Validating iTunes iOS In-App receipt (purchase-info and signature) using command line (openssl)

2
votes

there is about 5% of in-app purchases that doesn't verify with apple (https://buy.itunes.apple.com/verifyReceipt) and error code is 21002. i suspect that "signature" that received with the receipt is not valid (maybe fraud attempt). i have base64_decoded "purchase-info" and all important fields (bid, item-id, product-id etc) looks correct. so, i have downloaded apple root certificates (http://www.apple.com/certificateauthority/) and tried by myself to validate "signature" for "purchase-info" to see how it can be done in command line, but failed all the time.

can someone help me with the set of actions that i need to perform to verify signature of "purchase-info" in command line using openssl for example?

here is receipt generated by SANDBOX purchase that could be verified with apple SANDBOX service using POST request. prior it should be base64_encoded:

{"signature" = "AlMaoeJKrxXOkgKlL6ArGQh4nrJ1z0Dmd6riqhaNQaVS6Oaem8QzP5/RiAXlXri/oSzWHCyI1jCI5VMyGUoOKlqTeaVlW2xZBPDA9keqqQjCCp/R8NsTlkgUr5W4FIkF+Ey/tk8DwQIMZYMyp1BJhjXh3FqMAEbcYuJjGfreqBOlAAADVzCCA1MwggI7oAMCAQICCGUUkU3ZWAS1MA0GCSqGSIb3DQEBBQUAMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEzMDEGA1UEAwwqQXBwbGUgaVR1bmVzIFN0b3JlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDYxNTIyMDU1NloXDTE0MDYxNDIyMDU1NlowZDEjMCEGA1UEAwwaUHVyY2hhc2VSZWNlaXB0Q2VydGlmaWNhdGUxGzAZBgNVBAsMEkFwcGxlIGlUdW5lcyBTdG9yZTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrRjF2ct4IrSdiTChaI0g8pwv/cmHs8p/RwV/rt/91XKVhNl4XIBimKjQQNfgHsDs6yju++DrKJE7uKsphMddKYfFE5rGXsAdBEjBwRIxexTevx3HLEFGAt1moKx509dhxtiIdDgJv2YaVs49B0uJvNdy6SMqNNLHsDLzDS9oZHAgMBAAGjcjBwMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUNh3o4p2C0gEYtTJrDtdDC5FYQzowDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBSpg4PyGUjFPhJXCBTMzaN+mV8k9TAQBgoqhkiG92NkBgUBBAIFADANBgkqhkiG9w0BAQUFAAOCAQEAEaSbPjtmN4C/IB3QEpK32RxacCDXdVXAeVReS5FaZxc+t88pQP93BiAxvdW/3eTSMGY5FbeAYL3etqP5gm8wrFojX0ikyVRStQ+/AQ0KEjtqB07kLs9QUe8czR8UGfdM1EumV/UgvDd4NwNYxLQMg4WTQfgkQQVy8GXZwVHgbE/UC6Y7053pGXBk51NPM3woxhd3gSRLvXj+loHsStcTEqe9pBDpmG5+sk4tw+GK3GMeEN5/+e1QT9np/Kl1nj+aBw7C0xsy0bFnaAd1cSS6xdory/CUvM6gtKsmnOOdqTesbp0bs8sn6Wqs0C9dgcxRHuOMZ2tm8npLUm7argOSzQ==";
"purchase-info" = "ewoJIm9yaWdpbmFsLXB1cmNoYXNlLWRhdGUtcHN0IiA9ICIyMDEzLTEyLTIzIDAyOjIzOjUwIEFtZXJpY2EvTG9zX0FuZ2VsZXMiOwoJInVuaXF1ZS1pZGVudGlmaWVyIiA9ICIwMDAwYjAwOTI3YzgiOwoJIm9yaWdpbmFsLXRyYW5zYWN0aW9uLWlkIiA9ICIxMDAwMDAwMDk3MjAzMjM0IjsKCSJidnJzIiA9ICIxLjEwLjAyMSI7CgkidHJhbnNhY3Rpb24taWQiID0gIjEwMDAwMDAwOTcyMDMyMzQiOwoJInF1YW50aXR5IiA9ICIxIjsKCSJvcmlnaW5hbC1wdXJjaGFzZS1kYXRlLW1zIiA9ICIxMzg3Nzk0MjMwODIyIjsKCSJ1bmlxdWUtdmVuZG9yLWlkZW50aWZpZXIiID0gIjdCNzAxNzYxLUZDMTktNDYxNi05REVFLTUwRjVCNDRDNTUxMCI7CgkicHJvZHVjdC1pZCIgPSAiY2FzaGllcl9pb3NfZGVmYXVsdF81X3QiOwoJIml0ZW0taWQiID0gIjY0MTcwNDMzNCI7CgkiYmlkIiA9ICJIb0ZUZXN0IjsKCSJwdXJjaGFzZS1kYXRlLW1zIiA9ICIxMzg3Nzk0MjMwODIyIjsKCSJwdXJjaGFzZS1kYXRlIiA9ICIyMDEzLTEyLTIzIDEwOjIzOjUwIEV0Yy9HTVQiOwoJInB1cmNoYXNlLWRhdGUtcHN0IiA9ICIyMDEzLTEyLTIzIDAyOjIzOjUwIEFtZXJpY2EvTG9zX0FuZ2VsZXMiOwoJIm9yaWdpbmFsLXB1cmNoYXNlLWRhdGUiID0gIjIwMTMtMTItMjMgMTA6MjM6NTAgRXRjL0dNVCI7Cn0=";
"environment" = "Sandbox";
"pod" = "100";
"signing-status" = "0";}

UPDATE #1: Thanks to Rhythmic Fistman for the lead:

I checked signature from sandbox and it successfully parsed with:

openssl asn1parse -inform der

When I tried to do the same with signature from REAL receipt I got this error: 

base64 -D real.signature.txt | openssl asn1parse -inform der
Error in encoding 28178:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/asn1/asn1_lib.c:150:

Here is the signature from REAL receipt that successfully verifies with Apple but it's signature cannot be parsed with: openssl asn1parse -inform der

Aqzwtl7Vcj9JrOuptPKWkuR1mPgjsA92Da/Wu0Dl4/Lnsb3yhiXry7NcXpMOkY3AxkoMCAK30QvVwYXd51Q4A8idQR2O/dsCTQRx8iOK7ewDctXm6REI2x85KIybGTZGw7eun7jTzfsdVm4kyzgLfD7lZH0AaVojP7k0wDGrleA1AAADVzCCA1MwggI7oAMCAQICCGUUkU3ZWAS1MA0GCSqGSIb3DQEBBQUAMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEzMDEGA1UEAwwqQXBwbGUgaVR1bmVzIFN0b3JlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA5MDYxNTIyMDU1NloXDTE0MDYxNDIyMDU1NlowZDEjMCEGA1UEAwwaUHVyY2hhc2VSZWNlaXB0Q2VydGlmaWNhdGUxGzAZBgNVBAsMEkFwcGxlIGlUdW5lcyBTdG9yZTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrRjF2ct4IrSdiTChaI0g8pwv/cmHs8p/RwV/rt/91XKVhNl4XIBimKjQQNfgHsDs6yju++DrKJE7uKsphMddKYfFE5rGXsAdBEjBwRIxexTevx3HLEFGAt1moKx509dhxtiIdDgJv2YaVs49B0uJvNdy6SMqNNLHsDLzDS9oZHAgMBAAGjcjBwMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUNh3o4p2C0gEYtTJrDtdDC5FYQzowDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBSpg4PyGUjFPhJXCBTMzaN+mV8k9TAQBgoqhkiG92NkBgUBBAIFADANBgkqhkiG9w0BAQUFAAOCAQEAEaSbPjtmN4C/IB3QEpK32RxacCDXdVXAeVReS5FaZxc+t88pQP93BiAxvdW/3eTSMGY5FbeAYL3etqP5gm8wrFojX0ikyVRStQ+/AQ0KEjtqB07kLs9QUe8czR8UGfdM1EumV/UgvDd4NwNYxLQMg4WTQfgkQQVy8GXZwVHgbE/UC6Y7053pGXBk51NPM3woxhd3gSRLvXj+loHsStcTEqe9pBDpmG5+sk4tw+GK3GMeEN5/+e1QT9np/Kl1nj+aBw7C0xsy0bFnaAd1cSS6xdory/CUvM6gtKsmnOOdqTesbp0bs8sn6Wqs0C9dgcxRHuOMZ2tm8npLUm7argOSzQ==

UPDATE #2:

Here is the real receipt that fails verification with 21002:

eyJwb2QiPSIyIjsicHVyY2hhc2UtaW5mbyI9ImV5SmhjSEF0YVhSbGJTMXBaQ0k5SWpVNE5qWXpORE16TVNJN0ltSjJjbk1pUFNJeExqRXdJanNpY0hWeVkyaGhjMlV0WkdGMFpTSTlJakl3TVRNdE1USXRNalVnTURnNk5EZzZOVEFnUlhSakwwZE5WQ0k3SW5GMVlXNTBhWFI1SWowaU1TSTdJbUpwWkNJOUlraHZSaTFUYkc5MGN5STdJblpsY25OcGIyNHRaWGgwWlhKdVlXd3RhV1JsYm5ScFptbGxjaUk5SWpJd01EUTRNalkxTkNJN0luQjFjbU5vWVhObExXUmhkR1V0Y0hOMElqMGlNakF4TXkweE1pMHlOU0F3TURvME9EbzFNQ0JCYldWeWFXTmhMMHh2YzE5QmJtZGxiR1Z6SWpzaWNIVnlZMmhoYzJVdFpHRjBaUzF0Y3lJOUlqRXpPRGM1TmpFek16QTNNekVpT3lKMWJtbHhkV1V0ZG1WdVpHOXlMV2xrWlc1MGFXWnBaWElpUFNKRE1UUXhNa0l4TnkweU9EVXdMVFEwUVRVdFFURTRNeTB5UVRFeVJEWTNPRGhDUmtFaU95SnZjbWxuYVc1aGJDMXdkWEpqYUdGelpTMWtZWFJsTFcxeklqMGlNVE00TnprMk1UTXpNRGN6TVNJN0ltOXlhV2RwYm1Gc0xYUnlZVzV6WVdOMGFXOXVMV2xrSWowaU5EYzBNell3T0RNek9UYzFOVEE1TkRNd01DSTdJbWwwWlcwdGFXUWlQU0kzTnpnMk5qRTFOekFpT3lKdmNtbG5hVzVoYkMxd2RYSmphR0Z6WlMxa1lYUmxMWEJ6ZENJOUlqSXdNVE10TVRJdE1qVWdNREE2TkRnNk5UQWdRVzFsY21sallTOU1iM05mUVc1blpXeGxjeUk3SW5CeWIyUjFZM1F0YVdRaVBTSndjbTl0YjE5cGIzTmZNREE0WHpFMU1GOHlNREF3TUNJN0luUnlZVzV6WVdOMGFXOXVMV2xrSWowaU5EYzBNell3T0RNek9UYzFOVEE1TkRNd01DSTdJbTl5YVdkcGJtRnNMWEIxY21Ob1lYTmxMV1JoZEdVaVBTSXlNREV6TFRFeUxUSTFJREE0T2pRNE9qVXdJRVYwWXk5SFRWUWlPeUoxYm1seGRXVXRhV1JsYm5ScFptbGxjaUk5SWpFME9EbGhPR05rTmpCbVpXVmpPVFUyTjJObU1qSmpNalU1Tm1Wak56RTNaREZoTURrME5qa2lPMzA9Ijsic2lnbmF0dXJlIj0iQXBkeEpkdE53UFUyckE1L2NuM2tJTzFPVGsyNWZlREthMGFhZ3l5UnZlV2xjRmxnbHY2UkY2em5raUJTM3VtOVVjN3BWb2IrUHFaUjJUOHd5VnJITnBsb2YzRFgzSXFET2xXcSs5MGE3WWwrcXJSN0E3ald3dml3NzA4UFMrNjdQeUhSbmhPL0c3YlZxZ1JwRXI2RXVGeWJpVTFGWEFpWEpjNmxzMVlBc3NReEFBQURWekNDQTFNd2dnSTdvQU1DQVFJQ0NHVVVrVTNaV0FTMU1BMEdDU3FHU0liM0RRRUJCUVVBTUg4eEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUtEQXBCY0hCc1pTQkpibU11TVNZd0pBWURWUVFMREIxQmNIQnNaU0JEWlhKMGFXWnBZMkYwYVc5dUlFRjFkR2h2Y21sMGVURXpNREVHQTFVRUF3d3FRWEJ3YkdVZ2FWUjFibVZ6SUZOMGIzSmxJRU5sY25ScFptbGpZWFJwYjI0Z1FYVjBhRzl5YVhSNU1CNFhEVEE1TURZeE5USXlNRFUxTmxvWERURTBNRFl4TkRJeU1EVTFObG93WkRFak1DRUdBMVVFQXd3YVVIVnlZMmhoYzJWU1pXTmxhWEIwUTJWeWRHbG1hV05oZEdVeEd6QVpCZ05WQkFzTUVrRndjR3hsSUdsVWRXNWxjeUJUZEc5eVpURVRNQkVHQTFVRUNnd0tRWEJ3YkdVZ1NXNWpMakVMTUFrR0ExVUVCaE1DVlZNd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFNclJqRjJjdDRJclNkaVRDaGFJMGc4cHd2L2NtSHM4cC9Sd1YvcnQvOTFYS1ZoTmw0WElCaW1LalFRTmZnSHNEczZ5anUrK0RyS0pFN3VLc3BoTWRkS1lmRkU1ckdYc0FkQkVqQndSSXhleFRldngzSExFRkdBdDFtb0t4NTA5ZGh4dGlJZERnSnYyWWFWczQ5QjB1SnZOZHk2U01xTk5MSHNETHpEUzlvWkhBZ01CQUFHamNqQndNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVOaDNvNHAyQzBnRVl0VEpyRHRkREM1RllRem93RGdZRFZSMFBBUUgvQkFRREFnZUFNQjBHQTFVZERnUVdCQlNwZzRQeUdVakZQaEpYQ0JUTXphTittVjhrOVRBUUJnb3Foa2lHOTJOa0JnVUJCQUlGQURBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQUVhU2JQanRtTjRDL0lCM1FFcEszMlJ4YWNDRFhkVlhBZVZSZVM1RmFaeGMrdDg4cFFQOTNCaUF4dmRXLzNlVFNNR1k1RmJlQVlMM2V0cVA1Z204d3JGb2pYMGlreVZSU3RRKy9BUTBLRWp0cUIwN2tMczlRVWU4Y3pSOFVHZmRNMUV1bVYvVWd2RGQ0TndOWXhMUU1nNFdUUWZna1FRVnk4R1had1ZIZ2JFL1VDNlk3MDUzcEdYQms1MU5QTTN3b3hoZDNnU1JMdlhqK2xvSHNTdGNURXFlOXBCRHBtRzUrc2s0dHcrR0szR01lRU41LytlMVFUOW5wL0tsMW5qK2FCdzdDMHhzeTBiRm5hQWQxY1NTNnhkb3J5L0NVdk02Z3RLc21uT09kcVRlc2JwMGJzOHNuNldxczBDOWRnY3hSSHVPTVoydG04bnBMVW03YXJnT1N6UT09Ijsic2lnbmluZy1zdGF0dXMiPSIwIjt9
2
iosopensslin-app-purchasedigital-signature

