├── .gitignore ├── LICENSE.txt ├── PasscodeCheck.podspec ├── PasscodeSet ├── .DS_Store ├── Images.xcassets │ ├── AppIcon-2.appiconset │ │ ├── Contents.json │ │ ├── Icon-60.png │ │ └── imas.png │ ├── AppIcon-3.appiconset │ │ └── Contents.json │ ├── AppIcon-4.appiconset │ │ └── Contents.json │ └── AppIcon.appiconset │ │ ├── Contents.json │ │ ├── Icon-40.png │ │ ├── Icon-40@2x.png │ │ ├── Icon-60@2x.png │ │ ├── Icon-72.png │ │ ├── Icon-72@2x.png │ │ ├── Icon-76.png │ │ ├── Icon-76@2x.png │ │ ├── Icon-Small-50.png │ │ ├── Icon-Small-50@2x.png │ │ ├── Icon-Small.png │ │ ├── Icon-Small@2x.png │ │ ├── Icon.png │ │ └── Icon@2x.png ├── Media.xcassets │ ├── AppIcon.appiconset │ │ ├── Contents.json │ │ ├── Icon-40.png │ │ ├── Icon-60-1.png │ │ ├── Icon-60-2.png │ │ ├── Icon-60.png │ │ ├── Icon-Small-1.png │ │ └── Icon-Small.png │ └── LaunchImage.launchimage │ │ └── Contents.json ├── PasscodeSet.xcodeproj │ ├── project.pbxproj │ ├── project.xcworkspace │ │ ├── contents.xcworkspacedata │ │ └── xcuserdata │ │ │ └── gganley.xcuserdatad │ │ │ ├── UserInterfaceState.xcuserstate │ │ │ └── WorkspaceSettings.xcsettings │ └── xcuserdata │ │ └── gganley.xcuserdatad │ │ └── xcschemes │ │ ├── PasscodeSet.xcscheme │ │ └── xcschememanagement.plist ├── PasscodeSet │ ├── PasscodeSet-Info.plist │ ├── PasscodeSet-Prefix.pch │ ├── en.lproj │ │ ├── InfoPlist.strings │ │ └── MainStoryboard.storyboard │ ├── iMASAppDelegate.h │ ├── iMASAppDelegate.m │ ├── iMASViewController.h │ ├── iMASViewController.m │ ├── iMAS_PasscodeCheck.h │ ├── iMAS_PasscodeCheck.m │ ├── main.m │ └── passcodeCheckCert.der └── imas.png ├── README.md ├── certs ├── ca.crt ├── ca.key ├── iMAS_PasscodeCheckConfigProfile.mobileconfig ├── iMAS_RootCA.der ├── ia.crt ├── ia.csr ├── ia.key └── passcodeCheckCert.der └── passcode-check.png /.gitignore: -------------------------------------------------------------------------------- 1 | # Xcode 2 | .DS_Store 3 | build/ 4 | *.pbxuser 5 | !default.pbxuser 6 | *.mode1v3 7 | !default.mode1v3 8 | *.mode2v3 9 | !default.mode2v3 10 | *.perspectivev3 11 | !default.perspectivev3 12 | *.xcworkspace 13 | !default.xcworkspace 14 | xcuserdata 15 | profile 16 | *.moved-aside 17 | DerivedData 18 | .idea/ 19 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2014 The MITRE Corporation 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /PasscodeCheck.podspec: -------------------------------------------------------------------------------- 1 | Pod::Spec.new do |s| 2 | s.name = 'PasscodeCheck' 3 | s.version = '1.0' 4 | s.license = 'Apache License 2.0' 5 | 6 | s.summary = 'iMAS pascode-check, set passcode config profiles and check for conformance' 7 | s.description = %[ 8 | iOS does not offer a simple API check for developers to assess the security level of an iOS device. iMAS - PasscodeCheck security control offers open source code, which can be easily added to any iOS application bundle and release process. 9 | ] 10 | s.homepage = 'https://github.com/project-imas/passcode-check' 11 | s.authors = { 12 | 'MITRE' => 'imas-proj-list@lists.mitre.org' 13 | } 14 | 15 | s.source = { 16 | :git => 'https://github.com/project-imas/passcode-check.git', 17 | :tag => s.version.to_s 18 | } 19 | s.source_files = 'PasscodeSet/PasscodeSet/iMAS_PasscodeCheck.{m,h}' 20 | s.frameworks = 'Security' 21 | s.platform = :ios 22 | s.ios.deployment_target = '6.1' 23 | s.requires_arc = true 24 | end -------------------------------------------------------------------------------- /PasscodeSet/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/.DS_Store -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon-2.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "idiom" : "iphone", 5 | "scale" : "2x", 6 | "size" : "57x57" 7 | }, 8 | { 9 | "size" : "57x57", 10 | "idiom" : "iphone", 11 | "filename" : "Icon-60.png", 12 | "scale" : "1x" 13 | }, 14 | { 15 | "size" : "60x60", 16 | "idiom" : "iphone", 17 | "filename" : "imas.png", 18 | "scale" : "2x" 19 | }, 20 | { 21 | "idiom" : "iphone", 22 | "scale" : "1x", 23 | "size" : "29x29" 24 | }, 25 | { 26 | "idiom" : "iphone", 27 | "scale" : "2x", 28 | "size" : "29x29" 29 | }, 30 | { 31 | "idiom" : "iphone", 32 | "scale" : "2x", 33 | "size" : "40x40" 34 | } 35 | ], 36 | "info" : { 37 | "version" : 1, 38 | "author" : "xcode" 39 | } 40 | } -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon-2.appiconset/Icon-60.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon-2.appiconset/Icon-60.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon-2.appiconset/imas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon-2.appiconset/imas.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon-3.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "idiom" : "iphone", 5 | "scale" : "1x", 6 | "size" : "57x57" 7 | }, 8 | { 9 | "idiom" : "iphone", 10 | "scale" : "2x", 11 | "size" : "57x57" 12 | }, 13 | { 14 | "idiom" : "iphone", 15 | "scale" : "2x", 16 | "size" : "60x60" 17 | }, 18 | { 19 | "idiom" : "iphone", 20 | "scale" : "1x", 21 | "size" : "29x29" 22 | }, 23 | { 24 | "idiom" : "iphone", 25 | "scale" : "2x", 26 | "size" : "29x29" 27 | }, 28 | { 29 | "idiom" : "iphone", 30 | "scale" : "2x", 31 | "size" : "40x40" 32 | } 33 | ], 34 | "info" : { 35 | "version" : 1, 36 | "author" : "xcode" 37 | } 38 | } -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon-4.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "idiom" : "iphone", 5 | "scale" : "1x", 6 | "size" : "57x57" 7 | }, 8 | { 9 | "idiom" : "iphone", 10 | "scale" : "2x", 11 | "size" : "57x57" 12 | }, 13 | { 14 | "idiom" : "iphone", 15 | "scale" : "2x", 16 | "size" : "60x60" 17 | }, 18 | { 19 | "idiom" : "iphone", 20 | "scale" : "1x", 21 | "size" : "29x29" 22 | }, 23 | { 24 | "idiom" : "iphone", 25 | "scale" : "2x", 26 | "size" : "29x29" 27 | }, 28 | { 29 | "idiom" : "iphone", 30 | "scale" : "2x", 31 | "size" : "40x40" 32 | } 33 | ], 34 | "info" : { 35 | "version" : 1, 36 | "author" : "xcode" 37 | } 38 | } -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "size" : "29x29", 5 | "idiom" : "iphone", 6 | "filename" : "Icon-Small.png", 7 | "scale" : "1x" 8 | }, 9 | { 10 | "size" : "29x29", 11 | "idiom" : "iphone", 12 | "filename" : "Icon-Small@2x.png", 13 | "scale" : "2x" 14 | }, 15 | { 16 | "size" : "40x40", 17 | "idiom" : "iphone", 18 | "filename" : "Icon-40@2x.png", 19 | "scale" : "2x" 20 | }, 21 | { 22 | "size" : "57x57", 23 | "idiom" : "iphone", 24 | "filename" : "Icon.png", 25 | "scale" : "1x" 26 | }, 27 | { 28 | "size" : "57x57", 29 | "idiom" : "iphone", 30 | "filename" : "Icon@2x.png", 31 | "scale" : "2x" 32 | }, 33 | { 34 | "size" : "60x60", 35 | "idiom" : "iphone", 36 | "filename" : "Icon-60@2x.png", 37 | "scale" : "2x" 38 | }, 39 | { 40 | "size" : "29x29", 41 | "idiom" : "ipad", 42 | "filename" : "Icon-Small.png", 43 | "scale" : "1x" 44 | }, 45 | { 46 | "size" : "29x29", 47 | "idiom" : "ipad", 48 | "filename" : "Icon-Small@2x.png", 49 | "scale" : "2x" 50 | }, 51 | { 52 | "size" : "40x40", 53 | "idiom" : "ipad", 54 | "filename" : "Icon-40.png", 55 | "scale" : "1x" 56 | }, 57 | { 58 | "size" : "40x40", 59 | "idiom" : "ipad", 60 | "filename" : "Icon-40@2x.png", 61 | "scale" : "2x" 62 | }, 63 | { 64 | "size" : "50x50", 65 | "idiom" : "ipad", 66 | "filename" : "Icon-Small-50.png", 67 | "scale" : "1x" 68 | }, 69 | { 70 | "size" : "50x50", 71 | "idiom" : "ipad", 72 | "filename" : "Icon-Small-50@2x.png", 73 | "scale" : "2x" 74 | }, 75 | { 76 | "size" : "72x72", 77 | "idiom" : "ipad", 78 | "filename" : "Icon-72.png", 79 | "scale" : "1x" 80 | }, 81 | { 82 | "size" : "72x72", 83 | "idiom" : "ipad", 84 | "filename" : "Icon-72@2x.png", 85 | "scale" : "2x" 86 | }, 87 | { 88 | "size" : "76x76", 89 | "idiom" : "ipad", 90 | "filename" : "Icon-76.png", 91 | "scale" : "1x" 92 | }, 93 | { 94 | "size" : "76x76", 95 | "idiom" : "ipad", 96 | "filename" : "Icon-76@2x.png", 97 | "scale" : "2x" 98 | } 99 | ], 100 | "info" : { 101 | "version" : 1, 102 | "author" : "xcode" 103 | } 104 | } -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-40.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-40.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-40@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-40@2x.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-60@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-60@2x.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-72.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-72.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-72@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-72@2x.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-76.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-76.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-76@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-76@2x.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small-50.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small-50.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small-50@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small-50@2x.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon-Small@2x.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon.png -------------------------------------------------------------------------------- /PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Images.xcassets/AppIcon.appiconset/Icon@2x.png -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "size" : "29x29", 5 | "idiom" : "iphone", 6 | "filename" : "Icon-Small-1.png", 7 | "scale" : "1x" 8 | }, 9 | { 10 | "size" : "29x29", 11 | "idiom" : "iphone", 12 | "filename" : "Icon-Small.png", 13 | "scale" : "2x" 14 | }, 15 | { 16 | "size" : "40x40", 17 | "idiom" : "iphone", 18 | "filename" : "Icon-40.png", 19 | "scale" : "2x" 20 | }, 21 | { 22 | "size" : "57x57", 23 | "idiom" : "iphone", 24 | "filename" : "Icon-60-2.png", 25 | "scale" : "1x" 26 | }, 27 | { 28 | "size" : "57x57", 29 | "idiom" : "iphone", 30 | "filename" : "Icon-60-1.png", 31 | "scale" : "2x" 32 | }, 33 | { 34 | "size" : "60x60", 35 | "idiom" : "iphone", 36 | "filename" : "Icon-60.png", 37 | "scale" : "2x" 38 | } 39 | ], 40 | "info" : { 41 | "version" : 1, 42 | "author" : "xcode" 43 | } 44 | } -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-40.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-40.png -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-60-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-60-1.png -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-60-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-60-2.png -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-60.