I am using this tutorial to install my app with Frida on an Iphone 8: https://www.secjuice.com/objection-frida-guide/
To get the duplicates out of the way:
Building and deploying via Xcode works fine
The app is deleted several times before deploying again
I've focused on doing the magic of re-signing manually, so without Frida yet, it basically comes down to these few commands, I've first archived via xcode to get an ipa file, I know that it is signed with the distribution profile, so I have also tried to get the contents of the debug build (under Products in XCode), zip that as an ipa and go from there.
Get the certificates identities:
security find-identity -p codesigning -v
Use applesign to sign the ipa:
applesign -i E3990....1881149 -m iOS_Development.mobileprovision -o patched_codesign.ipa MyApp.ipa
iOS_Development.mobileprovision is the Development provisioning profile. I've tried to use the one that is available within the debug build (embedded.mobileprovision) and downloaded from the developer portal. I've also tried to use the iOS Distribution provisioning profile in combination with the correct certificate identifier.
Unzip the re-signed ipa: unzip patched_codesign.ipa
Deploy: ios-deploy --bundle Payload/*.app -W -d
Receive the error:
2020-10-27 08:41:40.304 ios-deploy[4282:27558] [ !! ] Error 0xe800003a: The application could not be verified. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)
Just to clarify that I have chosen the right certificate with the correct provisioning profile:
Also used security cms -D -i some.mobileprovision to verify that the provision profile is indeed a development profile as expected.
What am I doing wrong?
Related
I am re-signing a third party vendors app for enterprise distribution. I go through my usual re-signing process and it will install OK on an iOS10 device. However when I run the app it immediately crashes and I see the following in the debug log:
iPad amfid[224] :
/private/var/containers/Bundle/Application/BB77EC6D-32E0-4762-B11B-9894799DD96C/ScannerPro.app/Frameworks/libswiftAVFoundation.dylib
not valid: 0xe8008015: A valid provisioning profile for this
executable was not found
Missing step was
codesign -f -s “iPhone Distribution:[company name]" '--entitlements'
'entitlements.plist' AppName.app/Frameworks/*
After doing this, and then resigning the overall app, the IPA launched successfully on both iOS9 and 10
I started getting a codesign error after a certificate expired. I have an updated certificate and the expired one has been deleted. But somehow, Xcode sets EXPANDED_CODE_SIGN_IDENTITY with the SHA-1 of the expired certificate. Where does it get this value? I assume it must be cached somewhere because there is no certificate in the keychain with the SHA-1 it is trying to use for code signing. I searched the pbxproj file and did not find it, nor did a recursive grep starting from the project root yield any results.
Here are some details about my configuration:
There is no account set up in Xcode
Instead of a developer account, I am using the exported certificate from the Team Agent
Xcode version is 6.1.1
OSX version is 10.10.2
The project identity is set up in Xcode like this:
When I check the keychain, it finds the correct identity:
$ security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) F1326572E0B71C3C8442805230CB4B33B708A2E2 "iPhone Developer: XXX XXX (C395QGL4DK)"
In the build output I see the environment variable set incorrectly:
export EXPANDED_CODE_SIGN_IDENTITY=9F5616A53464FC5C003847ED620357A7BC72ABB1
I have tried to fix it with the following:
Delete the certificate from Keychain Access and re-add it
Set the Access Control of the private key to allow all apps
Delete all provisioning profiles and re-add the one I am using
Delete everything under ~/Library/Developer/Xcode/DerivedData
Delete everything under ~/Library/Caches/com.apple.dt.Xcode
Restart Xcode
Reboot the Mac
I have now run out of ideas for things to try. There are two other developers I work with, and both of them experienced the same problem initially. However, they are working again after doing some of the same steps that I have tried. We are all using the same certificate, the same provisioning file, and the same project settings. It must be a setting or lingering cache that is on my system, but I have not been able to find it.
If I could find out where Xcode sets this environment variable, I can clean it up and everything should be fine again.
I was having the same issue and for me the answer was fairly simple: I was trying to use a provisioning profile that was tied to the old certificate (my guess is that EXPANDED_CODE_SIGN_IDENTITY is pulled from the profile you are trying to use).
Anyway, after creating a new profile on the dev center tied to the new certificate, this stopped happening.
if it helps, I'm using jenkins to build app, so all commands run from console...
