Skip to content

Parse device info from attestation certificate (field meaning is based on reverse engineering)#6

Merged
marctrem merged 1 commit intomainfrom
marctrem/parse-device-info-oid
Mar 5, 2026
Merged

Parse device info from attestation certificate (field meaning is based on reverse engineering)#6
marctrem merged 1 commit intomainfrom
marctrem/parse-device-info-oid

Conversation

@marctrem
Copy link
Copy Markdown
Contributor

@marctrem marctrem commented Mar 4, 2026
edited
Loading

Extract device and OS metadata from the undocumented Apple App Attest certificate extension (OID 1.2.840.113635.100.8.7). Adds a DeviceInfo struct to VerifyAttestationOutput with fields for OS version, build, device class, iBoot version, SEP version, platform, and build variant.

Field meanings are reverse-engineered from real attestation payloads and are best-effort. Parsing is lenient — unrecognized or malformed fields are silently skipped, and DeviceInfo is nil when the extension is absent.

@marctrem marctrem requested a review from geffrak March 4, 2026 23:42
@marctrem marctrem changed the title Parse device info from attestation certificate Parse device info from attestation certificate (field meaning is based on reverse engineering) Mar 4, 2026
@marctrem marctrem merged commit b4cf46a into main Mar 5, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geffrak geffrak geffrak approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marctrem @geffrak