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-60.png -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-Small-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-Small-1.png -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-Small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/Media.xcassets/AppIcon.appiconset/Icon-Small.png -------------------------------------------------------------------------------- /PasscodeSet/Media.xcassets/LaunchImage.launchimage/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "orientation" : "portrait", 5 | "idiom" : "iphone", 6 | "extent" : "full-screen", 7 | "minimum-system-version" : "7.0", 8 | "scale" : "2x" 9 | }, 10 | { 11 | "orientation" : "portrait", 12 | "idiom" : "iphone", 13 | "extent" : "full-screen", 14 | "minimum-system-version" : "7.0", 15 | "subtype" : "retina4", 16 | "scale" : "2x" 17 | }, 18 | { 19 | "orientation" : "portrait", 20 | "idiom" : "ipad", 21 | "extent" : "full-screen", 22 | "minimum-system-version" : "7.0", 23 | "scale" : "1x" 24 | }, 25 | { 26 | "orientation" : "landscape", 27 | "idiom" : "ipad", 28 | "extent" : "full-screen", 29 | "minimum-system-version" : "7.0", 30 | "scale" : "1x" 31 | }, 32 | { 33 | "orientation" : "portrait", 34 | "idiom" : "ipad", 35 | "extent" : "full-screen", 36 | "minimum-system-version" : "7.0", 37 | "scale" : "2x" 38 | }, 39 | { 40 | "orientation" : "landscape", 41 | "idiom" : "ipad", 42 | "extent" : "full-screen", 43 | "minimum-system-version" : "7.0", 44 | "scale" : "2x" 45 | }, 46 | { 47 | "orientation" : "portrait", 48 | "idiom" : "iphone", 49 | "extent" : "full-screen", 50 | "scale" : "1x" 51 | }, 52 | { 53 | "orientation" : "portrait", 54 | "idiom" : "iphone", 55 | "extent" : "full-screen", 56 | "scale" : "2x" 57 | }, 58 | { 59 | "orientation" : "portrait", 60 | "idiom" : "iphone", 61 | "extent" : "full-screen", 62 | "subtype" : "retina4", 63 | "scale" : "2x" 64 | }, 65 | { 66 | "orientation" : "portrait", 67 | "idiom" : "ipad", 68 | "extent" : "to-status-bar", 69 | "scale" : "1x" 70 | }, 71 | { 72 | "orientation" : "portrait", 73 | "idiom" : "ipad", 74 | "extent" : "full-screen", 75 | "scale" : "1x" 76 | }, 77 | { 78 | "orientation" : "landscape", 79 | "idiom" : "ipad", 80 | "extent" : "to-status-bar", 81 | "scale" : "1x" 82 | }, 83 | { 84 | "orientation" : "landscape", 85 | "idiom" : "ipad", 86 | "extent" : "full-screen", 87 | "scale" : "1x" 88 | }, 89 | { 90 | "orientation" : "portrait", 91 | "idiom" : "ipad", 92 | "extent" : "to-status-bar", 93 | "scale" : "2x" 94 | }, 95 | { 96 | "orientation" : "portrait", 97 | "idiom" : "ipad", 98 | "extent" : "full-screen", 99 | "scale" : "2x" 100 | }, 101 | { 102 | "orientation" : "landscape", 103 | "idiom" : "ipad", 104 | "extent" : "to-status-bar", 105 | "scale" : "2x" 106 | }, 107 | { 108 | "orientation" : "landscape", 109 | "idiom" : "ipad", 110 | "extent" : "full-screen", 111 | "scale" : "2x" 112 | } 113 | ], 114 | "info" : { 115 | "version" : 1, 116 | "author" : "xcode" 117 | } 118 | } -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 46; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | FE14CF3618DB653900218FAB /* Media.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = FE14CF3518DB653900218FAB /* Media.xcassets */; }; 11 | FE14CF9918DB7B7D00218FAB /* imas.png in Resources */ = {isa = PBXBuildFile; fileRef = FE14CF9818DB7B7D00218FAB /* imas.png */; }; 12 | FE619D6F166E59ED005FB5C7 /* iMAS_PasscodeCheck.m in Sources */ = {isa = PBXBuildFile; fileRef = FE619D6E166E59ED005FB5C7 /* iMAS_PasscodeCheck.m */; }; 13 | FE619D71166E5BBE005FB5C7 /* passcodeCheckCert.der in Resources */ = {isa = PBXBuildFile; fileRef = FE619D70166E5BBE005FB5C7 /* passcodeCheckCert.der */; }; 14 | FEB055D91665224D00041DE4 /* UIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FEB055D81665224D00041DE4 /* UIKit.framework */; }; 15 | FEB055DB1665224D00041DE4 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FEB055DA1665224D00041DE4 /* Foundation.framework */; }; 16 | FEB055DD1665224D00041DE4 /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FEB055DC1665224D00041DE4 /* CoreGraphics.framework */; }; 17 | FEB055E31665224D00041DE4 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = FEB055E11665224D00041DE4 /* InfoPlist.strings */; }; 18 | FEB055E51665224D00041DE4 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = FEB055E41665224D00041DE4 /* main.m */; }; 19 | FEB055E91665224D00041DE4 /* iMASAppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = FEB055E81665224D00041DE4 /* iMASAppDelegate.m */; }; 20 | FEB055EC1665224D00041DE4 /* MainStoryboard.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = FEB055EA1665224D00041DE4 /* MainStoryboard.storyboard */; }; 21 | FEB055EF1665224D00041DE4 /* iMASViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = FEB055EE1665224D00041DE4 /* iMASViewController.m */; }; 22 | FEB055F61665554500041DE4 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FEB055F51665554500041DE4 /* Security.framework */; }; 23 | FEBC99A6195B60F20062417B /* Images.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = FEBC99A5195B60F20062417B /* Images.xcassets */; }; 24 | /* End PBXBuildFile section */ 25 | 26 | /* Begin PBXFileReference section */ 27 | FE14CF3518DB653900218FAB /* Media.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Media.xcassets; sourceTree = ""; }; 28 | FE14CF3918DB67F100218FAB /* Default.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = Default.png; path = Media.xcassets/LaunchImage.launchimage/Default.png; sourceTree = ""; }; 29 | FE14CF3A18DB69D000218FAB /* Icon-60.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = "Icon-60.png"; path = "../../../../../Downloads/Icon-60.png"; sourceTree = ""; }; 30 | FE14CF9818DB7B7D00218FAB /* imas.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = imas.png; sourceTree = ""; }; 31 | FE619D6D166E59DE005FB5C7 /* iMAS_PasscodeCheck.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = iMAS_PasscodeCheck.h; sourceTree = ""; }; 32 | FE619D6E166E59ED005FB5C7 /* iMAS_PasscodeCheck.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = iMAS_PasscodeCheck.m; sourceTree = ""; }; 33 | FE619D70166E5BBE005FB5C7 /* passcodeCheckCert.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = passcodeCheckCert.der; sourceTree = ""; }; 34 | FEB055D41665224D00041DE4 /* PasscodeCheck.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = PasscodeCheck.app; sourceTree = BUILT_PRODUCTS_DIR; }; 35 | FEB055D81665224D00041DE4 /* UIKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = UIKit.framework; path = System/Library/Frameworks/UIKit.framework; sourceTree = SDKROOT; }; 36 | FEB055DA1665224D00041DE4 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; 37 | FEB055DC1665224D00041DE4 /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = System/Library/Frameworks/CoreGraphics.framework; sourceTree = SDKROOT; }; 38 | FEB055E01665224D00041DE4 /* PasscodeSet-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "PasscodeSet-Info.plist"; sourceTree = ""; }; 39 | FEB055E21665224D00041DE4 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/InfoPlist.strings; sourceTree = ""; }; 40 | FEB055E41665224D00041DE4 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; 41 | FEB055E61665224D00041DE4 /* PasscodeSet-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "PasscodeSet-Prefix.pch"; sourceTree = ""; }; 42 | FEB055E71665224D00041DE4 /* iMASAppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = iMASAppDelegate.h; sourceTree = ""; }; 43 | FEB055E81665224D00041DE4 /* iMASAppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = iMASAppDelegate.m; sourceTree = ""; }; 44 | FEB055EB1665224D00041DE4 /* en */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = en; path = en.lproj/MainStoryboard.storyboard; sourceTree = ""; }; 45 | FEB055ED1665224D00041DE4 /* iMASViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = iMASViewController.h; sourceTree = ""; }; 46 | FEB055EE1665224D00041DE4 /* iMASViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = iMASViewController.m; sourceTree = ""; }; 47 | FEB055F51665554500041DE4 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; 48 | FEBC99A5195B60F20062417B /* Images.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Images.xcassets; sourceTree = ""; }; 49 | /* End PBXFileReference section */ 50 | 51 | /* Begin PBXFrameworksBuildPhase section */ 52 | FEB055D11665224D00041DE4 /* Frameworks */ = { 53 | isa = PBXFrameworksBuildPhase; 54 | buildActionMask = 2147483647; 55 | files = ( 56 | FEB055F61665554500041DE4 /* Security.framework in Frameworks */, 57 | FEB055D91665224D00041DE4 /* UIKit.framework in Frameworks */, 58 | FEB055DB1665224D00041DE4 /* Foundation.framework in Frameworks */, 59 | FEB055DD1665224D00041DE4 /* CoreGraphics.framework in Frameworks */, 60 | ); 61 | runOnlyForDeploymentPostprocessing = 0; 62 | }; 63 | /* End PBXFrameworksBuildPhase section */ 64 | 65 | /* Begin PBXGroup section */ 66 | FEB055C91665224D00041DE4 = { 67 | isa = PBXGroup; 68 | children = ( 69 | FEBC99A5195B60F20062417B /* Images.xcassets */, 70 | FE14CF3A18DB69D000218FAB /* Icon-60.png */, 71 | FE14CF9818DB7B7D00218FAB /* imas.png */, 72 | FE14CF3918DB67F100218FAB /* Default.png */, 73 | FE14CF3518DB653900218FAB /* Media.xcassets */, 74 | FEB055F51665554500041DE4 /* Security.framework */, 75 | FEB055DE1665224D00041DE4 /* PasscodeSet */, 76 | FEB055D71665224D00041DE4 /* Frameworks */, 77 | FEB055D51665224D00041DE4 /* Products */, 78 | ); 79 | sourceTree = ""; 80 | }; 81 | FEB055D51665224D00041DE4 /* Products */ = { 82 | isa = PBXGroup; 83 | children = ( 84 | FEB055D41665224D00041DE4 /* PasscodeCheck.app */, 85 | ); 86 | name = Products; 87 | sourceTree = ""; 88 | }; 89 | FEB055D71665224D00041DE4 /* Frameworks */ = { 90 | isa = PBXGroup; 91 | children = ( 92 | FEB055D81665224D00041DE4 /* UIKit.framework */, 93 | FEB055DA1665224D00041DE4 /* Foundation.framework */, 94 | FEB055DC1665224D00041DE4 /* CoreGraphics.framework */, 95 | ); 96 | name = Frameworks; 97 | sourceTree = ""; 98 | }; 99 | FEB055DE1665224D00041DE4 /* PasscodeSet */ = { 100 | isa = PBXGroup; 101 | children = ( 102 | FE619D70166E5BBE005FB5C7 /* passcodeCheckCert.der */, 103 | FE619D6E166E59ED005FB5C7 /* iMAS_PasscodeCheck.m */, 104 | FE619D6D166E59DE005FB5C7 /* iMAS_PasscodeCheck.h */, 105 | FEB055E71665224D00041DE4 /* iMASAppDelegate.h */, 106 | FEB055E81665224D00041DE4 /* iMASAppDelegate.m */, 107 | FEB055EA1665224D00041DE4 /* MainStoryboard.storyboard */, 108 | FEB055ED1665224D00041DE4 /* iMASViewController.h */, 109 | FEB055EE1665224D00041DE4 /* iMASViewController.m */, 110 | FEB055DF1665224D00041DE4 /* Supporting Files */, 111 | ); 112 | path = PasscodeSet; 113 | sourceTree = ""; 114 | }; 115 | FEB055DF1665224D00041DE4 /* Supporting Files */ = { 116 | isa = PBXGroup; 117 | children = ( 118 | FEB055E01665224D00041DE4 /* PasscodeSet-Info.plist */, 119 | FEB055E11665224D00041DE4 /* InfoPlist.strings */, 120 | FEB055E41665224D00041DE4 /* main.m */, 121 | FEB055E61665224D00041DE4 /* PasscodeSet-Prefix.pch */, 122 | ); 123 | name = "Supporting Files"; 124 | sourceTree = ""; 125 | }; 126 | /* End PBXGroup section */ 127 | 128 | /* Begin PBXNativeTarget section */ 129 | FEB055D31665224D00041DE4 /* PasscodeSet */ = { 130 | isa = PBXNativeTarget; 131 | buildConfigurationList = FEB055F21665224D00041DE4 /* Build configuration list for PBXNativeTarget "PasscodeSet" */; 132 | buildPhases = ( 133 | FEB055D01665224D00041DE4 /* Sources */, 134 | FEB055D11665224D00041DE4 /* Frameworks */, 135 | FEB055D21665224D00041DE4 /* Resources */, 136 | ); 137 | buildRules = ( 138 | ); 139 | dependencies = ( 140 | ); 141 | name = PasscodeSet; 142 | productName = PasscodeSet; 143 | productReference = FEB055D41665224D00041DE4 /* PasscodeCheck.app */; 144 | productType = "com.apple.product-type.application"; 145 | }; 146 | /* End PBXNativeTarget section */ 147 | 148 | /* Begin PBXProject section */ 149 | FEB055CB1665224D00041DE4 /* Project object */ = { 150 | isa = PBXProject; 151 | attributes = { 152 | CLASSPREFIX = iMAS; 153 | LastUpgradeCheck = 0440; 154 | ORGANIZATIONNAME = "MITRE Corp"; 155 | }; 156 | buildConfigurationList = FEB055CE1665224D00041DE4 /* Build configuration list for PBXProject "PasscodeSet" */; 157 | compatibilityVersion = "Xcode 3.2"; 158 | developmentRegion = English; 159 | hasScannedForEncodings = 0; 160 | knownRegions = ( 161 | en, 162 | ); 163 | mainGroup = FEB055C91665224D00041DE4; 164 | productRefGroup = FEB055D51665224D00041DE4 /* Products */; 165 | projectDirPath = ""; 166 | projectRoot = ""; 167 | targets = ( 168 | FEB055D31665224D00041DE4 /* PasscodeSet */, 169 | ); 170 | }; 171 | /* End PBXProject section */ 172 | 173 | /* Begin PBXResourcesBuildPhase section */ 174 | FEB055D21665224D00041DE4 /* Resources */ = { 175 | isa = PBXResourcesBuildPhase; 176 | buildActionMask = 2147483647; 177 | files = ( 178 | FEB055E31665224D00041DE4 /* InfoPlist.strings in Resources */, 179 | FE14CF9918DB7B7D00218FAB /* imas.png in Resources */, 180 | FEB055EC1665224D00041DE4 /* MainStoryboard.storyboard in Resources */, 181 | FEBC99A6195B60F20062417B /* Images.xcassets in Resources */, 182 | FE14CF3618DB653900218FAB /* Media.xcassets in Resources */, 183 | FE619D71166E5BBE005FB5C7 /* passcodeCheckCert.der in Resources */, 184 | ); 185 | runOnlyForDeploymentPostprocessing = 0; 186 | }; 187 | /* End PBXResourcesBuildPhase section */ 188 | 189 | /* Begin PBXSourcesBuildPhase section */ 190 | FEB055D01665224D00041DE4 /* Sources */ = { 191 | isa = PBXSourcesBuildPhase; 192 | buildActionMask = 2147483647; 193 | files = ( 194 | FEB055E51665224D00041DE4 /* main.m in Sources */, 195 | FEB055E91665224D00041DE4 /* iMASAppDelegate.m in Sources */, 196 | FEB055EF1665224D00041DE4 /* iMASViewController.m in Sources */, 197 | FE619D6F166E59ED005FB5C7 /* iMAS_PasscodeCheck.m in Sources */, 198 | ); 199 | runOnlyForDeploymentPostprocessing = 0; 200 | }; 201 | /* End PBXSourcesBuildPhase section */ 202 | 203 | /* Begin PBXVariantGroup section */ 204 | FEB055E11665224D00041DE4 /* InfoPlist.strings */ = { 205 | isa = PBXVariantGroup; 206 | children = ( 207 | FEB055E21665224D00041DE4 /* en */, 208 | ); 209 | name = InfoPlist.strings; 210 | sourceTree = ""; 211 | }; 212 | FEB055EA1665224D00041DE4 /* MainStoryboard.storyboard */ = { 213 | isa = PBXVariantGroup; 214 | children = ( 215 | FEB055EB1665224D00041DE4 /* en */, 216 | ); 217 | name = MainStoryboard.storyboard; 218 | sourceTree = ""; 219 | }; 220 | /* End PBXVariantGroup section */ 221 | 222 | /* Begin XCBuildConfiguration section */ 223 | FEB055F01665224D00041DE4 /* Debug */ = { 224 | isa = XCBuildConfiguration; 225 | buildSettings = { 226 | ALWAYS_SEARCH_USER_PATHS = NO; 227 | ARCHS = "$(ARCHS_STANDARD_32_BIT)"; 228 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 229 | CLANG_ENABLE_OBJC_ARC = YES; 230 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 231 | CODE_SIGN_IDENTITY = "iPhone Developer: Gregg Ganley (KE6D38G24X)"; 232 | "CODE_SIGN_IDENTITY[sdk=*]" = "iPhone Developer: Gregg Ganley (KE6D38G24X)"; 233 | COPY_PHASE_STRIP = NO; 234 | GCC_C_LANGUAGE_STANDARD = gnu99; 235 | GCC_DYNAMIC_NO_PIC = NO; 236 | GCC_OPTIMIZATION_LEVEL = 0; 237 | GCC_PREPROCESSOR_DEFINITIONS = ( 238 | "DEBUG=1", 239 | "$(inherited)", 240 | ); 241 | GCC_SYMBOLS_PRIVATE_EXTERN = NO; 242 | GCC_VERSION = com.apple.compilers.llvm.clang.1_0; 243 | GCC_WARN_ABOUT_RETURN_TYPE = YES; 244 | GCC_WARN_UNINITIALIZED_AUTOS = YES; 245 | GCC_WARN_UNUSED_VARIABLE = YES; 246 | IPHONEOS_DEPLOYMENT_TARGET = 6.1; 247 | PROVISIONING_PROFILE = "BAF03896-A331-467F-88B5-EEA762AB0C35"; 248 | "PROVISIONING_PROFILE[sdk=*]" = "BAF03896-A331-467F-88B5-EEA762AB0C35"; 249 | SDKROOT = iphoneos; 250 | }; 251 | name = Debug; 252 | }; 253 | FEB055F11665224D00041DE4 /* Release */ = { 254 | isa = XCBuildConfiguration; 255 | buildSettings = { 256 | ALWAYS_SEARCH_USER_PATHS = NO; 257 | ARCHS = "$(ARCHS_STANDARD_32_BIT)"; 258 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 259 | CLANG_ENABLE_OBJC_ARC = YES; 260 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 261 | CODE_SIGN_IDENTITY = "iPhone Developer: Gregg Ganley (KE6D38G24X)"; 262 | "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = ""; 263 | COPY_PHASE_STRIP = YES; 264 | GCC_C_LANGUAGE_STANDARD = gnu99; 265 | GCC_VERSION = com.apple.compilers.llvm.clang.1_0; 266 | GCC_WARN_ABOUT_RETURN_TYPE = YES; 267 | GCC_WARN_UNINITIALIZED_AUTOS = YES; 268 | GCC_WARN_UNUSED_VARIABLE = YES; 269 | IPHONEOS_DEPLOYMENT_TARGET = 6.1; 270 | OTHER_CFLAGS = "-DNS_BLOCK_ASSERTIONS=1"; 271 | PROVISIONING_PROFILE = "BAF03896-A331-467F-88B5-EEA762AB0C35"; 272 | SDKROOT = iphoneos; 273 | VALIDATE_PRODUCT = YES; 274 | }; 275 | name = Release; 276 | }; 277 | FEB055F31665224D00041DE4 /* Debug */ = { 278 | isa = XCBuildConfiguration; 279 | buildSettings = { 280 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 281 | ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage; 282 | CODE_SIGN_IDENTITY = "iPhone Developer"; 283 | "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; 284 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 285 | GCC_PREFIX_HEADER = "PasscodeSet/PasscodeSet-Prefix.pch"; 286 | INFOPLIST_FILE = "PasscodeSet/PasscodeSet-Info.plist"; 287 | IPHONEOS_DEPLOYMENT_TARGET = 6.1; 288 | PRODUCT_NAME = PasscodeCheck; 289 | PROVISIONING_PROFILE = ""; 290 | "PROVISIONING_PROFILE[sdk=iphoneos*]" = ""; 291 | VALIDATE_PRODUCT = NO; 292 | WRAPPER_EXTENSION = app; 293 | }; 294 | name = Debug; 295 | }; 296 | FEB055F41665224D00041DE4 /* Release */ = { 297 | isa = XCBuildConfiguration; 298 | buildSettings = { 299 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 300 | ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage; 301 | CODE_SIGN_IDENTITY = ""; 302 | GCC_PRECOMPILE_PREFIX_HEADER = YES; 303 | GCC_PREFIX_HEADER = "PasscodeSet/PasscodeSet-Prefix.pch"; 304 | INFOPLIST_FILE = "PasscodeSet/PasscodeSet-Info.plist"; 305 | IPHONEOS_DEPLOYMENT_TARGET = 6.1; 306 | PRODUCT_NAME = PasscodeCheck; 307 | VALIDATE_PRODUCT = NO; 308 | WRAPPER_EXTENSION = app; 309 | }; 310 | name = Release; 311 | }; 312 | /* End XCBuildConfiguration section */ 313 | 314 | /* Begin XCConfigurationList section */ 315 | FEB055CE1665224D00041DE4 /* Build configuration list for PBXProject "PasscodeSet" */ = { 316 | isa = XCConfigurationList; 317 | buildConfigurations = ( 318 | FEB055F01665224D00041DE4 /* Debug */, 319 | FEB055F11665224D00041DE4 /* Release */, 320 | ); 321 | defaultConfigurationIsVisible = 0; 322 | defaultConfigurationName = Release; 323 | }; 324 | FEB055F21665224D00041DE4 /* Build configuration list for PBXNativeTarget "PasscodeSet" */ = { 325 | isa = XCConfigurationList; 326 | buildConfigurations = ( 327 | FEB055F31665224D00041DE4 /* Debug */, 328 | FEB055F41665224D00041DE4 /* Release */, 329 | ); 330 | defaultConfigurationIsVisible = 0; 331 | defaultConfigurationName = Release; 332 | }; 333 | /* End XCConfigurationList section */ 334 | }; 335 | rootObject = FEB055CB1665224D00041DE4 /* Project object */; 336 | } 337 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet.xcodeproj/project.xcworkspace/xcuserdata/gganley.xcuserdatad/UserInterfaceState.xcuserstate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/PasscodeSet.xcodeproj/project.xcworkspace/xcuserdata/gganley.xcuserdatad/UserInterfaceState.xcuserstate -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet.xcodeproj/project.xcworkspace/xcuserdata/gganley.xcuserdatad/WorkspaceSettings.xcsettings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | BuildLocationStyle 6 | UseAppPreferences 7 | CustomBuildLocationType 8 | RelativeToDerivedData 9 | DerivedDataLocationStyle 10 | Default 11 | IssueFilterStyle 12 | ShowActiveSchemeOnly 13 | LiveSourceIssuesEnabled 14 | 15 | SnapshotAutomaticallyBeforeSignificantChanges 16 | 17 | SnapshotLocationStyle 18 | Default 19 | 20 | 21 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet.xcodeproj/xcuserdata/gganley.xcuserdatad/xcschemes/PasscodeSet.xcscheme: -------------------------------------------------------------------------------- 1 | 2 | 5 | 8 | 9 | 15 | 21 | 22 | 23 | 24 | 25 | 30 | 31 | 32 | 33 | 39 | 40 | 41 | 42 | 52 | 53 | 59 | 60 | 61 | 62 | 63 | 64 | 70 | 71 | 77 | 78 | 79 | 80 | 82 | 83 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet.xcodeproj/xcuserdata/gganley.xcuserdatad/xcschemes/xcschememanagement.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | SchemeUserState 6 | 7 | PasscodeSet.xcscheme 8 | 9 | orderHint 10 | 0 11 | 12 | 13 | SuppressBuildableAutocreation 14 | 15 | FEB055D31665224D00041DE4 16 | 17 | primary 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/PasscodeSet-Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | en 7 | CFBundleDisplayName 8 | ${PRODUCT_NAME} 9 | CFBundleExecutable 10 | ${EXECUTABLE_NAME} 11 | CFBundleIcons 12 | 13 | CFBundleIcons~ipad 14 | 15 | CFBundleIdentifier 16 | com.mitre.imas.${PRODUCT_NAME:rfc1034identifier} 17 | CFBundleInfoDictionaryVersion 18 | 6.0 19 | CFBundleName 20 | ${PRODUCT_NAME} 21 | CFBundlePackageType 22 | APPL 23 | CFBundleShortVersionString 24 | 1.0 25 | CFBundleSignature 26 | ???? 27 | CFBundleVersion 28 | 1.0 29 | LSRequiresIPhoneOS 30 | 31 | UIMainStoryboardFile 32 | MainStoryboard 33 | UIRequiredDeviceCapabilities 34 | 35 | armv7 36 | 37 | UISupportedInterfaceOrientations 38 | 39 | UIInterfaceOrientationPortrait 40 | UIInterfaceOrientationLandscapeLeft 41 | UIInterfaceOrientationLandscapeRight 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/PasscodeSet-Prefix.pch: -------------------------------------------------------------------------------- 1 | // 2 | // Prefix header for all source files of the 'PasscodeSet' target in the 'PasscodeSet' project 3 | // 4 | 5 | #import 6 | 7 | #ifndef __IPHONE_5_0 8 | #warning "This project uses features only available in iOS SDK 5.0 and later." 9 | #endif 10 | 11 | #ifdef __OBJC__ 12 | #import 13 | #import 14 | #endif 15 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/en.lproj/InfoPlist.strings: -------------------------------------------------------------------------------- 1 | /* Localized versions of Info.plist keys */ 2 | 3 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/en.lproj/MainStoryboard.storyboard: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 26 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/iMASAppDelegate.h: -------------------------------------------------------------------------------- 1 | // 2 | // iMASAppDelegate.h 3 | // PasscodeSet 4 | // 5 | // Created by Ganley, Gregg on 11/27/12. 6 | // Copyright (c) 2012 MITRE Corp. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface iMASAppDelegate : UIResponder 12 | 13 | @property (strong, nonatomic) UIWindow *window; 14 | 15 | @end 16 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/iMASAppDelegate.m: -------------------------------------------------------------------------------- 1 | // 2 | // iMASAppDelegate.m 3 | // PasscodeSet 4 | // 5 | // Created by Ganley, Gregg on 11/27/12. 6 | // Copyright (c) 2012 MITRE Corp. All rights reserved. 7 | // 8 | 9 | #import "iMASAppDelegate.h" 10 | #import "iMASViewController.h" 11 | 12 | @implementation iMASAppDelegate 13 | 14 | - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions 15 | { 16 | // Override point for customization after application launch. 17 | return YES; 18 | } 19 | 20 | - (void)applicationWillResignActive:(UIApplication *)application 21 | { 22 | // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state. 23 | // Use this method to pause ongoing tasks, disable timers, and throttle down OpenGL ES frame rates. Games should use this method to pause the game. 24 | 25 | } 26 | 27 | - (void)applicationDidEnterBackground:(UIApplication *)application 28 | { 29 | // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later. 30 | // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits. 31 | [application ignoreSnapshotOnNextApplicationLaunch]; 32 | iMASViewController* mainController = (iMASViewController *) self.window.rootViewController; 33 | [mainController dismissViewControllerAnimated:NO completion:nil]; 34 | 35 | } 36 | 37 | - (void)applicationWillEnterForeground:(UIApplication *)application 38 | { 39 | // Called as part of the transition from the background to the inactive state; here you can undo many of the changes made on entering the background. 