a signed one in python on OS X with pyObjC
import objc
from Foundation import NSBundle
Security_bundle = NSBundle.bundleWithIdentifier_('com.apple.security')
CMSDecoderRef = objc.createOpaquePointerType("CMSDecoderRef", b"^{CMSDecoder}", None)
functions = [('CMSDecoderCreate', b'io^^{CMSDecoder}'),
('CMSDecoderUpdateMessage', b'i^{CMSDecoder}*I'),
('CMSDecoderFinalizeMessage', b'i^{CMSDecoder}',),
('CMSDecoderCopyContent', b'i^{CMSDecoder}o^^{__CFData}')]
objc.loadBundleFunctions(Security_bundle, globals(), functions)
f = open('Example.mobileconfig.signed', 'rb')
signed_plist = f.read()
f.close()
err, decoder = CMSDecoderCreate(None)
err = CMSDecoderUpdateMessage(decoder, signed_plist, len(signed_plist))
err = CMSDecoderFinalizeMessage(decoder)
err, unsigned_data = CMSDecoderCopyContent(decoder, None)
plist_bytes = unsigned_data.bytes().tobytes()
@lsowen
Copy link

lsowen commented Nov 10, 2017

While not python, this stackexchange answer shows how to do the same thing with openssl cli: https://apple.stackexchange.com/a/105982

openssl smime -inform DER -verify -in ~/Settings.mobileconfig -noverify -out ~/Unsigned.mobileconfig

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment