Ipa re-signature and ipa Signature

Ipa re-signature and ipa Signature

Why do we need to study the problem of re-signature?
After the program is packaged into an ipa package, the ipa package contains files such as Provisioning Profile and _ CodeSignature, including signature information for the entire ipa. Once you change any content in ipa, such as adding a header file, the signature will become invalid, and ipa cannot be installed. (It seems that changing Info. plist will not be affected)
Therefore, if you want to tamper with information or inject code by modifying the content of the ipa package (for example, adding a dynamic library), you need to solve the problem of re-signing the ipa package.

Preparation
Make some preparations before re-signing.
1. First download and install Xcode, which contains a codesign_allocate program. During installation,/usr/bin contains a codesign program, which is used to sign the ipa package.
2. The Certificate file, private key file, and Provisioning Profile file of the enterprise Certificate. Note that enterprise certificates must be of the iOS Distribution type and cannot be iOS Development. For other detailed settings, such as In-House, see http://beyondvincent.com/blog/2014/07/30/provision-ios-ipa-app-for-in-house-enterprise-distribution/

Procedure
1. Decompress ipa
Decompress ipa to get Payload/[App name]. bundle and open the bundle.

2. Delete the old ipa signature information
Delete the _ CodeSignature folder in the bundle, that is, delete the signature information of the previous ipa.

3. Change Certificate
Delete the old Provisioning Profile in the bundle and use the Provisioning Profile of our own enterprise certificate.
Note that you need to rename our enterprise certificate in the ipa package to embedded. mobileprovision.

4. Modify bundle content
In this case, we can modify the content in the bundle as much as possible, such as adding a dynamic library and deleting an image.

Note: to add a dynamic library to the bundle, you must first compress it into a zip file and decompress it to the DRIVERS directory when the program starts, and then dlopen, otherwise, the dynamic library file will be stuck when the program starts.

5. re-sign
After modifying the bundle content, you need to re-sign it through the/usr/bin/codesign program. The command is as follows:

/usr/bin/codesign -f -s "iPhone Distribution: YourCompanyName" --resource-rules Payload/ MYAPP.app/ResourceRules.plist Payload/ MYAPP.app

The iPhone Distribution can be Key string accessIs the name of the enterprise certificate, for example, the following "iPhone Distribution: XXXXXXXXXX ":

Command example:

codesign -f -s "iPhone Developer: XXXXXXXXXX" --resource-rules Payload/NdCP_Game_Demo.app/ResourceRules.plist Payload/NdCP_Game_Demo.app

This command indicates the certificate identified by "iPhone Developer: XXXXXXXXXX" in the keychain, according to Payload/NdCP_Game_Demo.app/ResourceRules. the rules in the plist file are signed. If there is a signature in the ipa package, it will be replaced. The _ CodeSignature directory generated in this process will be stored in the Payload/NdCP_Game_Demo.app directory.

After the command is executed, a new _ CodeSignature directory is generated in the bundle, which contains the new signature information.

6. Repackage it into ipa
After completing the above work, you can generate a new ipa for release. The example command is as follows:

Zip-r ResignTest. ipa Payload # note that the Payload cannot be followed by "/"

7. Release

After packaging and publishing tests, it is concluded that after the ipa Package content and the signature are modified, the re-signed ipa file can be successfully installed on non-jailbreaking devices and jailbreaking devices. Note that it is installed through a website with an SSL certificate and an Apple System (Enterprise Internal Distribution Program), not a third-party tool like the PP assistant.

References

Http://www.cocoachina.com/bbs/simple? T181236.html

Http://www.169it.com/article/15588355475122308384.html

Appendix
1. codesign

In the help document:

Codesign -- Create and manipulate code signatures

Codesign options:

-f, --force     When signing, causes codesign to replace any existing signature on the path(s) given. Without this option, existing signatures will not be replaced, and the signing operation fails.-s, --sign identity     Sign the code at the path(s) given using this identity. See SIGNING IDENTITIES below.--resource-rules filename   During signing, this option overrides the default rules for identifying and collecting bundle resources and nested code to be sealed into the signature. The argument is the path to a property list (plist) file containing scanning and qualification instructions. See the code signing documentation for details.

The usage is as follows:

Usage: codesign -s identity [-fv*] [-o flags] [-r reqs] [-i ident] path ... # sign       codesign -v [-v*] [-R testreq] path|[+]pid ... # verify       codesign -d [options] path ... # display contents       codesign -h pid ... # display hosting paths

Note: One of the posts in the CocoaChina Forum said that the use of keychain will be affected after re-signing. This step is to be verified and will be further explained later.


Valid ipa format signature for reading pandatv

I'm going to ask a friend, (* ^__ ^ *) Hey ......
 
Download ipa software. There is a series of code on the webpage. What does it mean to sign the app?

Is there a jailbreak? If you have escaped from jail, you may not have installed the javasnyc plug-in and ipa plug-in. You can find them in cydia. If you do not know about these things, go to weiphone to learn, the top posts there are all clearly stated. I got out of the white box on the first day I got the camera, because I read those posts on weiphone.