40 | 41 | 42 | } 43 | 44 | - (void)applicationDidBecomeActive:(UIApplication *)application 45 | { 46 | // Restart any tasks that were paused (or not yet started) while the application was inactive. If the application was previously in the background, optionally refresh the user interface. 47 | 48 | iMASViewController* mainController = (iMASViewController *) self.window.rootViewController; 49 | [mainController clearOutput]; 50 | 51 | } 52 | 53 | - (void)applicationWillTerminate:(UIApplication *)application 54 | { 55 | // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:. 56 | } 57 | 58 | @end 59 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/iMASViewController.h: -------------------------------------------------------------------------------- 1 | // 2 | // iMASViewController.h 3 | // PasscodeSet 4 | // 5 | // Created by Ganley, Gregg on 11/27/12. 6 | // Copyright (c) 2012 MITRE Corp. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface iMASViewController : UIViewController 12 | 13 | @property (weak, nonatomic) IBOutlet UITextView *output; 14 | - (void)clearOutput; 15 | 16 | @end 17 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/iMASViewController.m: -------------------------------------------------------------------------------- 1 | // 2 | // iMASViewController.m 3 | // PasscodeSet 4 | // 5 | // Created by Ganley, Gregg on 11/27/12. 6 | // Copyright (c) 2012 MITRE Corp. All rights reserved. 7 | // 8 | 9 | #import "iMASViewController.h" 10 | #import "iMAS_PasscodeCheck.h" 11 | 12 | @implementation iMASViewController 13 | @synthesize output = _output; 14 | 15 | 16 | - (IBAction)runTest:(UIButton *)sender { 17 | NSString *buttonName = [sender currentTitle]; 18 | 19 | NSLog(@"Button Pressed = %@", buttonName); 20 | 21 | Boolean is_set; 22 | 23 | if ([buttonName isEqualToString:@"iOS 8 Keychain API Passcode Check"]) { 24 | is_set = [iMAS_PasscodeCheck isPasscodeSetKeychainAPI]; 25 | 26 | if (is_set) { 27 | self.output.text = @"iOS 8 API reveals the device has a passcode"; 28 | NSLog(@"iOS 8: Passcode is set"); 29 | } else { 30 | self.output.text = @"iOS 8 API reveals no passcode or API unavailable"; 31 | NSLog(@"iOS 8: Passcode not set or API unavailable"); 32 | } 33 | } else { 34 | is_set = [iMAS_PasscodeCheck isPasscodeSet]; 35 | 36 | if (is_set == TRUE) 37 | self.output.text = @"Device passcode meets app requirements"; 38 | else 39 | self.output.text = @"Device passcode may not be set or does not meet app requirements!"; 40 | 41 | NSLog(@"is passcode set? %d", is_set); 42 | } 43 | } 44 | 45 | // when app goes into background 46 | -(void) clearOutput { 47 | self.output.text = @""; 48 | 49 | self.view.backgroundColor = [UIColor clearColor]; 50 | self.output.backgroundColor = [UIColor clearColor]; 51 | UIToolbar* bgToolbar = [[UIToolbar alloc] initWithFrame:self.view.frame]; 52 | bgToolbar.barStyle = UIBarStyleDefault; 53 | [self.view.superview insertSubview:bgToolbar belowSubview:self.view]; 54 | } 55 | 56 | -(void) viewWillAppear:(BOOL)animated { 57 | self.output.text = @""; 58 | } 59 | 60 | - (void)viewDidLoad { 61 | self.output.text = @""; 62 | } 63 | 64 | - (void)viewDidUnload { 65 | [self setOutput:nil]; 66 | [super viewDidUnload]; 67 | 68 | 69 | } 70 | @end 71 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/iMAS_PasscodeCheck.h: -------------------------------------------------------------------------------- 1 | // 2 | // iMAS_PasscodeCheck.h 3 | // PasscodeSet 4 | // 5 | // Created by Ganley, Gregg on 12/4/12. 6 | // Copyright (c) 2012 MITRE Corp. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface iMAS_PasscodeCheck : NSObject 12 | 13 | //** is a configuration profile installed that forces the user to set a more rigorous password 14 | + (Boolean)isPasscodeSet; 15 | 16 | //** iOS 8 adds a keychain API to test if passcode is set 17 | + (Boolean)isPasscodeSetKeychainAPI; 18 | 19 | @end 20 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/iMAS_PasscodeCheck.m: -------------------------------------------------------------------------------- 1 | // 2 | // iMAS_isPasscodeSet.m 3 | // PasscodeSet 4 | // 5 | // Created by Ganley, Gregg on 12/4/12. 6 | // Copyright (c) 2012 MITRE Corp. All rights reserved. 7 | // 8 | 9 | #import "iMAS_PasscodeCheck.h" 10 | 11 | 12 | 13 | // TODO Should also look for versions greater 14 | #ifndef __IPHONE_8_0 15 | void* kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly = NULL; 16 | #endif 17 | 18 | 19 | @implementation iMAS_PasscodeCheck 20 | 21 | 22 | //** is a configuration profile installed that forces the user to set a more rigorous password 23 | 24 | + (Boolean)isPasscodeSet { 25 | 26 | OSStatus err; 27 | NSString * certPath; 28 | NSData * certData; 29 | SecCertificateRef cert; 30 | SecPolicyRef policy; 31 | SecTrustRef trust; 32 | SecTrustResultType trustResult; 33 | Boolean isPasscodeSetResult = FALSE; 34 | NSError *errorPtr; 35 | 36 | //** 37 | //** TEST code 38 | //** Read cert and display contents to console 39 | //** 40 | /* 41 | NSString *filePath = [[NSBundle mainBundle] pathForResource:@"passcodeCheckCert" ofType:@"der"]; 42 | if (filePath) { 43 | NSString *myText = [NSString stringWithContentsOfFile:filePath]; 44 | NSLog(@"CERT contents = %@", myText); 45 | } 46 | */ 47 | 48 | //** get path of cert file 49 | certPath = [[NSBundle mainBundle] pathForResource:@"passcodeCheckCert" ofType:@"der"]; 50 | if (certPath == nil) { 51 | //** cert not bundled with application, so fail passcode check 52 | NSLog(@"passcodeCheckCert.der file not found"); 53 | return false; 54 | } 55 | 56 | //** read cert file data 57 | certData = [NSData dataWithContentsOfFile: certPath options: 1 error: &errorPtr]; 58 | if (certData == 0) { 59 | NSLog(@"read failed with error: %@", errorPtr); 60 | return false; 61 | } 62 | 63 | //** Creates a certificate object from a DER representation of a certificate. 64 | cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData); 65 | if (cert == NULL) { 66 | NSLog(@"could not create a cert object from cert file!"); 67 | return false; 68 | } 69 | 70 | //** Returns a policy object for the default X.509 policy 71 | policy = SecPolicyCreateBasicX509(); 72 | if (policy == NULL) { 73 | NSLog(@"could not retrieve X.509 policy object!"); 74 | return false; 75 | } 76 | 77 | //** Creates a trust management object based on certificates and policies 78 | //** Here we pass in the bundled cert which is evaluated against the given X.509 policy 79 | err = SecTrustCreateWithCertificates((__bridge CFArrayRef) [NSArray arrayWithObject:(__bridge id)cert], policy, &trust); 80 | if (err != noErr || trust == NULL) { 81 | NSLog(@"could not create a trust management object!"); 82 | return false; 83 | } 84 | //assert(err == noErr); 85 | //assert(trust != NULL); 86 | 87 | 88 | //** 89 | /* Evaluates trust for the specified certificate and policies. 90 | The SecTrustEvaluate function validates a certificate by verifying its signature 91 | plus the signatures of the certificates in its certificate chain, up to the anchor certificate, 92 | according to the policy or policies included in the trust management object. 93 | */ 94 | trustResult = -1; 95 | err = SecTrustEvaluate(trust, &trustResult); 96 | NSLog(@"err = %d, trustResult = %d", (int) err, (int) trustResult); 97 | switch (trustResult) { 98 | case kSecTrustResultProceed: // 1 99 | case kSecTrustResultConfirm: // 2 - deprecated in iOS 7, but still valid in iOS 6 100 | case kSecTrustResultUnspecified: // 4 101 | isPasscodeSetResult = true; 102 | break; 103 | case kSecTrustResultRecoverableTrustFailure: // 5 104 | case kSecTrustResultDeny: // 3 105 | case kSecTrustResultFatalTrustFailure: // 6 106 | case kSecTrustResultOtherError: // 7 107 | case kSecTrustResultInvalid: // 0 108 | default: 109 | isPasscodeSetResult = false; 110 | break; 111 | } 112 | 113 | CFRelease(trust); 114 | CFRelease(policy); 115 | CFRelease(cert); 116 | 117 | return isPasscodeSetResult; 118 | } 119 | 120 | + (Boolean)isPasscodeSetKeychainAPI { 121 | 122 | BOOL isAPIAvailable = (kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly != NULL); 123 | 124 | // Not available prior to iOS 8 - safe to return false rather than throwing exception 125 | if(isAPIAvailable) { 126 | 127 | // From http://pastebin.com/T9YwEjnL 128 | NSData* secret = [@"Device has passcode set?" dataUsingEncoding:NSUTF8StringEncoding]; 129 | NSDictionary *attributes = @{ 130 | (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, 131 | (__bridge id)kSecAttrService: @"LocalDeviceServices", 132 | (__bridge id)kSecAttrAccount: @"NoAccount", 133 | (__bridge id)kSecValueData: secret, 134 | (__bridge id)kSecAttrAccessible: (__bridge id)kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly 135 | }; 136 | 137 | // Original code claimed to check if the item was already on the keychain 138 | // but in reality you can't add duplicates so this will fail with errSecDuplicateItem 139 | // if the item is already on the keychain (which could throw off our check if 140 | // kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly was not set) 141 | 142 | OSStatus status = SecItemAdd((__bridge CFDictionaryRef)attributes, NULL); 143 | if (status == errSecSuccess) { // item added okay, passcode has been set 144 | NSDictionary *query = @{ 145 | (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, 146 | (__bridge id)kSecAttrService: @"LocalDeviceServices", 147 | (__bridge id)kSecAttrAccount: @"NoAccount" 148 | }; 149 | 150 | status = SecItemDelete((__bridge CFDictionaryRef)query); 151 | 152 | return true; 153 | } 154 | 155 | // errSecDecode seems to be the error thrown on a device with no passcode set 156 | if (status == errSecDecode) { 157 | return false; 158 | } 159 | } 160 | 161 | return false; 162 | } 163 | 164 | @end 165 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // PasscodeSet 4 | // 5 | // Created by Ganley, Gregg on 11/27/12. 6 | // Copyright (c) 2012 MITRE Corp. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | #import "iMASAppDelegate.h" 12 | 13 | int main(int argc, char *argv[]) 14 | { 15 | @autoreleasepool { 16 | return UIApplicationMain(argc, argv, nil, NSStringFromClass([iMASAppDelegate class])); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /PasscodeSet/PasscodeSet/passcodeCheckCert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/PasscodeSet/passcodeCheckCert.der -------------------------------------------------------------------------------- /PasscodeSet/imas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/PasscodeSet/imas.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | iMAS - PasscodeCheck Security Control[![analytics](http://www.google-analytics.com/collect?v=1&t=pageview&_s=1&dl=https%3A%2F%2Fgithub.com%2Fproject-imas%2Fpasscode-check&_u=MAC~&cid=1757014354.1393964045&tid=UA-38868530-1)]() 2 | ===================================== 3 | 4 | 5 | Short Description 6 | ================= 7 | 8 | iOS does not offer a simple API check for developers to assess the security level of an iOS device. iMAS - PasscodeCheck security control offers open source code, which can be easily added to any iOS application bundle and release process. 