2 Answers

0
votes

Looking into the signature,

base64 -D signature.b64 | openssl asn1parse -inform der

it looks like a certificate with a little extra in front:

  0:d=0    hl=2 l=    83 prim: INTEGER                     :1AA1E24AAF15CE9202A52FA02B1908789EB275CF40E677AAE2AA168D41A552E8E69E9BC4333F9FD18805E55EB8BFA12CD61C2C88D63088E55332194A0E2A5A9379A5655B6C5904F0C0F647AAA908C20A9FD1F0
 85:d=0    hl=2 l=    19 prim: priv [ 27 ]             
106:d=0    hl=2 l=    50 prim: cont [ 3 ]                
158:d=0    hl=2 l=     9 prim: OBJECT                        :sha1WithRSAEncryption
169:d=0    hl=2 l=     0 prim: NULL                            
171:d=0    hl=2 l= 127 cons: SEQUENCE                    
173:d=1    hl=2 l=    11 cons: SET                             
175:d=2    hl=2 l=     9 cons: SEQUENCE                    
177:d=3    hl=2 l=     3 prim: OBJECT                        :countryName
182:d=3    hl=2 l=     2 prim: PRINTABLESTRING     :US
186:d=1    hl=2 l=    19 cons: SET                             
188:d=2    hl=2 l=    17 cons: SEQUENCE                    
190:d=3    hl=2 l=     3 prim: OBJECT                        :organizationName
195:d=3    hl=2 l=    10 prim: UTF8STRING                :Apple Inc.

That long integer could be the signature, but I can't find the certificate online (Apple iTunes Store Certification Authority). I guess you could extract the public key from the certificate and verify it with openssl dgst -verify... but that wouldn't prove anything.

Although this is very interesting, what the iTunes validator is telling you is that the receipt is invalid and does not correspond to a real transaction - does it matter why?

Update

That long integer at the front isn't actually asn1. For both signatures, skipping 133 bytes gives you the certificate mentioned above:

dd bs=1 if=hiss-sig.der skip=133 > PurchaseReceiptCertificate.cer

Update 2

Looking at the real failing receipt, directly decoding gives a plausible looking purchase info, but the bundle ID looks different to your sandbox one ("bid" = "HoFTest";) and the unique-identifier looks a little small. The signature part has the certificate, still don't know how to interpret those 133 bytes.

0
votes

To sum up, the following will process the signature:

base64 -D signature1.txt | dd bs=1 skip=133 | openssl asn1parse -inform der