If we want to resign a simple iOS app the first thing we’ll need it’s an Apple certificate installed in our Keychain and a Provisioning Profile linked to it. For this process we’ll need to have Xcode in our Mac.
We’ll start decompressing the .ipa file, for that we open a terminal in the path where we have stored the ipa and we execute the following command
unzip -q filename.ipa
Next we create the entitlements from the .mobileprovision file we created in the Apple developer portal
/usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i ./name.mobileprovision) > entitlements.plist
With this we’ll have everything we need to resign the app.
Before resigning we remove the data from the current signature:
rm -rf “Payload/AppName.app/_CodeSignature"
and replace the embedded mobile provision with our own one
cp ./name.mobileprovision embedded.mobileprovision mv embedded.mobileprovision “Payload/AppName.app/"
There’s only the signing left to be done using the previously generated entitlements :
/usr/bin/codesign -fv -s “CommonNameOfCertificate" "Payload/AppName.app/AppName" --entitlements entitlements.plist
It’s worth saying that in case of having Swift support applying this same commandto resign all the included .dylib files included in the Payload/AppName.app/Frameworks folder is mandatory.
For this the identity used is the installed certificate’s “Common Name”
That bing don we can compress the app again
zip -qr ResignedApp.ipa Payload
And we’ll have a redy to install .ipa.
In future tutorials we’ll cover more advanced cases like for example apps with keychain access groups, app extensions or making changes to the app’s identifier.