9 | 10 | Background 11 | ========== 12 | 13 | iOS does not offer a simple API or library that a developer can programmatically call to confirm whether or not the system passcode is set. If it is set, is it complex, specifically more complex than a simple 4-digit passcode? Without this assurance, an iOS application could be vulnerable to data theft stemming from inadequate application security. This is based on the scenario where an attacker gains physical access to an iOS device, either from an owner losing their device, temporary loss due to the device being serviced, or actual theft of the device. Once an iOS device is in the hands of an attacker, without a passcode or a simple 4-digit passcode on the device, the attacker will be able to bruteforce the passcode with ease. Once the passcode is known, the device can be unlocked, jailbroken, and application data easily stolen. This vulnerability can be reduced considerably with the use of a complex passcode, one that is at least 6 digits in length and alphanumeric. Given this scenario, an iOS application developer does not have any mechanism to assess if an app is running in a marginally secure or a verified secure environment. 14 | 15 | iMAS has researched and implemented a system passcode check library and process that can be easily added to any iOS application bundle and release process. 16 | 17 | Common Weakness Enumerations (CWE), better known as software errors, have been applied to each vulnerability addressed, to better help security engineers identify the value of each implementation. More CWE details can be found at http://cwe.mitre.org. 18 | 19 | 20 | Vulnerabilities Addressed 21 | ========================= 22 | 23 | 1. No system passcode set on iOS device 24 | - CWE-862: Missing Authorization 25 | - CWE-306: Missing Authentication for Critical Function 26 | - SRG-APP-000082-MAPP-000025 Severity-CAT II: If the mobile application processes digitally signed data or code, then it must validate the digital signature. 27 | 2. 4-digit system passcode set on iOS device 28 | - CWE-521: Weak Password Requirements 29 | - SRG-APP-000129-MAPP-000029 Severity-CAT II: The mobile application must implement automated mechanisms to enforce access control restrictions which are not provided by the operating system. 30 | - SRG-APP-000200-MAPP-000044 Severity-CAT II: The mobile application must shut down when it determines that a required security function is unavailable. 31 | - SRG-APP-000225-MAPP-000047 Severity-CAT II: The mobile application must fail to an initial state when the application unexpectedly terminates, unless it maintains a secure state at all times. 32 | 3. Jailbreak and passcode bruteforce attack 33 | - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 34 | - CWE-250: Execution with Unnecessary Privileges 35 | - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 36 | - SRG-APP-000133-MAPP-000030 Severity-CAT II: The mobile application must not enable other applications or non-privileged processes to modify software libraries. 37 | 38 | Design 39 | ====== 40 | 41 | The PasscodeCheck security check is implemented using the Certificate, Key, and Trust services provided in the `Security.framework`. Essentially, a configuration profile is created which contains the specific password policies for the device. One can make the restrictions simple or very extensive. For our tests, we created a config profile which forces a 6-digit passcode. The configuration profile would then be installed on a device. During install, iOS reads the profile and then enforces the new passcode requirements - requiring the user to enter a 6-digit passcode. At this point, the device is more secure, so why do anymore? Well, from an application it is impossible to tell if a particular configuration profile is installed and doubly impossible to programmatically figure out the details of the config profile, hence the need for the certificate bundling and validation. So, the next steps require a self-signed root certificate and a leaf certificate be created. The root certificate is bundled with the configuration profile at creation time. The leaf certificate is bundled with the iOS application. Finally, the application can use iMAS PasscodeCheck to confirm the leaf certificate is present, and then confirm its signatures match with the root certificate. If all checks validate, then PasscodeCheck isPasscodeSet returns a Boolean true otherwise false. 42 | 43 | The developer/organization creates a self-signed root certificate and then creates a leaf certificate from the root certificate. It must be in DER format, the openssl default appears to be in PEM format. Use the iPhone configuration tool to create a configuration profile, establish a complex passcode requirement, and any other requirement. Add the `root` certificate file to the configuration profile, and ensure it is in DER format. Connect the iOS device to the computer, and then from the iphone config tool, install the `root` certificate (with a remove anytime or password to remove option). This installs the root certificate in the trusted root store on the device, not the app keychain. Bundle the leaf certificate with the app by including it in the project. On each app run, read the leaf certificate and validate it with the installed `root` certificate. If the `root` certificate is present, then the validate routine will return a 4 `kSecTrustResultUnspecified`, which is correct and says the `root` certificate is installed, and informs you that the config profile is being enforced. If the validation routine returns a 5 (`kSecTrustResultRecoverableTrustFailure`) this means the root cert is not installed and as such the password policy is undetermined. Knowing this, the app developer can decide to degrade functionality or exit the app altogether. 44 | 45 | 46 | ![screenshot](https://github.com/project-imas/passcode-check/raw/master/passcode-check.png) 47 | 48 | API and use 49 | =========== 50 | 51 | `iMAS_PasscodeCheck` contains one static method called `isPasscodeSet` that returns a Boolean. The return value indicates true, if the complex passcode config profile is installed (thus a complex passcode is in use on the device), and indicates false if the validation process fails at any point. 52 | 53 | To use this security control: 54 | 1. Copy its files (.h and .m) to your iOS application project 55 | - Make the call to `isPasscodeSet` 56 | - Based on the return value, one can decide whether to continue use of the application, halt the app, or run in a degraded mode. 57 | 2. Create a root (`iMAS_RootCA.der`) and leaf cert (`passcodeCheckCert.der`), or use the provided certs on this site. 58 | 3. Use the iPhone Configuration Tool, and create a configuration profile with an appropriate passcode policy, or use the config profile (`*.mobileconfig`) provided on this site 59 | 4. Bundle the root cert with your config profile 60 | 5. Bundle the leaf cert with the application 61 | 5. Install the config profile on the device(s) 62 | 6. Compile, build, and test app with `PasscodeCheck` code in place 63 | 64 | 65 | We strongly encourage developers to send us with feedback on your intended use and/or fixes. This information will enable us to address relevancy and need. 66 | 67 | 68 | Certificate Details 69 | =================== 70 | 71 | The developer/organization creates a self-signed root certificate and then creates a leaf certificate from the root certificate. It must be in DER format, the openssl default appears to be in PEM format. Use the iPhone configuration tool to create a configuration profile, establish a complex passcode requirement, and any other requirement. Add the `root` certificate file to the configuration profile, and ensure it is in DER format. Connect the iOS device to the computer, and then from the iphone config tool, install the `root` certificate (with a "remove anytime" or "password to remove" option). This installs the root certificate in the trusted root store on the device, not the app keychain. Bundle the leaf certificate with the app by including it in the project. On each app run, read the leaf certificate and validate it with the installed `root` certificate. If the `root` certificate is present, then the validate routine will return a 4 `kSecTrustResultUnspecified`, which is correct and says the `root` certificate is installed, and informs you that the config profile is being enforced. If the validation routine returns a 5 (`kSecTrustResultRecoverableTrustFailure`) this means the root cert is not installed and as such the password policy is undetermined. Knowing this, the app developer can decide to degrade functionality or exit the app altogether. 72 | 73 | 74 | Big help from this blog posting: 75 | http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl 76 | 77 | First we generate a 4096-bit long RSA key for our root CA and store it in file `ca.key`: 78 | 
 79 | openssl genrsa -out ca.key 4096
 80 |
81 | 82 | If you want to password-protect this key, add option `-des3`. Next, we create our self-signed root CA certificate `ca.crt`; you’ll need to provide an identity for your root CA. The `-x509` option is used for a self-signed certificate. 1826 days gives us a cert valid for 5 years. 83 | 84 | 
 85 | ## ROOT CERT
 86 | openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
 87 | 
 88 | Country Name (2 letter code) [AU]:US
 89 | State or Province Name (full name) [Some-State]:Massachusetts
 90 | Locality Name (eg, city) []:Bedford
 91 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:MITRE
 92 | Organizational Unit Name (eg, section) []:iMAS
 93 | Common Name (eg, YOUR name) []:Fred Smith
 94 | Email Address []:f@smith.com
 95 | [  ~/projs/imas/certs ] $ ll
 96 | total 16
 97 | -rw-r--r--  1   staff  2317 Nov  8 10:48 ca.crt
 98 | -rw-r--r--  1   staff  3243 Nov  8 10:46 ca.key
 99 |
100 | 101 | Next step: create our subordinate CA that will be used for the actual signing. First, generate the key: 102 | 
103 | ## INTERMEDIATE / LEAF / Derived Cert
104 | openssl genrsa -out ia.key 4096
105 | 
106 | ## Then, request a certificate signing request (CSR) for this subordinate CA:
107 | openssl req -new -key ia.key -out ia.csr
108 | 
109 | Country Name (2 letter code) [AU]:US
110 | State or Province Name (full name) [Some-State]:Massachusetts
111 | Locality Name (eg, city) []:Bedford
112 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:MITRE
113 | Organizational Unit Name (eg, section) []:iMAS sub cert
114 | Common Name (eg, YOUR name) []:Tom Smith
115 | Email Address []:t@smith.com
116 | 
117 | Please enter the following 'extra' attributes
118 | to be sent with your certificate request
119 | A challenge password []:mitre1
120 | An optional company name []:      
121 | [  ~/projs/imas/certs ] $ ll
122 | total 32
123 | -rw-r--r--  1   staff  2317 Nov  8 10:48 ca.crt
124 | -rw-r--r--  1   staff  3243 Nov  8 10:46 ca.key
125 | -rw-r--r--  1   staff  1785 Nov  8 10:52 ia.csr
126 | -rw-r--r--  1   staff  3239 Nov  8 10:50 ia.key
127 |
128 | 129 | Next step: process the request for the subordinate CA certificate and get it signed by the root CA 130 | 
131 | openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt
132 |
133 | 134 | The cert will be valid for 2 years (730 days) and I decided to choose my own serial number 01 for this cert (`-set_serial 01`). For the root CA, I let OpenSSL generate a random serial number. 135 | 136 | 
137 | Signature ok
138 | subject=/C=US/ST=Massachusetts/L=Bedford/O=MITRE/OU=iMAS sub cert/CN=Tom Smith/emailAddress=t@smith.com
139 | Getting CA Private Key
140 | [  ~/projs/imas/certs ] $ lr
141 | total 40
142 | drwxr-xr-x  29 staff   986 Nov  2 15:07 ..
