How to re-sign an iOS app 101

If we want to resign a simple iOS app the first thing we’ll need it’s an Apple certificate installed in our Keychain and a Provisioning Profile linked to it. For this process we’ll need to have Xcode in our Mac.

We’ll start decompressing the .ipa file, for that we open a terminal in the path where we have stored the ipa and we execute the following command

unzip -q filename.ipa

Next we create the entitlements from the .mobileprovision file we created in the Apple developer portal

 /usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i ./name.mobileprovision) > entitlements.plist

With this we’ll have everything we need to resign the app.

Before resigning we remove the data from the current signature:

 rm -rf “Payload/"

and replace the embedded mobile provision  with our own one

cp ./name.mobileprovision embedded.mobileprovision

mv embedded.mobileprovision “Payload/"

There’s only the signing left to be done using the previously generated entitlements :

    /usr/bin/codesign -fv -s “CommonNameOfCertificate" "Payload/" --entitlements entitlements.plist

It’s worth saying that in case of having Swift support applying this same commandto resign all the included .dylib files included in the Payload/ folder is mandatory.

For this the identity used is the installed certificate’s “Common Name”

That bing don we can compress the app again

zip -qr ResignedApp.ipa Payload

And we’ll have a redy to install .ipa.

In future tutorials we’ll cover more advanced cases like for example apps with keychain access groups, app extensions or making changes to the app’s identifier.

1 thought on “How to re-sign an iOS app 101”

  1. Hi,

    Did you ever get around to the more complex article? In this article you say to re-sign all the .dylibs in the Payload/ folder, but what about the SwiftSupport/iphoneos folder? And how would one do that?

Leave a Comment

¿Necesitas una estimación?

Calcula ahora