So i've turned off CODE_SIGNING_ALLOWED and "overrided" EXPANDED_CODE_SIGN_IDENTITY_NAME and EXPANDED_CODE_SIGN_IDENTITY. For some reason it helped me to build app with proper identities.
xcodebuild -project my.xcodeproj/ -sdk iphoneos \
CODE_SIGNING_REQUIRED=YES \
CODE_SIGNING_ALLOWED=NO \
CODE_SIGN_IDENTITY="My Identity" \
EXPANDED_CODE_SIGN_IDENTITY_NAME="My Identity" \
EXPANDED_CODE_SIGN_IDENTITY=<CODE_SIGN_IDENTITY>
Last one could be obtained with
security find-certificate -a -c "My Identity" -Z|grep ^SHA-1|cut -d " " -f3|uniq
I tried to resign one IPA file (Project is build under HTML 5) using this following scripts,
unzip application.ipa
rm -r "Payload/Application.app/_CodeSignature" "Payload/Application.app/CodeResources" 2> /dev/null | true
cp "/Users/playdom/Desktop/BA/Code/Profiles/something.mobileprovision" "Payload/Application.app/embedded.mobileprovision"
/usr/bin/codesign -f -s "iPhone Distribution: something" --resource-rules "Payload/Application.app/ResourceRules.plist" "Payload/Application.app"
zip -qr "Application.test.ipa" Payload
=========================
And it changes the sign and I can install the Build at my device. But the problem is whenever I tried to start my application it shows the splash screen and crash!!! I checked the IPA with default Profile (I wanted to change...) and it works ok. That means the problem is in the resign process!!!
I tried check the Xcode/Organizer/Console and saw it shows entitlement issue!!. I followed the same script and process with other IPA (Build under Obj C) it works fine. I don't understand what is the issue? Do I need to change the info.plist, Bundle identifier? I tried that but after that it don't even install!!. Any body has any idea?
I don't know how that's supposed to work. You can't run a build that's signed for the App Store distribution on a device. I always take my App Store builds and re-sign them with a development provisioning profile to test them on a device.
I want to build a single window Mac application, which can be used to codesign iOS applications without using XCode.
Many of our clients use "Enterprise License" to distribute their apps. Each year they need to be resigned and its a repetitive work. Their requirements are following
Apps make use of APNS
They don't want to share their Enterprise License
Bundle identifier should be replaceable while signing with their certificate
They have certificates with same name in Keychain
Userinterface has the following fields
Path to the *.ipa file
Path to the *.mobileprovision file
Keychain name (optional incase more than one certificate with same name exists)
Name of the certificate (iPhone Developer : .....)
I was able to codesign application, but APNS is not working after resigning. Or is it not possible to resign applications making use of bundleIdentifier?
And also I would like to add a feature of drop down list of certificates available in Keychain for improved useability. Any pointers would be great help
To enable push notifications, the app ID and provisioning profile will need to have that configured and allowed by Apple (through the portal). You can't enable it for arbitrary provisioning profiles/apps just by resigning.
During codesigning, the entitlements need to have the apns-environment key set to sandbox/production depending on what the app uses. This will then be verified at runtime by iOS. If you are using a third-party signing tool, it should take the apns-environment value from the provisioning profile.
For debugging, you can look at the entitlements for a .app with this command:
codesign -d --requirements - --entitlements - path/to/My.app
You should see an apns-environment value, but only if the provisioning profile had that enabled.
Just spent several hours researching this same issue and discovered the following process. Taking Mike's comments one step further, providing the following command line for others running into the same issue.
I am starting with an xcode release build using a bundle id that has been configured for production push notification.
From the terminal window run the following commands - replacing the "CAPITAL SECTIONS" with your info
codesign -d --entitlements -"NAME OF APP.app" > entitlements.plist
codesign -f -s "SIGNING CERTIFICATE NAME" --resource-rules "NAME OF APP.app/ResourceRules.plist" --entitlements entitlements.plist "NAME OF APP.app"
Hope this helps the next person struggling with this same issue
I went through all related questions here on the site as well blogs but they leave it open that I can re-use the certificates and profiles of customers. There is no problem of course when the distribution and certificate has been generated with the CSR of my server.
I need to build iphone apps on a dedicated server, using the uploaded p12 certificates and mobile provision profiles of customers.
I am facing 2 scenarios :
Distribution for AppStore submissions
Ad-hoc
Regarding 1.) I could import and sign the app as follows :
security import CertificatesVOSX.p12 -k ~/Library/Keychains/login.keychain -P "asdasd" -T /usr/bin/codesign
xcrun -verbose -sdk iphoneos PackageApplication "build/Release-iphoneos/JIOSApp.app" -o /tmp/app.ipa -sign "iPhone Distribution: PUBLISHING LIMITED" -embed JIOSBase.mobileprovision
This went fine but of course iTunes fails to install it. Does this application works for Appstore submissions ?
Then regarding 2.)
As said, usually the customer has their own certs, bound to the original CSR. xcodebuild or xcrun doesn't work here, because of a private key mismatch.
Did anybody could build apps with customer's certs and mobile provision profiles yet ? Seems rather impossible to me.
Thanks,
Guenter
Reference Links :
http://www.iphonedevsdk.com/forum/iphone-sdk-tools-utilities/73719-hudson-continuous-integration-ios.html
Name of Provisioning Profile used to sign an iPhone app?
And the most related one but still not 100% answered : Command line installation of Code Signing certificates, .p12 files, and mobileprovisions