143 | -rw-r--r--   1 staff  3243 Nov  8 10:46 ca.key
144 | -rw-r--r--   1 staff  2317 Nov  8 10:48 ca.crt
145 | -rw-r--r--   1 staff  3239 Nov  8 10:50 ia.key
146 | -rw-r--r--   1 staff  1785 Nov  8 10:52 ia.csr
147 | -rw-r--r--   1 staff  1984 Nov  8 10:54 ia.crt
148 | 
149 | 
150 | ## Display the contents of a certificate:
151 | openssl x509 -in ca.crt -noout -text
152 | 
153 | ## convert PEM to DER
154 | openssl x509 -in ca.crt -inform PEM -out ca.der -outform DER
155 | openssl x509 -in ca.der -inform DER -noout -text
156 | mv ca.der iMAS_RootCA.der
157 | 
158 | openssl x509 -in ia.crt -inform PEM -out ia.der -outform DER
159 | openssl x509 -in ia.der -inform DER -noout -text
160 | mv ia.der passcodeCheckCert.der
161 |
162 | 163 | 164 | ## License 165 | 166 | Copyright 2012 The MITRE Corporation, All Rights Reserved. 167 | 168 | Licensed under the Apache License, Version 2.0 (the "License"); 169 | you may not use this work except in compliance with the License. 170 | You may obtain a copy of the License at 171 | 172 | http://www.apache.org/licenses/LICENSE-2.0 173 | 174 | Unless required by applicable law or agreed to in writing, software 175 | distributed under the License is distributed on an "AS IS" BASIS, 176 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 177 | See the License for the specific language governing permissions and 178 | limitations under the License. 179 | 180 | 181 | -------------------------------------------------------------------------------- /certs/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGgzCCBGugAwIBAgIJAMj1TW/koO9oMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD 3 | VQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEQMA4GA1UEBxMHQmVkZm9y 4 | ZDEOMAwGA1UEChMFTUlUUkUxDTALBgNVBAsTBGlNQVMxEzARBgNVBAMTCkZyZWQg 5 | U21pdGgxGjAYBgkqhkiG9w0BCQEWC2ZAc21pdGguY29tMB4XDTEyMTEwODE1NDgy 6 | OVoXDTE3MTEwODE1NDgyOVowgYcxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNz 7 | YWNodXNldHRzMRAwDgYDVQQHEwdCZWRmb3JkMQ4wDAYDVQQKEwVNSVRSRTENMAsG 8 | A1UECxMEaU1BUzETMBEGA1UEAxMKRnJlZCBTbWl0aDEaMBgGCSqGSIb3DQEJARYL 9 | ZkBzbWl0aC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2rpwL 10 | ZpnUVVj99Y4U96hAceEzJUpn4W97WZ7DMHNfUO0xnlE4RtM7qLxK5Hz9O2LnAtWA 11 | NKoJxDF9nEZCKbxxV6XoFjHmDG8UsM6K2HA6CqDFWrQdQfsbLaTHgZuzYa94HmgG 12 | EPK2xXA0CrXJMqnv4KeBZmIj/fG3m5AYezahrbGdcVbbJWMfc4q4cQf0cZtRRIgQ 13 | ULXDmPjsqp03kSJytWhbjkjUlGe8aTbcyPRpENJXl3BrUwUUmAufcRm44Hd0ybrf 14 | SJZ5TJeCUpTO2nNf8E3FkC7L0mvhwGSm0yoBVBHDvaFLXkMGE3bWm7xmcx1BCd9m 15 | /73U4eWfGbCzlbScue6Xa/bKLf6lwIuqAfS1TC92ELAWgINCaBwVZRldG5XY2zOz 16 | iKJpuORtFOpMQWj4EixdQzcYdMAqm1bEW9eRoHBxdxJfdzb0i5hyhYS15H+M1dLC 17 | M+e1fmiRsENifcGlTo7/DLMY1Jm14aAxqFc7YUD4cqoCZTVukZZHyiJ5/UlY9w4H 18 | tHh3TnKAO70VRBHWL+eMpgOpC72/o6UZ9bcSUTkhf2rqJVK20LicQVhEuhwdGDwe 19 | 1OQTLyt3FOg2cxradyB2C0ejdl3Jc3DRzaffW3oqr+W2Ypdb9CH5IsM2WlM92X3h 20 | qCN5imI+iNGE3Gu3hhGQRHJ6xMKcjMGPXHXlxQIDAQABo4HvMIHsMB0GA1UdDgQW 21 | BBTKu94oBP4q/gM4qwlXNq+BU1eSCDCBvAYDVR0jBIG0MIGxgBTKu94oBP4q/gM4 22 | qwlXNq+BU1eSCKGBjaSBijCBhzELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3Nh 23 | Y2h1c2V0dHMxEDAOBgNVBAcTB0JlZGZvcmQxDjAMBgNVBAoTBU1JVFJFMQ0wCwYD 24 | VQQLEwRpTUFTMRMwEQYDVQQDEwpGcmVkIFNtaXRoMRowGAYJKoZIhvcNAQkBFgtm 25 | QHNtaXRoLmNvbYIJAMj1TW/koO9oMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF 26 | BQADggIBAIqBFAMo3XnCt4pPZlsXKFFOxAYveB01KXjZDLk/n/1aLEvOHZOoEgC2 27 | cNNyuY5KEADEiMLRv+TjVQK5zX7/BRogmRIiiLk7UlCXYBno83y1Oz8dFLaPSuEH 28 | 6NetaPuGoPojiPlCM9au8P1/PVUJlDtXaCPRZ/NguwrZkoVd+JGa/Sd8RM3ATGmW 29 | WUJll7vrx+nWGz1521mU0MhjP7+x3T2ovF1ZhFbA9/Od5GXCaRug9nPH4dGo0dyn 30 | dWpTd/OOmUIDRKuTTYUJvJ+vhygcwZL4Hj5Qri8+stE+d7bqdMpNkw3jNxK0h9yX 31 | nV8KhI1gj3VBSz/l6aXUGSVZw0KyRxZRJtif7Mlz89x2RE//u4r7UD+tKyYv/XfA 32 | 3Hh7QfUWJqt1cp83C4Z6AedMQxwnc0pOUk4hasMhLWiU0X2gp9tAx8IZvS5bY4Dt 33 | uH2e+Az1aUxXQSr22URxgPjwtT8qUTRh2XYDgCtms4ikOHTqN/JCgA3aEVc0+gpS 34 | bxbFlAH8AhLpB4X/JBNfzjQVcCvWgpbdi65u1zwVMtR2ysm64jAUPkD0/MB6loru 35 | lO6TQdD+iBJkzS2IGxzWSKsIJQYHnJozPO932DXokQANnNTARDaJfA4QaSrB8pHd 36 | LFEn64qRb6iDzt8Kl6k5HE4UFPvrLsDHTza58XN7HIous/reQvvD 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /certs/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKQIBAAKCAgEAtq6cC2aZ1FVY/fWOFPeoQHHhMyVKZ+Fve1mewzBzX1DtMZ5R 3 | OEbTO6i8SuR8/Tti5wLVgDSqCcQxfZxGQim8cVel6BYx5gxvFLDOithwOgqgxVq0 4 | HUH7Gy2kx4Gbs2GveB5oBhDytsVwNAq1yTKp7+CngWZiI/3xt5uQGHs2oa2xnXFW 5 | 2yVjH3OKuHEH9HGbUUSIEFC1w5j47KqdN5EicrVoW45I1JRnvGk23Mj0aRDSV5dw 6 | a1MFFJgLn3EZuOB3dMm630iWeUyXglKUztpzX/BNxZAuy9Jr4cBkptMqAVQRw72h 7 | S15DBhN21pu8ZnMdQQnfZv+91OHlnxmws5W0nLnul2v2yi3+pcCLqgH0tUwvdhCw 8 | FoCDQmgcFWUZXRuV2Nszs4iiabjkbRTqTEFo+BIsXUM3GHTAKptWxFvXkaBwcXcS 9 | X3c29IuYcoWEteR/jNXSwjPntX5okbBDYn3BpU6O/wyzGNSZteGgMahXO2FA+HKq 10 | AmU1bpGWR8oief1JWPcOB7R4d05ygDu9FUQR1i/njKYDqQu9v6OlGfW3ElE5IX9q 11 | 6iVSttC4nEFYRLocHRg8HtTkEy8rdxToNnMa2ncgdgtHo3ZdyXNw0c2n31t6Kq/l 12 | tmKXW/Qh+SLDNlpTPdl94agjeYpiPojRhNxrt4YRkERyesTCnIzBj1x15cUCAwEA 13 | AQKCAgEAqPZQn37TEn+p4qHmOuBgvtJVTt/TtMbePIFEhRXf763C5FyglGN1Zb2I 14 | AeDY9cKilDWb0ItlJclPWPVcSj+d6lr9uO4mUrb3WnS5Y9QR4K0Jy987rb/kB1wt 15 | BtWKc9wK1heRcOLmCkQMpiWtwxxX7uSjKNzQMqfilEaOfQYhHmKvX4Z/pgsrZeCQ 16 | 0kzA5cbZt82h5y0vIGzw9rxK0yUqblv43I16MRvd4naR5pz66d5EHf2UXb+YeFa0 17 | kVCjUMpT0jHu5CuX+TLtAv1sYvHLOlXhKLRVg/DoFRHERkQSms3t7FQMxc+2P/1q 18 | sc2y8DLSQOBnvzUUl7wjjAbP1xnExItrnuGyO55dsbZ/N4Z1ZlUhBRFlNxmUNelc 19 | 6qt2sLHCdNKwRycqY6IaeTixe4yDo9UqgUHqCc2r8V2DPXiXEN4tkXfBP9ETLvbU 20 | AxQcRHVdA0DgtYg+Y+4jhdZXWKvY2ThMRYWIgCuDoWZT6qjn5yMG5ubMM+wuONSJ 21 | Bj7eGQdsYmt6VwPrBgbEw6Ne16iLxYFGOWunwfZDvoN/xj1umEtQ3AsnGK2SsuqV 22 | +pZTr8PVY7FwV4UvAOylOfD1CSlR9Xm06O7DJKJgN5+6PQMbhNbVkbir5+pAOTs6 23 | RbaHQ5fQrMwyVRv/nY8Lm76NvEZdztnp9f3/KRbjNpPNVxe7bCECggEBAOg0CwQ8 24 | fFEBPk/Rp+1A4IdPvz+SFiGWpP1UOxErNQkHUtKO9O2a7IEVjYNGLtW2fQeub4Z8 25 | 2vbemt0adOhFHXY0xIqZ1chKJFHqkh3MbtlgTzfq4Hn5FE4TnO8eiMkG3adUjaIN 26 | pEYaGH+nliRBEmUG8Ep/K6DF1PW5Zp54M3aCG4iMiMt0605WB4zH4n1m4zP+nsZp 27 | lqrpJyQIYVqE3nwRxdPIKY2mBwuUUgOHWiB29YuaazdeDF8OBWJmWjkQRjF1YLc9 28 | IR9fSca2JWmhvTiU9fuzHGKWlzlx24jyVFD+5gYm7hz3jB3LwPT7YOqGHn+fr119 29 | jkFF7U9jfWMaH90CggEBAMlnWufnDKxCW9rUrtGAGqWU1kiS/+PkSvQIX4xnXeXE 30 | ZhMp3baOEEybl3mkEC9EsDFordcInmthKpzHl9qAgKK1Et/qe2x+3KAGPzYEhiJB 31 | dcnHRGBKkmNKCesbTSJf7jhycQmM/7zrITC0P3oGK5MRk5FP5WIARqd/szu85H/s 32 | B8yxQGldyKYlThTnZFpF4i7ohmjfnqhZsS/0MDhH9U9k/yuE3lBT1DMhsSA4wqp7 33 | q5Xjnsmibr5IhSUp4fGUkPQ4Be1QxqjBT3k627QpCRpVNAkcOCtGb22EKtveoj3z 34 | nMs4xiY+E8C0QxMX36+usnjh24e8X1wV/Kd2mIa88wkCggEAKcw8c23D3vz/T3To 35 | 6n80K4dCYNoWG8O3PVatL0D80fw8f2R2WFL74ZyUlZ3LjnLD/N78elP9QlT9wXEi 36 | vDC8xetnuZ9JaT1XXluAI9cJ2R1KBUHFWI9qhUdoh26SpsUSny1MNXCJMok+AbSU 37 | BUClZAQkuvQ7UTxrQjQ2ca4nbVysQh8x/JW2SaqYv1G3xmT/3vslb4fQNEG15vmP 