If we want to resign a simple iOS app the first thing we’ll need it’s an Apple certificate installed in our Keychain and a Provisioning Profile linked to it. For this process we’ll need to have Xcode in our Mac.
We’ll start decompressing the .ipa file, for that we open a terminal in the path where we have stored the ipa and we execute the following command
unzip -q filename.ipa
Next we create the entitlements from the .mobileprovision file we created in the Apple developer portal
/usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i ./name.mobileprovision) > entitlements.plist
With this we’ll have everything we need to resign the app.
Before resigning we remove the data from the current signature:
rm -rf “Payload/AppName.app/_CodeSignature"
and replace the embedded mobile provision with our own one
cp ./name.mobileprovision embedded.mobileprovision mv embedded.mobileprovision “Payload/AppName.app/"
There’s only the signing left to be done using the previously generated entitlements :
/usr/bin/codesign -fv -s “CommonNameOfCertificate" "Payload/AppName.app/AppName" --entitlements entitlements.plist
It’s worth saying that in case of having Swift support applying this same commandto resign all the included .dylib files included in the Payload/AppName.app/Frameworks folder is mandatory.
For this the identity used is the installed certificate’s “Common Name”
That bing don we can compress the app again
zip -qr ResignedApp.ipa Payload
And we’ll have a redy to install .ipa.
In future tutorials we’ll cover more advanced cases like for example apps with keychain access groups, app extensions or making changes to the app’s identifier.
Hi,
Did you ever get around to the more complex article? In this article you say to re-sign all the .dylibs in the Payload/AppName.app/Frameworks folder, but what about the SwiftSupport/iphoneos folder? And how would one do that?