I’ve modified an .ipa file by unzipping contents, decrypted and modified a few scripts, and re-zipped. How can I test the new app as quickly as possible to see the new changes, without having to go through code signing (yet)? Do I require to jailbreak my phone or is there any other way I can emulate the new ipa?
Thank you!
Jailbreak
With recent jailbreaks could be not that easy as it was in the earlier days. Even the simplest things don't work like you expect.
Resign IPA with developer account
This could be problematic due to entitlements. If the application uses them extensively then you would have to create provisioning profile containing all of them possibly also modifying the application binaries as some entitlements can't be recreated as is (like app groups and iCloud containers which are globally unique across all developer accounts).
Free developer account is even worse as it doesn't have access to some entitlements. You would have to examine the application signature and see which entitlements it uses and what the probability that it might work without them. For example, re-signing an app without SiriKit entitlement might cause a crash. When an app tries to access the API iOS will kill it due to missing entitlement.
You might heard about Cydia Impactor which does exactly that. But it actually does a pretty poor job of it. It doesn't preserve entitlements, so there's high probability that the app will crash. Pretty much all remotely complex apps use many entitlements. But it's worth a try anyway.
I think this tool maybe helpful for you: https://github.com/DanTheMan827/ios-app-signer.
If you wish to run app on iOS devices, a valid code signature is required unless that device is already jailbroken.
In fact, jailbreaking does not enable you to run un-signed code on iOS devices. It just allows you to install some plugin to tweak the system. You still need something like AppSync (https://github.com/angelXwind/AppSync) to bypass the system-level code signature verification.
So you have to sign you executable if you don't want to jailbreak. Xcode provides free app provisioning file that you only need a Apple ID and you can get a 7-day app provisioning to let you run the ipa.
Related
Recently I saw a website that include lots of AppStore applications and they resigned that applications via their Enterprise account and let people to download them directly to their iPhone/iPads.
I am wondering how they do this? I had resigned .ipa files that was created for Ad-Hoc via Enterprise; but how they resign AppStore applications with enterprise account too?
I am wondering for the answer because it is important and we should consider more security challenges for the case of resigning our appstore applications with enterprise accounts.
When an IPA is downloaded from the app store (including by Xcode), the binaries in that IPA are encrypted by Apple. Simply resigning these binaries will not work. One way to remove the DRM, and this may be illegal in your country, is to extract the unencrypted binary during runtime on a jailbroken device.
Note that when resigning apps, such services need to use a different provisioning profile than you originally used, and that provisioning profile will have a different bundle identifier than the one in your Info.plist. You can use tools such as TCMobileProvision to inspect and compare the two identifiers. This is a mouse and cat game, as they could actively look for that code and remove it statically, but you will most likely reduce the possibility of your app being resigned significantly.
Adding on to Leo's answer:
There are tools available such as Clutch to help decrypt the Apple signed binary on a jailbroken device at runtime. After decrypting the binary, you will need to figure out the app's bundle id and entitlements. Some versions of Theos (such as theos-jailed) come with an info tool that dumps the application entitlements. When regenerating your patched provisioning profiles, you must be sure your patched profile match the entitlements of the original profile used by the target app.
Everything after the decryption step can be accomplished without a jailbroken device. A jailbreak is required to remove the AppleFairplay DRM by dumping/decrypting the signed app by patching into the device's runtime.
I have need to bypass JailBreak detection in iOS application, for pt. I have patched/changed its few related parts e.g. where it is detecting cydia etc. And uploaded back to the iDevice to found that it is crashing.
Do I need to sign it-- even on Jailbroken phone? if so can I self sign it?
Or I am doing something else wrong?
Will appreciate your views
Yes, you need to re-sign it.
All iOS apps must be signed with an Apple issued cert on iOS.
On the iOS device, the user must also have selected \Settings\General\Profiles & Device Management\ for the Developer Cert to be trusted.
Re-signing a patched iOS binary (the iPA file) can be achieved a number of ways. Try this as a starting point: https://github.com/nowsecure/node-applesign/wiki
Since xCode 7 you could get a free developer cert to sign app bundles and frameworks. This free account works fine for patching and re-signing app.
As a sidenote: the same rule do not quite apply to Android. You must sign the Android app (the APK file). But a self-signed APK will work if the device has Allow Sideloaded App = true.
When I try to test my app on my jailbroken 5s I keep getting this error for some reason, it just started happening as well... I was able to test on my apps on my device this morning but now it doesn't work, and yes I tried restarting xCode.
Error message:
The identity used to sign the executable is no longer valid. Please
verify that your device’s clock is properly set, and that your signing
certificate is not expired. (0xE8008018).
My device time is set to automatic so I don't see how it could be incorrect, and the certificate is still valid, I just made a new one...
Please don't tell me I need to pay the 99 dollar developer fee to do this. I am jailbroken and I will not do this, nor will I install app sync as I didn't need it installed before. I have already created a self signing certificate and everything, even edited all the plist files and changed the build settings in my app, nothing works.
Did you try to reverify the device in Xcode? If not try that. Else something tells me the system discovered your self made certificate.
You can't use self-signed certificates with Xcode to my knowledge. You must use an Apple-issued certificate to publish using Xcode. There are special ways to install self-signed apps on jailbroken phones, and Xcode isn't one of them. In theory, you could modify the Xcode project's build procedure to use this special method, but it really isn't worth the hassle in my opinion. If $99 is honestly too much for you to have access to Apple's awesome developer community, then Android will always accept new developers. Just remember that $99 is not much money for most in the developed world, and if you own a Mac and an iPhone (or several) then you certainly can afford it, and it's definitely worth the money considering what it gets you.
I've been browsing the internet for a solution to this issue and have found plenty of threads about the same problem, but there was either no solution found or the ones proposed didn't work.
I followed along with the tutorial linked in the iOS text file in the Air project template for FlashDeveop. Since I do not currently have an iOS device, I've been sending the IPA to a coworker to have him test it. When he attempts to load the application onto the iTouch, he gets an "app failed to install" with no further information on why it failed. Does anyone know what could cause this?
Here's what I've already done/checked:
made sure the app ID in the apple portal matched the ID in the application.xml
sent my co-worker the provision profiled used to create the IPA
tried the test targets (fast test, fast debug, etc) as well as an "ad-hoc" build
recreating the certificates
Its also worth noting that the app runs fine on my Android device, so I'm fairly certain that I've missed something in the certification process for iOS.
Yeah sounds like a provisioning problem. Make sure the UDID of all devices you are targeting are in each listed provisioning profile (Note: You will need to add any additional UDID's added to the developer portal again to any provisioning profile).
Although I strongly recommend using Testflight for your circumstance, makes sending an .ipa extremely easy. https://testflightapp.com/
My outside developer insists that it is best practice for me to obtain the certificate and to provision for testing from my computer. That seems different than what Apple recommends. One of her reasons is that with Adobe Air she otherwise does not need Xcode. Is she right?
To complicate matters, I do not have a Mac. I can borrow one at will so I have access to a Mac. However, I'd strongly prefer not to install Xcode on it. My developer believes that there is a way to use the keychain without Xcode. Is that possible and how would I do it?
If the app is successful, I'll break down and get a Mac. At that point, will it be easy to transfer the keychain to the new Mac?
Search in Spotlight for "Keychain Access." That is your keychain. Yes, you can transfer things from system to system via exporting p12 files. What exactly are you asking? You haven't really given any details about your situation. You need a provisioning profile with a valid certificate that has the device in question added to it in order to add anything onto a device in general (although I've heard that Adobe skirts this somehow...).