38 | NLEYL3MvjhjIyhOpzv7K6JGzuoZPWurYA+ZtCatHctgDw6PXTs3XNATP8oq/iAJ/ 39 | p40St52wzbcHFAQRgqipIPSmEtJfa5oUYKh60147BJ4/atfro4OGGKkiM0O4HQNG 40 | rdElDQKCAQEAxoCwr1ohOnKY9+ChgOji2ooMfTEtNh6e5VCPY+HJQRnGhWLBHBl+ 41 | 5RKBRCm4re3kPn5uwD7FbQ4yop1yBLCcmEEhnkIMbc3Hg41EpeflkEO2ZS6aLNGy 42 | 4Ftr1SZuas/kCgx5brFiqX+RkeBFo+4K6oPrTtBRQ7sD6DjLnbg5+f7XXR7iXjdJ 43 | +L9R6vZ5CSRRnmwddaXZSRJFuf7Ru9boZ90iRnFJcCB/R/oQCrMG4mLLpgrXSOJo 44 | hfESEaPrBmCoUZwZ82Gmu1L0Eoc5XaMITsTlaYk/rx9X2bfnShdvDuJZik6ltbF/ 45 | ZHIGnf3swMnNK6ln5qt5zVf6Uc9o23vFiQKCAQBKzUCFyWFrHmPv/3LPKqLPfgXo 46 | aX00k7Vmu4a856vGAYI8zMQjW9LZOMCvqTTFQYuh8qeNQZh5da5sej3HsXR2ume1 47 | dPWWRq3hn59CAiW8crGID/VshSd0BltNIGgR+a50zcR2qQxHlBgk4/TZkrqBMEb6 48 | vxJPReWuIGQCjmfJnEH9NnrfJFovT1aDeOYz3PFayhc1O5s9f8BY9Us/FHqchuay 49 | SvEB4ib+DQiRLOXMdtalsJCjjWw2xdOYpuq4iDGjTxGkv/6N6q0n4C5XDz4YdJzr 50 | orOv3Jpo/lVPzhghYRMxYn1v8vVPFWEv39KcUjsaaI9yuuqm35GGiTNJCoNd 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /certs/iMAS_PasscodeCheckConfigProfile.mobileconfig: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | PayloadContent 6 | 7 | 8 | PayloadDescription 9 | Configures security-related items. 10 | PayloadDisplayName 11 | Passcode 12 | PayloadIdentifier 13 | com.imas.profile.passcodepolicy 14 | PayloadOrganization 15 | 16 | PayloadType 17 | com.apple.mobiledevice.passwordpolicy 18 | PayloadUUID 19 | 96B6C1B7-C087-4614-8F9C-B06857E0F198 20 | PayloadVersion 21 | 1 22 | allowSimple 23 | 24 | forcePIN 25 | 26 | maxGracePeriod 27 | 5 28 | minLength 29 | 6 30 | 31 | 32 | PayloadCertificateFileName 33 | iMAS_RootCA.der 34 | PayloadContent 35 | 36 | MIIGgzCCBGugAwIBAgIJAMj1TW/koO9oMA0GCSqGSIb3DQEBBQUA 37 | MIGHMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0 38 | czEQMA4GA1UEBxMHQmVkZm9yZDEOMAwGA1UEChMFTUlUUkUxDTAL 39 | BgNVBAsTBGlNQVMxEzARBgNVBAMTCkZyZWQgU21pdGgxGjAYBgkq 40 | hkiG9w0BCQEWC2ZAc21pdGguY29tMB4XDTEyMTEwODE1NDgyOVoX 41 | DTE3MTEwODE1NDgyOVowgYcxCzAJBgNVBAYTAlVTMRYwFAYDVQQI 42 | Ew1NYXNzYWNodXNldHRzMRAwDgYDVQQHEwdCZWRmb3JkMQ4wDAYD 43 | VQQKEwVNSVRSRTENMAsGA1UECxMEaU1BUzETMBEGA1UEAxMKRnJl 44 | ZCBTbWl0aDEaMBgGCSqGSIb3DQEJARYLZkBzbWl0aC5jb20wggIi 45 | MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2rpwLZpnUVVj9 46 | 9Y4U96hAceEzJUpn4W97WZ7DMHNfUO0xnlE4RtM7qLxK5Hz9O2Ln 47 | AtWANKoJxDF9nEZCKbxxV6XoFjHmDG8UsM6K2HA6CqDFWrQdQfsb 48 | LaTHgZuzYa94HmgGEPK2xXA0CrXJMqnv4KeBZmIj/fG3m5AYezah 49 | rbGdcVbbJWMfc4q4cQf0cZtRRIgQULXDmPjsqp03kSJytWhbjkjU 50 | lGe8aTbcyPRpENJXl3BrUwUUmAufcRm44Hd0ybrfSJZ5TJeCUpTO 51 | 2nNf8E3FkC7L0mvhwGSm0yoBVBHDvaFLXkMGE3bWm7xmcx1BCd9m 52 | /73U4eWfGbCzlbScue6Xa/bKLf6lwIuqAfS1TC92ELAWgINCaBwV 53 | ZRldG5XY2zOziKJpuORtFOpMQWj4EixdQzcYdMAqm1bEW9eRoHBx 54 | dxJfdzb0i5hyhYS15H+M1dLCM+e1fmiRsENifcGlTo7/DLMY1Jm1 55 | 4aAxqFc7YUD4cqoCZTVukZZHyiJ5/UlY9w4HtHh3TnKAO70VRBHW 56 | L+eMpgOpC72/o6UZ9bcSUTkhf2rqJVK20LicQVhEuhwdGDwe1OQT 57 | Lyt3FOg2cxradyB2C0ejdl3Jc3DRzaffW3oqr+W2Ypdb9CH5IsM2 58 | WlM92X3hqCN5imI+iNGE3Gu3hhGQRHJ6xMKcjMGPXHXlxQIDAQAB 59 | o4HvMIHsMB0GA1UdDgQWBBTKu94oBP4q/gM4qwlXNq+BU1eSCDCB 60 | vAYDVR0jBIG0MIGxgBTKu94oBP4q/gM4qwlXNq+BU1eSCKGBjaSB 61 | ijCBhzELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0 62 | dHMxEDAOBgNVBAcTB0JlZGZvcmQxDjAMBgNVBAoTBU1JVFJFMQ0w 63 | CwYDVQQLEwRpTUFTMRMwEQYDVQQDEwpGcmVkIFNtaXRoMRowGAYJ 64 | KoZIhvcNAQkBFgtmQHNtaXRoLmNvbYIJAMj1TW/koO9oMAwGA1Ud 65 | EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggIBAIqBFAMo3XnCt4pP 66 | ZlsXKFFOxAYveB01KXjZDLk/n/1aLEvOHZOoEgC2cNNyuY5KEADE 67 | iMLRv+TjVQK5zX7/BRogmRIiiLk7UlCXYBno83y1Oz8dFLaPSuEH 68 | 6NetaPuGoPojiPlCM9au8P1/PVUJlDtXaCPRZ/NguwrZkoVd+JGa 69 | /Sd8RM3ATGmWWUJll7vrx+nWGz1521mU0MhjP7+x3T2ovF1ZhFbA 70 | 9/Od5GXCaRug9nPH4dGo0dyndWpTd/OOmUIDRKuTTYUJvJ+vhygc 71 | wZL4Hj5Qri8+stE+d7bqdMpNkw3jNxK0h9yXnV8KhI1gj3VBSz/l 72 | 6aXUGSVZw0KyRxZRJtif7Mlz89x2RE//u4r7UD+tKyYv/XfA3Hh7 73 | QfUWJqt1cp83C4Z6AedMQxwnc0pOUk4hasMhLWiU0X2gp9tAx8IZ 74 | vS5bY4DtuH2e+Az1aUxXQSr22URxgPjwtT8qUTRh2XYDgCtms4ik 75 | OHTqN/JCgA3aEVc0+gpSbxbFlAH8AhLpB4X/JBNfzjQVcCvWgpbd 76 | i65u1zwVMtR2ysm64jAUPkD0/MB6lorulO6TQdD+iBJkzS2IGxzW 77 | SKsIJQYHnJozPO932DXokQANnNTARDaJfA4QaSrB8pHdLFEn64qR 78 | b6iDzt8Kl6k5HE4UFPvrLsDHTza58XN7HIous/reQvvD 79 | 80 | PayloadDescription 81 | Provides device authentication (certificate or identity). 82 | PayloadDisplayName 83 | Fred Smith 84 | PayloadIdentifier 85 | com.imas.profile.credential 86 | PayloadOrganization 87 | 88 | PayloadType 89 | com.apple.security.root 90 | PayloadUUID 91 | BF715416-8117-4ED0-AB1A-80517667EA96 92 | PayloadVersion 93 | 1 94 | 95 | 96 | PayloadDescription 97 | Enforces a 6 digit passcode. 98 | PayloadDisplayName 99 | iMAS PasscodeCheck Config Profile 100 | PayloadIdentifier 101 | com.imas.profile 102 | PayloadOrganization 103 | 104 | PayloadRemovalDisallowed 105 | 106 | PayloadType 107 | Configuration 108 | PayloadUUID 109 | EA3EB42B-9C7F-45F7-95ED-B21FB24EEBA7 110 | PayloadVersion 111 | 1 112 | 113 | 114 | -------------------------------------------------------------------------------- /certs/iMAS_RootCA.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/certs/iMAS_RootCA.der -------------------------------------------------------------------------------- /certs/ia.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFjDCCA3QCAQEwDQYJKoZIhvcNAQEFBQAwgYcxCzAJBgNVBAYTAlVTMRYwFAYD 3 | VQQIEw1NYXNzYWNodXNldHRzMRAwDgYDVQQHEwdCZWRmb3JkMQ4wDAYDVQQKEwVN 4 | SVRSRTENMAsGA1UECxMEaU1BUzETMBEGA1UEAxMKRnJlZCBTbWl0aDEaMBgGCSqG 5 | SIb3DQEJARYLZkBzbWl0aC5jb20wHhcNMTIxMTA4MTU1NDA4WhcNMTQxMTA4MTU1 6 | NDA4WjCBjzELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEDAO 7 | BgNVBAcTB0JlZGZvcmQxDjAMBgNVBAoTBU1JVFJFMRYwFAYDVQQLEw1pTUFTIHN1 8 | YiBjZXJ0MRIwEAYDVQQDEwlUb20gU21pdGgxGjAYBgkqhkiG9w0BCQEWC3RAc21p 9 | dGguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzBMcoGKCtJB8 10 | fGGdeFNhLzmZojI4K1T71XdOEioGNphgyRgDUqLTDaIlH/uwkoic6FOfNTerSfwB 11 | QjON+6V446sMkiZJ61EhjcIDMjWRH6mrp/BaDGRxHWrB3s+wRr4hd3A1dPA2f6K8 12 | DV2gPCOEXK5g58r1DOYkQWrBHnmn4TQ9hafAc0e26hXMdcH4iMbN0zp4XWuIt++C 13 | mbAM1RQUmEiY8RqZ7oaou7brPb3PiZapGTTxeHfucys0T52VnYEhe/+t2Yy1E4rV 14 | K2uiin/jhiY8/1AcNl/lIcC/Bo1JX8BsuqfMstZay2libAK9+pwKQoK1HfmTgmcw 15 | g03p5ERfNG9PKToL1ahi3h5NegEXDy3j8VhZ2pWwKZKiT1QCSWmfyZCKyoOwgNHj 16 | 2sGBYVKiTloHmyQ0mT18AWPB9wOh8UmEmb/pRebvrEe39M0IUwQAzea8fe3KT6uy 17 | MbplE0BvWKPKi4GzBGS4WPcOhVKRhzB1pi+diZO0OImRZXYjpO64wxs8PuoEdM5+ 18 | hIahzKwPLVA3vtbk+bZE5TRh4hTOXHHU/XVoviED8Al5aWQ+JLvWrZEExU+3ejZU 19 | 1kzhKGUEByIbWUWn6XcmnKrzUJaP2EdZhjlvuB4PYhLaUHqMsZpaMfGT2VHN+CFj 20 | I3HxNW42J1ksC6TlIk9WmQalX+KF6Z8CAwEAATANBgkqhkiG9w0BAQUFAAOCAgEA 21 | NyDRhhjQp25Pmd+heyWIMJXHZ4k+r0OkrT2gjoR+uc3NxWy9GCJxryiP72NvuoDY 22 | tC8EyBtRuM+04Q+Szy+Vt/282nz/J/t9SHof4+isjsPZil30+8o2CmvZ3WxL7J6l 23 | pbaoKOnZ4T/DThKvzHivvHpfh7obteWkMCJDiGGLiE5rSbW5/gAtT0Rpt4fiY4mS 24 | yAWKYx3PZBZYhHOTr25MrzsHQYmSzfW8WMe2Z0fjQN0LDZmjmkPWBi3g5qXboqZn 25 | gbYv/oyJC3ttW8WJDjV0n/8sPteELqIKS6POSGPXIdWvtXDj5HrXeugqX8BxxzBw 26 | A32c+wIKGPxu3EMTlFZpPffYuya/CDrEKcaT6gK+4/Jp3Na3yk8W5dRTOPhX8WYN 27 | GOUFKggLXUB/s9z4FVoOIPxfb14SJAeWIknuX8VaFZ1flMBjhOvBGX6tKA2jlwQj 28 | VmC+QJX9fYKc351Px+9xS4EUMHS79G9lC56Kl+ULjjjQtW2J/AVcMTaEHQeHmjX2 29 | DuwKV6hNsxAubHA48gAc8R8GYIBvbRdHOVR/L/vIgZvQzWsBttD+K7A5BWQ0MxP+ 30 | IuuEPqbIFD7Cz4ikg80ftXU930vffepXORG8mlLHKVyyxEf5iuEPVV/AUTG/YF8a 31 | dk5I+P0TOj2RRT7xkz7p+PHXWaRYB4e9pK7sulLvOWM= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /certs/ia.