I was playing with an already signed binary, having version CodeDirectory version 20500.
I noticed there are 2 more special slots, up to -7. One of them (-7) was used and the corresponding blog contained some sort of ASN.1 representation of the entitlements.
Also, it has the new magic FADE7172.
My questions are:
- is my analysis from above correct?
- what is this blob used for?
- is it somehow mandatory for 20500? I resigned the binary on Mac, which produced a code signature with version 20400 and these blobs were missing, but I just want to know if I can fiddle with this code signature and just remove the blob.
Btw, I already bought VOL 3 but if all the details for this new blob are updated in the latest version of the book, I am considering buying it again.