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIE7DCCAtQCAQAwgY8xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl 3 | dHRzMRAwDgYDVQQHEwdCZWRmb3JkMQ4wDAYDVQQKEwVNSVRSRTEWMBQGA1UECxMN 4 | aU1BUyBzdWIgY2VydDESMBAGA1UEAxMJVG9tIFNtaXRoMRowGAYJKoZIhvcNAQkB 5 | Fgt0QHNtaXRoLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMwT 6 | HKBigrSQfHxhnXhTYS85maIyOCtU+9V3ThIqBjaYYMkYA1Ki0w2iJR/7sJKInOhT 7 | nzU3q0n8AUIzjfuleOOrDJImSetRIY3CAzI1kR+pq6fwWgxkcR1qwd7PsEa+IXdw 8 | NXTwNn+ivA1doDwjhFyuYOfK9QzmJEFqwR55p+E0PYWnwHNHtuoVzHXB+IjGzdM6 9 | eF1riLfvgpmwDNUUFJhImPEame6GqLu26z29z4mWqRk08Xh37nMrNE+dlZ2BIXv/ 10 | rdmMtROK1Stroop/44YmPP9QHDZf5SHAvwaNSV/AbLqnzLLWWstpYmwCvfqcCkKC 11 | tR35k4JnMINN6eREXzRvTyk6C9WoYt4eTXoBFw8t4/FYWdqVsCmSok9UAklpn8mQ 12 | isqDsIDR49rBgWFSok5aB5skNJk9fAFjwfcDofFJhJm/6UXm76xHt/TNCFMEAM3m 13 | vH3tyk+rsjG6ZRNAb1ijyouBswRkuFj3DoVSkYcwdaYvnYmTtDiJkWV2I6TuuMMb 14 | PD7qBHTOfoSGocysDy1QN77W5Pm2ROU0YeIUzlxx1P11aL4hA/AJeWlkPiS71q2R 15 | BMVPt3o2VNZM4ShlBAciG1lFp+l3Jpyq81CWj9hHWYY5b7geD2IS2lB6jLGaWjHx 16 | k9lRzfghYyNx8TVuNidZLAuk5SJPVpkGpV/ihemfAgMBAAGgFzAVBgkqhkiG9w0B 17 | CQcxCBMGbWl0cmUxMA0GCSqGSIb3DQEBBQUAA4ICAQAz1dME+4F3lu41DyVvWaKB 18 | +5ZweE2se+VRNMr4uHQhk/26aNXZ0uKxgpGU/2yRF8QZyiWvtNEWQ20ng8euXzRg 19 | twoIXwkL3b45SjC0xfZ/CAYdlaeb5r99lTn5tyvOIhLJmwNEBAdOXtUGFynRwqPW 20 | EopJBMCGW6mEum18saTOOitfKafL49dqfemMjayGy2JpxNGXuxUV3kKuItzjZjm0 21 | ugEgAPLAzuTSq6sQDORItZ9ACWN3Sgxt3OanYW9FiSHpwwMezUmmC/pbw0gMOkCI 22 | QM8f6wD//0Tmkbf6Go0aorOLPs92tzGmA6tsE8mxUWiFGUWIPn4V/ZIgctcnXyKc 23 | J6EW+J66FNQ3AHuoGBBJ2L2kER/ig6PnLJBZlKeyrTdUlf/jtt70DMD0PYTaeRz+ 24 | kxHo9vGdJcKzMsmYG3QJnHdqzGmD4l7aCwN3+XduX2gyxxbW8EYigudb0rgIcUuz 25 | 52IfBw263mOPsv+U/4Iwvz6YvuLa8HOhWjdLxCcyz3oMWnGcQ7VWymlRxHhB6Wja 26 | jrDNE3DFQmiDKYOxmq8w867XJgVEZwsstcjLV7zya1ZeHsT3xX64fcegW7caSxWQ 27 | Q+U3V3FEdyU8v7trCrRHJSKtfaAXua/iwqgev60x1YcmU7Im+1QotjthwCTYZHkb 28 | QyZPKCyStMqYRt/GT+c+DQ== 29 | -----END CERTIFICATE REQUEST----- 30 | -------------------------------------------------------------------------------- /certs/ia.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJJgIBAAKCAgEAzBMcoGKCtJB8fGGdeFNhLzmZojI4K1T71XdOEioGNphgyRgD 3 | UqLTDaIlH/uwkoic6FOfNTerSfwBQjON+6V446sMkiZJ61EhjcIDMjWRH6mrp/Ba 4 | DGRxHWrB3s+wRr4hd3A1dPA2f6K8DV2gPCOEXK5g58r1DOYkQWrBHnmn4TQ9hafA 5 | c0e26hXMdcH4iMbN0zp4XWuIt++CmbAM1RQUmEiY8RqZ7oaou7brPb3PiZapGTTx 6 | eHfucys0T52VnYEhe/+t2Yy1E4rVK2uiin/jhiY8/1AcNl/lIcC/Bo1JX8BsuqfM 7 | stZay2libAK9+pwKQoK1HfmTgmcwg03p5ERfNG9PKToL1ahi3h5NegEXDy3j8VhZ 8 | 2pWwKZKiT1QCSWmfyZCKyoOwgNHj2sGBYVKiTloHmyQ0mT18AWPB9wOh8UmEmb/p 9 | RebvrEe39M0IUwQAzea8fe3KT6uyMbplE0BvWKPKi4GzBGS4WPcOhVKRhzB1pi+d 10 | iZO0OImRZXYjpO64wxs8PuoEdM5+hIahzKwPLVA3vtbk+bZE5TRh4hTOXHHU/XVo 11 | viED8Al5aWQ+JLvWrZEExU+3ejZU1kzhKGUEByIbWUWn6XcmnKrzUJaP2EdZhjlv 12 | uB4PYhLaUHqMsZpaMfGT2VHN+CFjI3HxNW42J1ksC6TlIk9WmQalX+KF6Z8CAwEA 13 | AQKCAgEAh/bzy6fWjZb2Wahv0gs7ZMtroLT012n3n3GtgkyddyJu2Yw2KohxNVQi 14 | h/yY2AhNAj00hbBhXxmXfRP8NP06XfVImtcHyNB1Go14s6sc1Yul4m4wkLEa7A6E 15 | vH6DY56pjXolI5Qnu0IhKIaIi4jeVyGXTtfaDI4I+cy2fidvwoubscDiZ+wP4kZD 16 | wvFJNVe/Kkx6hUNwA5x/1wWEhzKpxgwYWgrvJAxzvx1P/gLIk1Ldtv2fJDRDmlfe 17 | smy7kgTG2mau3ZLx0eNdw2AjG0O5w1cWrMQjB9c8QhC5NRRNHo6F4paJu101gPDl 18 | sjDhgmcULtwG78GolelKWTE/8+XZx1UGz8po+LD3j50XgrQO60SwkMOalCeahPpp 19 | OxS7KFRLyvBtQicV1naIwyes1SRYNnQcWKEGodAvOJX135U7u99PxOFWLudV98Rj 20 | exOxXi1OmekoNeoj9XZxrA4/7ikumk+h870xLpOu54Wo9ph9Dpy+Yy25UPvvqXFI 21 | ih2cuvO69VHbUscFoBU0Ls+vU7qkTer4kvNtnrzWE8LTzin8j+Wr1MU4i7dwFoyt 22 | rOLllUkGoSC/Gnkop12ZUoFJCG2CI9XH8AQ5Guzi64U9KZknhpbH9ZUovlGgdzFv 23 | ZSa1W6e3siqblQqgdwhAraQv7Gmjk6RC+o1j24AE80z45G3z74ECggEBAOgOF1pv 24 | eqFgFwmIfI1MAdDMFvqvLHSvmeLgDYI/EpWZlYUpEQOCIkOpwbS8UnBoPAxyPEcZ 25 | vsJFUXlNMoel0HJC7z9xTl1qxG4TxTqUy1JZ6+PF37bEA9+LnS/ZCxLK9aSaHq1N 26 | avRLlaZciRKTBzM2vbmE1uJxrPFmlrTIoY2eLJadRG15vPLd77VHO1Jm6kIklruR 27 | qRlwBymRSgTpIgVpQ/T3bm/y0LFbaQ/YNPn7GpPXU5FpOsb+NXqfnBFTn3ke/6k1 28 | eWzXWG50pWLBZUx2QVE8Xnuds04RqsSf5tGGKoCoisFFQec7fKrdvwXv5BqctQj/ 29 | WiRS47bZ+TFaHw0CggEBAOEh5cbjWXfcCCf1TU7q21fdSQi0ZAIlup8SVhf81D1w 30 | fcyTnW1HbiYa/afVTjJajy6cVNd7FUIsOSAfdtcxZ4G61yXJM96q5yH+noEGI8wH 31 | 1lWAVSAT5oS4t6AlbYfPVHeQ1tY+ga1qEhYoHFLT9rEXgmv8YDR+FNQxNqhc1tFz 32 | RszxUGZyqXEhivICdnaAuAlwsdbXwg7fds1TowzsrMLvpnPjYBuoEfLf2EVH3slK 33 | 3SWzbdlNxpMTLiBsdHYl8AJoqda93RpdAcXfHAP1SW7vlEjs+Wva+f2vp+0dpt+a 34 | j6K+eBW1QrMG+NSZOmiOUpUy8fOd35jcMihq9YU4YFsCggEAP3gjMQwOqXbDtkrL 35 | bkYctQQtQNGKwjuJRoFrkHU52wsP10T9L013m7QhlBJyJeaMjgbsr7G9+BrHhvrz 36 | WCClG6ttDpgqC+j44varWjN6TQLlPv5PCwkf2hOwoXamzbQPbb7tpw7msvy9aKwk 37 | nZzzOjG9wLExqOvYlootrDK35SkfHu7S2XKTmIXVW2qpMgeOCRtC0virHJcEjnz7 38 | ls5BDOPWv3ixjxMFu4y59qh3DOx+P3OEmuACQI0lCW4AXMjXdGRjHt/OX1OjD0r+ 39 | NT2aPEiX4uU1HnBqq26vm2n00tf0Zg4zLVuJA/rERWOzLKeJZzH3Xgehmw/E0q1Z 40 | uALjPQKB/0SYD2qJ2riqUdHa67Mf27Tpt1bvn4kH9dSBwbmNTx1pKOssDss8+FKj 41 | 5qU8WJb/AKEzAKam2dNPphgjfhIS+3aLdwIMS8GMUOAKtECbnkyMFsH2V/luFs5Z 42 | eZlRzg2THilP+CVO5jPwHZKipf6WlpNell5Qhv93auE8HWsu3kTy2p+W5uhQB1Bw 43 | 5+TU20M/9NLrg0PyeS4O6COnWAaYFgtO+WhV3vKOQum9SifRvg+Wv8q84LtU9yvY 44 | rDU01kcpR/dz7EuBjdx6eg/P6rlKAxXJ6WROz7ANCB5DZubYIf//F8R+RBhZIflq 45 | JmagSSuSMZdD7nRLpdTtQlsOO8BbbQKCAQAk4ZdJu7RlVE8KcDi4UBgrVn8LLhSW 46 | H9KsSmHcxOyXUJ2VZxwDUmlg41drl5bTgkvP5aVpOIfgraqzXjrmgEtjGCfh7o9R 47 | vaHgD7r+91QMEVXUK7fwNBOUjMtjgX7/jfAI1T5KZj8F23V/mHkuvAaP4HaPW4jy 48 | UXLeNkYLUF42bRF7qWsvKQby7SrhWkbRGVXJNKS+2J2d4DgEOlJiqt6yxPHKkEIW 49 | EIyghlSXuz+N92fS4oVutvZ7+nyAH2DKES3AM+94PrEbesD5T6ZANJZ41sex/BPT 50 | ELq8kyg3qvgGJPifuCp5+ClkK8jFABMNWDwr+ayt3D9HMYtpgCUylN/K 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /certs/passcodeCheckCert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/certs/passcodeCheckCert.der -------------------------------------------------------------------------------- /passcode-check.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/project-imas/passcode-check/09474b8986f71d5e9216f38a5e5bdd3698e22d30/passcode-check.png --------------------------------------------------------------------------------